Kali Linux on Windows 10
https://www.microsoft.com/en-us/store/p/kali-linux/9pkr34tncv07?rtc=1#
Has anybody installed this yet? What are your opinions? Essentially, it's a barebones shell and you have to install the tools after the fact. It means not having to use a virtual machine. Is it ready for prime time?
Has anybody installed this yet? What are your opinions? Essentially, it's a barebones shell and you have to install the tools after the fact. It means not having to use a virtual machine. Is it ready for prime time?
Comments
-
yoba222 Member Posts: 1,237 ■■■■■■■■□□Not sure how to feel about this. I don't have convenient access to Windows 10 and won't any time soon, so I haven't installed it.
: Dons tin-foil hat :
On one hand, maybe this is a win for society in general from the perspective of catching script kiddies up to no good. Said script kiddies a install gimped down version of Kali in Windows 10, an OS that has key stroke logging baked in (Microsoft rewords the EULA and privacy policy to describe this "feature" more vaguely these days, but the wording is still there).
But then again, I don't think whatever agency that can take advantage of this feature will do so yet for something so trivial. The data sniffing features are probably not there to catch criminals and are there instead to make money off of datamining.
Good luck to Microsoft in figuring out how to actually do that in a competent manner--they can't even figure out how to sell a phone correctly. Hanlon's razor and all.
On the other hand, this is a bit of a lose for Linux and for open source in general. Microsoft remains as an unconvicted monopolist at-large. This can't be a good idea from that perspective.
But then again, Microsoft didn't write this, Offensive Security (the creators of Kali Linux) did.
: Doffs tin foil hat :A+, Network+, CCNA, LFCS,
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP -
tedjames Member Posts: 1,182 ■■■■■■■■□□Yeah, I'm a little concerned because it's Microsoft. Then again, as you say, Offensive Security created it. Who knows if anything transpired between the two companies? Probably not. It's ok to be a little paranoid. Good point about data mining. I doubt it, but I wouldn't be surprised. Maybe I'll install Windows 10 on a VM and then install Kali Linux inside that Windows 10 VM...
Re: script kiddies, what's to stop them from just installing a free VM and Kali? It's not that hard. There's plenty of free instruction on YouTube. -
NetworkNewb Member Posts: 3,298 ■■■■■■■■■□I'll probably give this a try this week. Thanks for the share!
-
thedudeabides Member Posts: 89 ■■■□□□□□□□Interesting. I currently have a Kali VM in VMWare Workstation on Windows 10, which works fine for me. But I might have to give this a try anyways.2019 Goals: CCNP R&S
-
Mike7 Member Posts: 1,108 ■■■■□□□□□□It works; to a certain extent.
Do remember to add anti-virus exclusion when installing packages.
There is no systemd; so you will have to start programs such as postgresql manually before running say metasploit.
Most of the command line utilities work. You can install xrdp server and RDP in to get a UI; there is a guide on Kali web site.
However, there is no raw socket support so tools such as nmap and hping3 does not work as expected. -
LonerVamp Member Posts: 518 ■■■■■■■■□□It doesn't have any business replacing an actual install or VM for me.
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs? -
NetworkNewb Member Posts: 3,298 ■■■■■■■■■□Obviously not "needed" but looks interesting to try out to see how well it works imo. My curiosity will give in and give it a go.
-
mrkdisk Member Posts: 18 ■■■□□□□□□□Tried it and didn't like it. It kept setting out my anti-virus program. So I went back to VM.
-
PC509 Member Posts: 804 ■■■■■■□□□□I have a dedicated laptop for it, but I'm installing it on my Win10 machine for shits and giggles. Just to play with. Might as well know all the toys and their limitations just in case I run across it in the future and am forced to use it...
Or, maybe someone has it installed on a vulnerable machine and it's another way to exploit their network. If they have the tools available to me from within their own network, it makes things a lot easier.
But, from an end user perspective, I'll use it just to play around with it. -
NetworkNewb Member Posts: 3,298 ■■■■■■■■■□Tried it and didn't like it. It kept setting out my anti-virus program. So I went back to VM.
Yea their article mentions that will happen: https://www.kali.org/news/kali-linux-in-the-windows-app-store/
"[FONT="]Note:[/FONT][FONT="] Some Kali tools are identified by antivirus software as malware. One way to deal with this situation is to allow antivirus exceptions on the directory in which the Kali chroot resides in. "[/FONT] -
tedjames Member Posts: 1,182 ■■■■■■■■□□Thanks for the info. It appears that the normal, tried and true methods are still best.
-
beads Member Posts: 1,533 ■■■■■■■■■□Say wha? A MS version of Kali? What pray tell is the point of a penetration distro with NO TOOLS installed? I am sure this is reassuring to the rest of the community of people who wear tin foil hats and think that they have the world in there hands because they have "sekretly" downloaded a copy of Kali. Use your secret decoder ring to decipher the message between the quotes.
Yeah and the FBI now has to make more room in cabinet to store your file. Its getting thicker, just ask them. Nothing but trouble for these people.
A neutered version of Kali - nice. Go for it.
- b/eads -
NetworkNewb Member Posts: 3,298 ■■■■■■■■■□What pray tell is the point of a penetration distro with NO TOOLS installed?
All the penetration tools are all still located right in the Kali software repository. Where they are not all located in the other Linux distributions repositories. Takes one line to pick and choose which ones you'd like installed. -
shochan Member Posts: 1,014 ■■■■■■■■□□Have you tried Parrot OS?
www.parrotsec.orgCompTIA A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+, ISC² CC, ISC² SSCP