

BackTrack successor Kali Linux launched - maskofsanity
http://www.scmagazine.com.au/News/336420,backtrack-successor-kali-launched.aspx

======
rman666
Where's the distro? It doesn't seem to be up at <http://www.backtrack-
linux.org> yet.

~~~
rman666
Ah, ha! <http://www.kali.org/>

------
q3k
To be honest, I still don't see the need for such a distribution to exist, as
all the packages I ever needed during pentesting were available on Gentoo's
Portage. When I've tested it, the mental overhead of having to run it on a VM,
or even dual-boot it was quite annoying.

~~~
EthanHeilman
It was my understanding that you often need kernel patches to sniff traffic
over ethernet or wifi. Backtrack solves this problem by having a custom kernel
such that if you buy laptop with chipset A you can sniff traffic without
serious work.

My knowledge on this stuff is a little old, is this not the case anymore?

~~~
q3k
Not really much of a problem with the chipsets that I used (ralink ones) - the
stock kernel drivers work fine. But I do remember that there used to be some
problems with that.

The fact that I use a distro which allows me to painlessly integrate a custom
kernel into my system also helps - any sane patches could have been applied
without any problem.

------
ilconsigliere
Is pen testing as fun as it seems like it'd be? I want to get into it but
seems like a dangerous pool to jump into on your own.

~~~
freehunter
It's dangerous if you start running against production sites, or sites that
aren't fully owned by you. If you broke into Microsoft.com, for example,
expect a lawsuit. However, if you pair two machines together and run
Backtrack/Kali on one and something along the lines of Damn Vulnerable Linux
on the other and just attacked your own local network, it's fun, safe, and
informative.

I would actually encourage developers to learn about pen testing. If you know
how people are going to misuse your application, you know what to watch out
for when you're designing it. And trying to break your own app gives you some
new insight into what you're doing right and what you're doing wrong. You can
feel a sense of pride and accomplishment for every attack that fails to break
something.

------
wuest
Looks pretty sweet! I'll be digging in tonight.

Looks like there's even an official build for the ODroid U2! Sweet deal, I
happen to own two.

------
faster
Grabbed the torrent. The md5sum of the ISO doesn't match the one listed in the
included txt file. This concerns me a little.

~~~
tripzilch
did the same, also got a mismatch.

then I realized, that the hash in the txtfile is also _longer_ than the md5
sum, and facepalmed a little. with 40 hexdigits long, makes 160 bits, so it's
probably SHA1.

(crunch, crunch) ... and it matches. would've been nice if they'd mentioned
which algorithm they used so I didn't have to digest a 2GB file twice. we
can't be the only people that don't immediately eyeball the difference between
a 32 and 40 digit random hex code :)

------
zozu
Time to slap in in VirtualBox tonight and start to tinker with it.

------
ErikRogneby
With the ARM/Raspberry PI support I fully expect to see this get productized
in to a low cost "pentest in a box".

~~~
amckenna
yeah it would be great to see a low cost version of the products offered by
pwnie express such as <http://pwnieexpress.com/products/pwnplug-wireless>

~~~
runjake
That is OffSec's goal with this. They were on a recent infosec podcast and
specifically mentioned providing a low cost alternative to the PwnPlug using
hardware like the RaspPi.

