Kali Linux Hacking Tutorial for Starters: The Definitive Guide (2019)

The definitive guide to Hacking using Kali Linux for Beginners (2019 Edition).

Kali Linux Hacking Tutorial for Starters: The Definitive Guide (2019)
Kali Linux Hacking Tutorial: The Definitive Guide for Beginners (2019)

If you are here to Learn Kali Linux or you want to learn ethical hacking, you are absolutely in the right place for beginners. In the upcoming lines, we would be discussing Linux hacking for beginners in this definitive guide.

If you installed the Kali Linux already, probably you are here for one of the below reasons:

  • where to begin with, or where to learn from.
  • How to start using this complicated OS.
  • How to hack using Kali Linux.
  • Learn penetration testing with Kali.

The first thing you need to do is to change your mindset. Everyone gets confused by the information available over the internet. When you start learning you don’t know where to begin with. Even I struggle sometimes understanding things when it comes to Kali Linux. Just be focused and keep reading our amazing articles and you will be fine. Below are the two most important things which you need in order to learn this penetration testing distro.

Requirements for this guide:

  • You need a stable internet connection
  • Most importantly you need passion, desire to learn

Here are some important terms which you need to know before you jump deep into Kali Linux.

Recommended guide before reading this one: 8 Best Kali Linux Terminal Commands for Hacking (2019 Edition).

Kali Linux Hacking Tutorials: Learn to Hack with Kali Linux (2019)


Phishing means fake websites or pages which are an exact look-alike of some other website. Usually, such pages are lookalikes of login page of the underlying website. When someone opens such page, it looks exactly like the original page, so the user enters his credentials and those credentials are sent to the hacker.

The difference between an original web page and the fake one is its URL. Just for instance take the example of gmail.com. If the URL is exactly same as gmail.com then its original otherwise fake.

More advanced types of phishing attacks:

The more advanced types of phishing are given below. These types are not common and only advanced users know about these.

  • Desktop phishing
  • Tabnapping

Desktop Phishing:

This is an advanced type of phishing, it is similar to the normal phishing but with little advancement. In this technique the web page which is loaded in the browser is fake, but the URL which appears in the address bar remains original.

For example gmail.com, the loaded webpage would be fake. But in the address bar, you will see the original address i.e. gmail.com. All most all of the browsers which we use today, such as explorer, chrome, and Mozilla have a built-in feature to detect desktop phishing. But the important point to note is that you need physical access to the system in order to create such a page.

Read: Top 8 Best Linux Distros for Ethical Hacking and Penetration Testing (2019 Edition).


If you are someone who opens a lot of tabs in your browser, your user account for any website can easily be hacked. In this type of hacking attack, the victim or the target opens a link sent by the attacker. Just assume, I and you are friends on facebook and I inbox you a web link via messenger and you open that link.

As assumed earlier you have already opened few other tabs. As soon as you will click that link, your Facebook tab’s URL would be replaced by another URL or page. Now you would think probably you are logged out and put your credentials in the look-alike page of facebook. You would be redirected to the facebook homepage and I will get your credentials.


This is one of the basic tools used by the hackers, though it can easily be detected by even a basic antivirus. But still, it is one of the useful tools for a hacker. It is a small piece of software which keep log/record of every key pressed on the target computer. Though it records everything which a user types, like a chatting conversation, emails, or any other keys pressed, the main purpose of keyloggers is to record passwords typed by the user. Keyloggers can be divided into these categories.

  1. Software keylogger: These are software-based keyloggers, which you can download from internet easily and install on any target pc. This software can record all keystrokes and can even be configured to send that data to a remote admin. Sometimes hackers code custom keylogger software for a given situation.
  2. Hardware Keylogger: this type of keyloggers are based on hardware, which is connected to the target pc and hence it records keystrokes. These days such hardware keyloggers are designed for keyboards, hence they are connected with keyboard and record all keyboard strokes for the hacker. These type of keyloggers are usually used for credit card hacking.

Brute force attack

This one is another commonly used method to crack passwords. In this type of attack, hackers guess the length and characters of the password. Once they have guessed the possible length of the password, they using brute force tools or software to crack passwords.

That software tries all possible combinations of passwords. This is a popular method, but there are two disadvantages of this type of attack, firstly it is time-consuming and secondly, it is inefficient. You never know whether at the end you will get the password or not.

Also read: 8 Best Ways to Secure Your Linux Server: The Definitive Guide to Linux Server Hardening.

Wordlist attack

It is very much similar to a brute force attack. The difference is that in brute force the software uses all possible words combinations as password and in this type of attack hackers provide a list of words to the software. Then software tries each and every word as a password in the given list.

Usually, such lists are big size files. This type of attack is effective for cracking wifi passwords. It is not applicable when you are trying to attack the server directly. In other words, it is suitable to crack something on local pc not on the remote server, as the server will block you after few attempts.


Encryption is used to store passwords other information on the databases in a form inch which no one can see the original info. For example, if your password is abcd3434 it would be stored as something like #@#!fdf3d9988dfdf, now looking at this line now can guess the original password or info.

Encryption is also used to transmit data from one node or peer to the other. There are many types of encryption, which can’t be explained here as that is a very long topic. However, to give you a quick heads up there is AES, RSA, Two fish, and 3DES.

Read: How to Hack WiFi Passwords in 2019.


This is actually a type of virus or program which encrypts your data and you can’t use that data. Or you can’t open it. Then the hacker demands money to decrypt that data. Always stay safe from ransomware attacks and never pay the ransom.

IP address

This is the unique address for your computer or device. The IP is actually the address of the device over the internet. Google for more detailed knowledge of IP addresses.


Vpn is actually a virtual private network, it creates a virtual tunnel between you and the server or resource you are accessing. So no one knows what you are accessing. Until your VPN provider decides to screw you. Here is a list of best VPN providers for torrenting and P2P safely.

Web Server

A web server is a computer which hosts all files for a given website. It can also host the database of a website with all the needed data. This can be using any technology I.e. MySQL or SQL.

DOS Attack

A denial of service is the attack in which a website is brought down by hackers, by sending an excessive amount of traffic which server can’t handle. The only difference between DDOS and Dos is that in DDOS the hackers use multiple devices to attack the website.

SQL injection

in this type of attack, hackers inject SQL queries in order to get access to certain data from the server. They will keep trying different variations until they get access to the admin panel of a website.

Read: Top 10 Best Android Hacking Apps – For Rooted and Non-Rooted Phones (2019).

Social engineering

This one is not the actual type of hacking, it involves psychological techniques and a lot guesswork to get the desired information. The art to social engineering is to trick the human to give his/her details.

Recommended programming languages for Ethical Hacking

Though you need plenty to learn in order to become a good hacker but to start with you can learn Python, HTML, CSS, javascript, SQL, PHP for web site hacking. In order to hack networks, you will need to learn other technologies and how networks work. So you will need a different type of skill set depending on the situation.

This was your basic intro, in the next articles we will get into some other topics which will be related to hackers especially using Kali Linux. But first, you need to have a good grip on the topics and terms mentioned above.

Disclaimer: This is just for educational purposes, please only use knowledge learned from our site on systems you have permission to do the following. You can watch more tutorials on their official site.

Conclusion – What to learn next?

Once you have a basic knowledge of the topics shared above with you, start with the command line. There are thousands of terminal commands that fall into penetration testing category. However, you only need to get an understanding of what command will give you what result. After, you can have a look at Wireshark for network spoofing attacks. This will lead you much further down in the ethical hacking field. I hope this Kali Linux Hacking Tutorial guide for absolute beginners has helped you.

Stay tuned for more Kali Linux tutorials, hacking commands and much more that we will be releasing in a training series for our visitors.


Please enter your comment!
Please enter your name here