This tutorial is going to be focused on creating a live Kali Linux USB, and then adding persistent storage to it. Part 1 is meant to discuss why you should care. To get to the actual steps, skip to Part 2 [not yet written].
Don’t know what Kali is? Don’t know what LINUX is? Good for you, you probably lead a fulfilling life.
Linux is an open source operating system typically favored by dinosaurs that really can’t understand the 80’s are over and done. Sad stuff, really.
That being said, the customizability of an operating system that doesn’t get pissed off when you try to mess with its lower-level functions is undeniably useful. But you know why Windows and Mac don’t like you screwing with their shit? Because you’re gonna break it, you mongoloid. And then you’re gonna go on Twitter and roast Windows 10 for some dumb shit that could have been avoided if you weren’t such a fanatical advocate of the Hacker’s Manifesto.
In all seriousness, avoiding Linux is impossible in infosec and you need to be competent with it.
Kali Linux is a “distro” of Debian, which is a Linux-based operating system. You may already be familiar with Ubuntu, which is also a distro of Debian. Kali comes prepackaged with a whole suite of open source (and free versions of commercial) penetration testing tools and applications.
“So why am I messing with HARDWARE End3r? Why aren’t I dicking with Linux in a virtual environment? Why run it live when I can just install it as a VM?”
First of all, you don’t ever want to be the “I’m not a hardware guy” guy. Secondly, you should be doing that too (and I intend to make virtualization tutorials). Most importantly, you can’t easily bring your VMs with you. Kali is designed to be run live, right off of bootable media like a flash drive or a CD (if they still makes those). The benefit to this is — in most cases — you can plug it into any computer and boot into Kali, without booting into the host operating system. This is extremely useful for penetration testing, especially on-site pentesting, because you can bypass a host operating system’s password protection, and boot right into your own custom operating system with a plethora of hacking tools, and already be on the target network. No self-respecting pentester is walking around without a Kali flashdrive burning a hole in their pocket. And you’re that kind of poser, so you need one too. Not everyone is going to have the opportunity to have a physical security penetration test fall in their laps like I did [insert link to anecdotal post], but there are practical applications to carrying one of these bad boys around.
Booting live means you’re booting straight into a fresh, out of the box version of Kali, like installing it for the first time. But you’re not installing it. You’re not physically altering the host machine’s storage whatsoever. You’re running it in memory, right off the stick. Any changes you make will not persist on reboot. That’s not really a big deal when you’re running Wireshark or whatever the hell else and just observing/collecting data. Obviously you need to exfiltrate any pertinent data before shutting down. However, you can set up persistent storage, in which the changes you make will persist upon rebooting. Effectively converting the excess space on the flashdrive into a hard drive for Kali to use as storage. This means custom wallpapers and aliases and proprietary memes can all be forever stored on your pocket pentesting kit.
I’ve needed this for a lot of my classes. I imagine anyone reading this is probably making it for school or for funsies, not because they’re actually a penetration tester that needs Kali on the go. The instructions on Kali’s website are pretty detailed, they seem to be written in a way that already assumes the reader knows wtf they’re doing. They’re also pretty dated, and the example commands are relative to the tutorial creator’s many variables (that’s not specified in the tutorial anywhere). For someone literally experiencing entering terminal commands for the first time, they’re not gonna know what commands aren’t to be copied verbatim. Therefore, I’ll also be explaining what’s going on with each command you’re entering. For all intents and purposes, I’m going to assume you’re retarded. And that’s a good thing… trust me. If all the tutorials I make were explained to me the same way I’m explaining them to you, I wouldn’t be wasting my time writing them to begin with because I’d probably have a job.