Welcome back, my newbie hackers!
Recently, I "upgraded" to Kali as my hacking platform, despite my preference for BackTrack. I did this reluctantly, primarily because new readers here could no longer download BackTrack from their site. I want to point out here that we all must keep in mind that with any software—or for that matter, any product—that is newer is not necessarily better.
Although Kali has some new tools and has new version of old tools, the developers of Kali left out some very valuable ones. A tool that I am missing most is Snort.
Snort is the world's most widely used Intrusion Detection System (IDS), and as such, I use it to test whether my exploits can get past it without detection. In the previous versions of BackTrack, Snort has always been included, but not Kali. I thought I would take this opportunity to show you how to download, install, and compile a new tool to Kali, using Snort as an example.
The process will differ slightly for each tool, but the overall process is very similar. In the case of Snort, we have some dependencies that must be installed to make it work properly. Other tools may or may not have dependencies. One of the advantages of using a package manager such as rpm or .deb is that it will usually handle the dependencies for you. The drawback is that you get a tool that is not necessarily optimized for your platform.
By compiling the tool, we can optimize it for our platform. This means that it will run faster and more efficiently. In a production environment for Snort, this is critical. A slow or inefficient Snort will either drop packets or slowdown your network. Neither is good, so let's look at installing Snort from its source code and compiling it specifically for our platform.
You can download Snort at snort.org.
When you click on "Download Snort" button, it will take you to this page.
Select the "Source" snort.126.96.36.199.tar.gz. If you are using a browser, it will prompt you with the following screen. Chose to save Snort. In this case, I saved it to my Desktop, but you can save it wherever is convenient and easiest for you.
As you can see, the source file is now on my Desktop in Kali.
Before we install Snort, there are few pieces of software that Snort needs to run properly. These are often referred to as dependencies. They can include library files and other files that an application needs to run. In the case of Snort, there are a few.
Let's do that now.
kali> sudo apt-get install flex bison build-essential checkinstall libpcap-dev libnet1-dev libpcre3-dev libmysqlclient15-dev libnetfilter-queue-dev iptables-dev
You will be prompted twice with (y/n). Simply select y to both.
Next, we need to download, build, and install libnet from the source. We can download it from here. In this case, I'm using the command-line download tool wget.
Once we have successfully downloaded libdnet, we need to untar it, configure it and make it.
First , untar it:
kali >tar xvfvz libdnet-1.12.tgz
Then, change directories to the new libnet directory:
kali > cd libdnet-1.12
And configure it with the "CFLAGS=-fPIC" for a 64-bit version:
kali > ./configure "CFLAGS=-fPIC"
And finally, make the file:
kali > make
We should then be greeted by a screen like that below.
We need to build a symbolic link from where libnet is, to the location where Snort expects libnet to be, by typing:
kali> ln -s /usr/local/lib/libdnet.1.0.1 /usr/lib/libdnet.1
Snort has what is called a Data Acquisistion Library (DAQ). This is an abstraction layer for I/O (input/output) that enables us to plug different hardware/software interfaces for packet I/O. We can download it at snort.org as well.
I've downloaded it and placed it on my Desktop as well.
We go to the terminal and cd to the Desktop directory and then untar this file.
kali> tar xvfvz daq-2.0.2.tar.gz
Then we change directories to the new daq directory:
kali> cd daq-2.0.2
And configure it:
kali > ./configure
Then finally, make the file:
kali > make
Now that we have all the files we need to run Snort, let's complete the installation of Snort. Change to the Desktop directory. You should see the Snort source code there.
Next, let's change directories to /bin and make a directory in the /bin directory named snort. Let's now copy the snort source code to that directory:
kali > cp /root/Desktop/ snort-188.8.131.52.tar.gz /bin/snort
Next, let's untar it:
kali > tar xzvf snort-184.108.40.206.tar.gz
In our final step, we need to compile Snort. Let's change to the new directory that was created when we untarred the source code file.
kali> cd /bin/snort/snort-220.127.116.11
Now, let's configure it.
kali > ./configure
And finally, make Snort.
Now we should have a compiled version of Snort specifically compiled for our platform! We can now run Snort by simply typing snort at the command prompt:
Although the steps with differ slightly for different tools, the basic steps to compile a new tool are:
- Download the tool
- Untar and uncompress the tool
- Configure the tool
- Make the tool
Hope this all helps with having compiled Snort, but most importantly, I hope it helps with understanding how to compile ANY tool in Linux, and specifically, Kali. If all this seems too much, you can always simply use the package manager, aptitude (apt-get install snort). This will install the binaries for your platform, but not necessarily optimize it for your platform.
Keep coming back, my newbie hackers, as we continue along this exhilarating learning path to becoming pro hackers!