back to article Pentesters' fave Kali Linux turns 10 with version 23.1

The developers of specialized security-testing distro Kali Linux have released the first version of 2023, which marks the project's tenth anniversary… but only in this incarnation. The new version, release 2023.1, appears exactly one decade after version 1.0 was released on March 13th 2013. Kali Linux is a rebuild of an …

  1. 42656e4d203239 Silver badge
    Pint

    Free as in Beer

    Kali has always been an excellent distro.

    Runs on almost anything; does exactly what it says on the tin.

    I know some people would demand that for Kali's use cases, one should compile everything from scratch on hardware you have built yourself without PRC/NSA hardware/firmware backdoors, from personally vetted source code, but, as a commodity distro, for those use cases, there is probably none better.

    Lots of other software/distros should take a look and learn from the best (I agree that's arguable, but in terms of swept-up-ness and setup, at least, its a hill on which I am willing to if not die on then sit quietly on, listening...)

    Beer because Kali deserves one on it's 10th/17th/18th birthday.

    p.s. first I used was 0.9(ish) and have kept a 'weather eye' on it ever since.

    1. Anonymous Coward
      Anonymous Coward

      Re: Free as in Beer

      ... for Kali's use cases, one should compile everything from scratch ...

      Indeed ...

      I would not use it as a my desktop distribution unless I was able to do that, which I am not.

      Much more so taking into account that it is a systemd enhanced distribution.

      Which begs the question for Liam: why are systemd-less distributions all but absent from your reviews?

      Best,

      .

      1. Primus Secundus Tertius

        Re: Free as in Beer

        It does not beg the question, it raises the question.

        To beg the question means to assume in advance what you are purporting to prove, as opposed to simply asking.

        1. John H Woods

          Re: Free as in Beer

          I think, regrettably, that ship has sailed.

          Bit of a nuisance having to say "assuming the very point that is at issue" or use "petitio principii" and have everyone diss you for using Latin.

        2. Anonymous Coward
          Anonymous Coward

          Re: Free as in Beer

          It does not beg the question, it raises the question.

          Indeed ...

          But, you may want to consider that I was wanting to avoid actually asking the question itself.

          ie: WTHF does Liam avoid systemd-less distributions?

          .

          1. FrogsAndChips Silver badge

            Re: Free as in Beer

            Maybe you should look harder?

            https://www.theregister.com/2022/11/03/nitrux_25/

            https://www.theregister.com/2023/02/13/chimera_non_gnu_linux/

            https://www.theregister.com/2022/08/31/mx_linux_212/

            1. Liam Proven (Written by Reg staff) Silver badge

              Re: Free as in Beer

              [Author here]

              Thank you @FrogsAndChips!

              To which I would add, off the top of my head:

              https://www.theregister.com/2022/05/26/alpine_linux_316_released/

              And a section here:

              https://www.theregister.com/2022/07/18/disentangling_the_debian_derivatives/

              And from my esteemed colleagues:

              https://www.theregister.com/2017/04/22/devuan_1_0_0_released/

              https://www.theregister.com/2020/06/03/devuan_beowulf_30/

              And so on.

              I think they get a disproportionate amount of coverage relative to their market share, TBH. I am largely neutral on systemd, because happily for me, I don't run any xNix boxes in production any more. OTOH, systemd _regularly_ breaks bootup and/or shutdown on my various computers, so... :-\

              But for better or for worse, it has taken over the mainstream Linux world more or less totally at this point. Chimera may be the most sophisticated alternative to it so far, and deserves more attention.

              The thing is this: the critics of systemd do not properly and fully address why it is doing so well. They typically complain that it is a creeping weed that is taking over more and more of the systems' functionality.

              That is not the point.

              There are many alternative init systems out there.

              That is not the point either.

              The point is that systemd does a lot of additional things other than the simplest of init fuctionality because there are advantages to doing those things. It is extending the functionality and integration of the OS. That is, overall, a good thing.

              So *yes* there are other inits, but they do a lot less, and that means more manual work and more complexity to maintain.

              It is 2023.

              For example: computers do not sit on the end of a single Ethernet cable any more. They have Ethernet -- unless they're a £2000 high-end Thinkpad, anyway -- *and* wifi with ½ a dozen hotspots memorised, some with IPv4, some with IPv6, some with both -- *and* Bluetooth *and* occasionally a tethered connection to a mobile phone *and* a GSM slot and a WWAN slot which may sometimes also acquire addresses, which may or may not be routable and may or may not have internet uplinks of various speeds.

              You do not get to statically set a single static IPv4 address (and a netmask and a gateway and a single DNS) and use it for life. You can do that, if you disable a whole bunch of stuff, and then as soon as you get a new router your computer breaks.

              They have multiple graphics cards. Some output to screens. Some output to _other_ graphics cards. Sometimes the 2nd GPU also outputs to the USB bus which must carry 2 duplexed display signals to a docking station, and must also dynamically report back the speeds and resolutions of those screens to the GPUs in the computer. Although the GPU might be on the end of a USB or Thunderbolt bus. You don't know, not even at bootup.

              Every time you plug in a USB headset you are adding a new sound card (and mic and outputs) to the computer, with different hardware codecs in it, and all audio must be rerouted to that, or both, under user control, and when you unplug it, all that must be rerouted back to the onboard one.

              Windows 2000 was a lot bigger and more complex than NT 4. NT 4 ran quite well in 32MB of RAM, and Win2K ran poorly in 128MB of RAM and really wanted 256MB.

              But everyone forgets that NT4 wouldn't even boot if you changed the IRQ on the SCSI controller, and it had no USB.

              Win2K had to be rewritten to understand that the disk controller could disappear at any moment and the system boot disk might reappear on another different controller, at any moment, with 200 processes running with open files.

              That was _easy_ compared to a 2023 computer, which shipped with multiple GPUs, multiple disk controllers, multiple sound devices, all appearing and disappearing constantly according to power management and docking stations and adding a hub with 64 new devices attached including 3 more hubs, all with different bandwidth levels and bitrates.

              This stuff is hard.

              The SysV init does not handle this stuff. It can't even handle "oh this box has 4 CPUs, let's parallelize the daemons loading then."

              But now, your machine may have a mixture of fast CPUs and slow ones, their clock speeds vary *constantly* and some may get turned off sometimes, and some share cache and some don't, and some don't even see all the same RAM as the others. Oh, and BTW, some of the RAM is nonvolatile.

              This is complex. Computers are way, way more complex now. A bunch of bash scripts with numbers in the filenames so some run before others *does not cut it any more.*

              Chimera is addressing that. The developer is trying to bring across FreeBSD's logic -- a far smaller, simpler OS -- for handling _some_ of this.

              All the people punting SysV init and initrc and so on want to ignore all this hard stuff and make it go away.

              Well, it won't.

              Ordinary people want to plug a headset into a mic socket (same sound card, different output) or into a USB socket and have the sound just come out of the new device regardless of what kind of socket it is. They want to plug a laptop into a bus docking station or a USB-C one or a Thunderbolt one, and have all those screens work, and for the music to keep playing when they unplug and walk away.

              They do not give a monkey's about init systems. They want it to just work, and work faster.

              Nostalgic for Solaris? Well Solaris never had to cope with all this, and Sun switched to SMF in place of init in *2005.*

              But Macs are Unix and Mac Just Work™? Mac OS X introduced launchd in... oh look, *2005*.

              Systemd appeared in 2010.

              Linux needed this stuff, was playing catch-up for half a decade, and it does more than ever, and it's not going away.

              Want to replace systemd? Then replace it with something better that does everything systemd does. Don't rip it out, put in some 1970s tool instead, and expect things to improve.

              1. Alistair
                Pint

                Re: Free as in Beer

                Okay --

                I might give you a hard time once in a while about WINE and such, and I'm no huge *fan* of systemd, but this is one of the better rebuttals of the "systemd is poison" crowd.

                I'll swap my icon for one of these ->

                you deserve one Liam

  2. steviebuk Silver badge

    Backtrack

    Been using it on and off since the Backtrack days. I'm not an expert, not even an amateur, I just fiddle now and then. I remember back in 2008 I was interested in it for WIFI sniffing and pointed out to the NHS trust I was working at, to the 3rd line engineers "Why are we using WEP still on the corporate WIFI. Its really easy to crack the password? There are flats over the road, I wonder how many of them are using it in the evenings". The reply was "But we're using 128bit WEP, its fine". I gave up reporting issues, being the temp engineer I was frequently ignored. Much like pointing out the flaw in Safeboot where I kept a laptop back that had me logged in just fine, past Safeboot. If I ever ran into a laptop that locked my Safeboot account, I'd boot up the spare which would unlock my account, instead of waiting ages for them to unlock me (as we weren't given permissions to do it ourselves but could be trusted to install machines in hospitals and GP surgeries. The reason I can't stand the IT culture in the NHS). Reported this, was told "Its fine the way it is". When I eventually left an engineer who stayed said "They finally admitted you were right with the Safeboot setup. They'd incorrectly set it so the laptop won over the server, they've now switched it, closing the flaw you pointed out".

  3. Al fazed
    FAIL

    Unsavoury

    Hmmm, sounded great in the article, especially versions for Android phones.

    Well that was a little nightmare. Won't be doing that again in a hurry.

    The NetHunter I installed lasted 5 minutes. The first annoying shite was "this is your chance to win digicoins, Argos vouchers...........oh FUCK, what have I done. OUT you come.

    Yes, I won't be doing that again in a hurry.

    ALF

    1. Anonymous Coward
      Anonymous Coward

      Re: Unsavoury

      From the play store with the clearly clickbait "with ads" and "early adopter" or the link in the article to the actual Kali NetHunter with the requirements to start at AOSP/LineageOS on a supported device?

      1. sten2012

        Re: Unsavoury

        Having used backtrack chroot on android and then Nethunter when it was first released it was completely ad free (except IIRC it did recommend a specific non-free APK upgrade for enhanced functionality, but I wouldn't even call that advertising, twas completely honest and upfront), I had no idea what OP was on about, thanks for clarifying.

        Was playstore just squatting on the name then?

        1. Anonymous Coward
          Anonymous Coward

          Re: Unsavoury

          Yep - search NetHunter, top pick is "Kali Nethunter" by RHG LTD INC with a massive 100 downloads.

          There are a couple of quick guides both with ads to.

          For me seeing it used ads was a straight indicator it is not a hardened/pentest app.

          Just waiting for it for my AstroSlide

  4. IceC0ld

    had it dual booted on a laptop with MINT / Cinnamon for a long while now, but sadly, haven't so much as looked at it in years :o(

    may actually log in, and update - both :o) - just for old times sake, and to try and recall when I too, was sort of cool LOL

    serious side - it really was the best out there for all the tools it contained ready loaded, you 'just' needed to learn them and use them, I USED to be able to get around a network at a fairly deep level, tody, I barely scratch the surface, my job is no longer anything like techy, and I DO miss that bit, so again, lets fire the beasty up, and update and go play :o)

    and long may Kali live on, here's to the next 10 / 17 - 18 years :o)

    1. IceC0ld

      OK, so I TRIED to log in and play

      repeat - TRIED :o)

      forgot password, no biggie, I keep a mnemonic check list that DID actually hold the info

      next, still no access, took me 30 mins before I recalled I use ADMIN as user ffs

      SO, I am now in, and it looks SO strange now, and also, even though I did install a quick updater - back when I was l33T :o)

      I can niot for the life of me figure out the commands now, so .....

      TL/DR I tried and failed

      will try again, it did remind me of days when IT was still an adventure, but it may be for when I actually retire - 65 soon, VERY soon :o( - will leave me plenty of time to play around and find out :o)

      but the laptop too, it WAS a beast back then, now, it is barely able to fire up :o) so possibly a new laptop will be on the cards as well ..............

      stay safe all

  5. This post has been deleted by its author

  6. 89724102172714182892114I7551670349743096734346773478647892349863592355648544996312855148587659264921

    After booting up the 32 bit Kali Linux Live .ISO on my Sony VAIO P a couple of weeks ago, I was presented with a login, and no username or password would work, and I tried every combination I could find reference to. So that didn't work :( I gave up eventually, as it seemed I needed another Kali Linux to get into that Kali Linux. It was the same result two versions down. The fact that it loaded faster than the latest 32-bit Linux Mint, had been encouraging. I was and remain rather disappointed.

    1. Liam Proven (Written by Reg staff) Silver badge

      [Author here]

      This took about 2sec on Google:

      https://www.kali.org/docs/introduction/default-credentials/

      1. Anonymous Coward
        Anonymous Coward

        Everything takes 2 seconds on Google if you happen to know the exact right thing to search for. Otherwise it has become pretty useless for real search.

        1. Liam Proven (Written by Reg staff) Silver badge

          [Author here]

          > if you happen to know the exact right thing to search for

          I used:

          kali default credentials

          I submit that's pretty obvious.

          In any event, I just booted the Kali install ISO on an existing VM, and it does not prompt for credentials. It's a Debian derivative and like Debian itself, it boots into the installation program. At the boot menu, it asks if you want a graphical or text install.

          So I don't know what ISO file Mr Verylongbunchofnumbers* downloaded and tried, and I am sorry but but think it was the wrong one.

          -----

          * From the comment-editing screen, I can't see the user ID to copy-and-paste it.

          1. 89724102172714182892114I7551670349743096734346773478647892349863592355648544996312855148587659264921

            The version I tried to boot live on the Sony VAIO P using a USB thumb drive, which I was impossible credential challenge presented with was: kali-linux-2022.4-live-i386.iso (also tried an eariler version, same result), but it's ok... I have given up on the idea, will use a PC with WiFi adapter and 64 bit Kali installation. I wanted to try a live version to assess it's speed. If it had been faster than Mint's live iso, it was a contender for general purpose Linux on the VAIO P, as well as serving home pentesting functions. Min when installed was too slow, glacial in fact, and only a bit faster than it's live iso.

            1. 89724102172714182892114I7551670349743096734346773478647892349863592355648544996312855148587659264921

              It really isn't worth bothering with - MX Linux works surprisingly well considering how old and puny the VAIO P is, and I can install various programs to do a Kali-esque pentesting job on my home network if needed. Using a more powerful machine for that, will be more effective anyway.

      2. 89724102172714182892114I7551670349743096734346773478647892349863592355648544996312855148587659264921

        > This took about 2sec on Google:

        > https://www.kali.org/docs/introduction/default-credentials/

        Those didn't work, neither did the others I found over several minutes - maybe it's a hacking test by the developers, which I failed lol. I tried both using EasyUSB, and in case there was a sneaky script locking Kali down and making mischief on the mSATA drive, wrote the LIVE ISO to a USB thumb drive using Rufus, to boot from that directly... and I still ended up looking at the same login screen, for which no username and password I could find worked. Also tried leaving the password blank, which didn't work either, neither did "demo" as the password. I wanted to pentest my home network, which I can do using another PC, so it's no biggie. But puzzling.

        1. 89724102172714182892114I7551670349743096734346773478647892349863592355648544996312855148587659264921

          ...and the checksums were fine, the ISOs hadn't been tampered with - I'll stick with MX Linux+XP+Win7 as tri-boot on the VAIO, and install Kali on another PC.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like