Loi Liang Yang

Top 10 Things To Do After Installing Kali Linux

The video walks viewers through the first ten practical steps after installing Kali Linux, emphasizing hands‑on reconnaissance rather than passive watching. It begins with Nmap, showing how to scan a local subnet (e.g., 192.168.0.0/24) on public Wi‑Fi, add fast‑scan flags, and identify live hosts and open services. The presenter then demonstrates using Nmap scripts to enumerate SMB shares on port 445, connecting to exposed folders with smbclient, and leveraging the Zenmap GUI for visual topology and quick‑scan presets. Key insights include chaining tools: after spotting a vulnerable service, Hydra is used to brute‑force SMB credentials with common username/password lists, successfully retrieving passwords like “12345678.” The tutorial also covers the Social‑Engineering Toolkit to spin up fake login pages for credential harvesting, and OWASP ZAP’s automated spider and active scans that flag issues such as missing CSRF tokens and reflected XSS. Throughout, the host stresses permission and ethical considerations while showcasing real‑world examples on a hotel Wi‑Fi network. Notable moments feature a live demonstration of scanning a router’s port 80, accessing a printer’s web interface, and capturing credentials from a crafted phishing page that logs the victim’s email and password. The presenter highlights the speed of Zenmap’s 12‑second comprehensive scan and the ease of copying payloads from ZAP’s findings for manual testing, illustrating a seamless workflow from discovery to exploitation. The implications are clear: even a novice can transition from a fresh Kali install to active network penetration within minutes, underscoring both the educational value for aspiring ethical hackers and the heightened risk posed to unsecured public networks when such tools are misused. Proper training, permission, and awareness become essential as these capabilities lower the barrier to entry for real‑world attacks.