====== Kali Installation ======

To participate in a CTF you need some tools. \\
The most common Linux distribution for pentesting is Kali. It offers a lot out of the box.
If you are new to the topic we will guide you through the installation and the basic setup.

===== Installation =====

A VM is good enough for most cases
  * Download and install [[https://www.virtualbox.org/wiki/Downloads|VirtualBox]]
    * Install the VirtualBox Extension Pack if you want to use USB devices in the VM
  * Download [[https://www.kali.org/downloads/|Kali Linux]]
  * Install Kali linux in a virtual machine
    * [[https://www.youtube.com/watch?v=nO1Vy7HaRFI|Youtube Tutorial]]
  * login with the default password (root/toor)

===== Screen Resolution =====

To adjust the screen resolution automatically to the size of the window you need some tools 
<code>
apt-get update
apt-get -y upgrade
apt-get -y dist-upgrade
reboot
apt-get -y install virtualbox-guest-x11
reboot
</code>

===== Tools =====

==== Repository ====
You want to be prepared for some of the challenges and have some applications ready
Some tools are in the repository, but not installed by default in some Kali versions (ARM)
<code>
apt-get -y install screen vim zsh autossh tor \
unrar p7zip-full \
htop nethogs iftop ifstat lshw \
tcpdump dnsutils telnet \ 
nfs-common cifs-utils wmic \
masscan dnsenum dnsrecon dnswalk cdpsnarf dirb wordlists \ 
metasploit-framework \
mitmproxy dsniff sslstrip sslsplit bettercap ettercap-text-only dnsspoof
</code>

==== Webserver ====
In some challenges it is handy to have a webserver with php support ready
<code>
apt-get -y install nginx-light php5-fpm
cat <<EOF > /etc/nginx/sites-available/default
server {
   listen 80 default_server;
   #listen [::]:80 default_server;
   server_name it-department.internal;
   root /var/www/html;

   index index.html index.htm;

   # PHP
   location ~ \.php$ {
      include snippets/fastcgi-php.conf;
      fastcgi_pass unix:/var/run/php5-fpm.sock;
      include fastcgi_params;
   }
}
EOF
systemctl disable nginx
systemctl disable php5-fpm
</code>

===== Configure =====

==== Metasploit ====
<code>
msfdb init
msfupdate
msfconsole -x db_rebuild_cache
</code>

==== Openvas ====
<code>
openvas-setup
</code>

===== Cleanup =====
<code>
apt-get clean
apt-get autoclean
</code>