Continuing on in my “Getting Started with CTF” series let’s jump into choosing a Operating System to work with.
Let’s be straight, the only Operating system you should be doing a “Capture the Flag” challenge, Pen Testing or Ethical Hacking is Linux. Windows is not an option, it just isn’t built for it. However; there are so many flavors of Linux, it can be difficult to pick one, just take a look at distrowatch.
Fortunately for CTF challenges, Pen-testing and Ethical Hacking there are two main choices that come up the most often. These two most popular choices would be ArchLinux based BlackArch or Kali which is based on the ever popular Debian distribution. There are others like Parrot but I will focus on the two most common for this article.
When I started to learn about Pen-testing and CTF Challenges Kali was so popular I didn’t realize there were any alternatives so I started directly with it.
Kali was based on Backtrack which was a spinoff of Knoppix. Knoppix was released way back in 2000 when it was just a live cd. 32MB of RAM was all that was needed to run Knoppix. It ran straight from CD, had 2600 packages installed, had a nice GUI and it even ran fast. In May 2006 the first stable version of Backtrack was released with Backtrack 2 coming in the following year. Backtrack included many hacking tools such as Metasploit, aircrack-ng, nmap and a bunch of other stuff. In Aug 2012 the last version (Backtrack 5) was released and Backtrack moved over for Kali.
In May 2013 Kali Linux was released and in 2022 it is still going strong. It received a popularity boost when it was featured in multiple episodes of the TV show “Mr Robot”. Today its still based on Debian and like its predecessor it was focused on penetration testing. Looking at the tools that were installed on Backtrack in the early releases not a lot has changed with Metasploit, Nmap, John the ripper still strongly featured.
- Easy to install and set up.
- Based on the very stable Debian Linux.
- Lots of documentation and guides on line.
- Over 600 installed pen-testing tools.
- Over 600 tools installed, most of which will never be used.
- Not very newbie friendly.
- So popular most people know what you are doing if they become aware its installed.
- Plain looking skins and wallpaper.
I was always an Debian person, I liked the way it was so easy to use. I even had my kids using Ubuntu. Yet surfing the web I have often seen references to ArchLinux. I always seen it as a “linuxfromscratch” alternative so I ignored it. Then one day around 2016 out boredom, I took a look at it. Proceeded to Downloaded the ISO and spun up a Virtual Machine for installation. I got straight to a Command Prompt, “What is this?” I said to myself.
Where is the pretty installation GUI and a couple of clicks and then its installed? It asked me to create all the file systems with fdisk and then install the kernel package. And worse of all I had to configure Grub myself. What madness is this?
BlackArch doesn’t have the same 20 year history as Kali. The first major release was 2015 with a lot of regular updates since then. Currently there are 2011 pen-testing packages available in the BlackArch repositories. It’s maintained by a small team who are constantly updating it by adding new tools and their dependencies. It’s based on ArchLinux with is a rolling release distribution. This means it there are no major or minor releases and patches are available almost daily.
- Based on Arch
- Lots of options to customize, if you are familiar with ArchLinux
- Many 1000s of tools available.
- Rolling release.
- Looks good.
- Harder to set up than Kali.
- Deeper knowledge of Linux is required.
Conclusion BlackArch or Kali.
There is really little difference when it comes to both these great distributions, both teams have done a fantastic job. They have near identical tools installed or available in their repositories. Personally I think the BlackArch team did a better job on the looks and feel of the OS. The wallpaper and themes are amazing. But if you have good linux skills then it’s just really a matter of personal preference. Some people love Arch and some love Debian. “Horses for Courses” as they say.
However, for me there are just too many tools installed on both and I will never use most of them. It really annoys me that if I need to create a fast Kali Virtual Machine then I have to do a 2GB update in order to be patched.
My recommendation is, if you are completely new, then choose Kali to begin with as everything you need comes pre-installed. Then when you are more comfortable using it and become more fluent with Linux. You should try and install ArchLinux with the BlackArch repositories. With this you have a blank canvas on which to you can paint your own pen-testing Distribution and install the tools you want and need.