Thursday, October 24, 2013

Downloading Kali Linux

Downloading Kali Linux

Download Official Kali Images

Official Kali Linux Images

ISO Files

Kali Linux is available as a bootable ISO in both 32 and 64-bit formats.

VMware Images

Kali is available as a pre-made VMware virtual machine with VMware Tools installed. The VMware image is available in a 32-bit PAE format.

ARM Images

Due to the nature of the ARM architecture, it is not possible to have a single image that will work across all ARM devices. We have Kali Linux ARM images available for the following devices:
  • rk3306 mk/ss808 
  • Raspberry Pi 
  • ODROID-U2/X2 
  • MK802/MK802 II 
  • Samsung Chromebook
Download Link: http://www.kali.org/downloads/

Verifying SHA1 Checksums of Downloaded Images

When you download an image, be sure to download the SHA1SUMS and SHA1SUMS.gpg files that are next to the downloaded image (i.e. in the same directory on the server).

 Ensure the Origin of the SHA1SUMS File
 
Before verifying the checksums of the image, you must ensure that the SHA1SUMS file is the one generated by Kali. That’s why the file is signed by Kali’s official key with a detached signature in SHA1SUMS.gpg. Kali’s official key can be downloaded in one of two ways:

$ wget -q -O - http://archive.kali.org/archive-key.asc | gpg --import 

# or 

$ gpg --keyserver subkeys.pgp.net --recv-key 44C6513A8E4FB3D30875F758ED444FF07D8D0BF6

Once you have downloaded both SHA1SUMS and SHA1SUMS.gpg, you can verify the signature as follows:

$ gpg --verify SHA1SUMS.gpg SHA1SUMS 
gpg: Signature made Thu Mar  7 21:26:40 2013 CET using RSA key ID 7D8D0BF6 
gpg: Good signature from "Kali Linux Repository <devel@kali.org>"

If you don’t get that “Good signature” message or if the key ID doesn’t match, then you should stop the process and review whether you downloaded the images from a legitimate Kali mirror. If the SHA1SUMS file is the one provided by Kali, then you can verify that the image downloaded has the required checksum. You can either generate the checksum and do a manual comparison with what’s listed in SHA1SUMS or use a tool that knows how to verify those checksums. 

 TODO: explain how to use GPG on OS X and Windows. See https://www.torproject.org/docs/verifying-signatures.html.en for inspiration.

Verifying SHA1 Checksums on Linux

 With a manual comparison:

$ sha1sum kali-linux-1.0-i386.iso 

796e32f51d1bf51e838499c326c71a1c952cc052  kali-linux-1.0-i386.iso 

$ grep kali-linux-1.0-i386.iso SHA1SUMS 

796e32f51d1bf51e838499c326c71a1c952cc052  kali-linux-1.0-i386.iso

By using sha1sum -c:

grep kali-linux-1.0-i386.iso SHA1SUMS | sha1sum -c 

kali-linux-1.0-i386.iso: OK

Verifying SHA1 Checksums on OSX

With a manual comparison:

$ shasum kali-linux-1.0-i386.iso 

796e32f51d1bf51e838499c326c71a1c952cc052  kali-linux-1.0-i386.iso 

$ grep kali-linux-1.0-i386.iso SHA1SUMS 

796e32f51d1bf51e838499c326c71a1c952cc052  kali-linux-1.0-i386.iso

Verifying SHA1 Checksums on Windows

Windows does not have the native ability to calculate SHA1 checksums so you will need a utility such asFree MD5 SHA1 verifier to verify your download.




Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)