Root user in VMware Kali 2020.1

Hello! Cheers to all the community… Since you can no longer be a root user in new Kali, I found these video… https://www.youtube.com/watch?v=v9Kwo2-vRFs&t=300s

Have someone tried it? What do you think about it?

Regards,

As an old-school Linux admin, I’m kind of surprised this is controversial at all. Kali used root as the default before because it wasn’t meant to be used as a desktop distribution. Now it’s being used more and more as a desktop distribution, so they changed to the user model used by other distributions.

It’s not hard to run “sudo -i” to enter a root shell. It’s also a lot safer to use sudo to run privileged operations than it is to spend all of your time in a root shell for all levels of Linux expertise. Using sudo, you’re more aware of privileged operations so you’re less likely to make a destructive typo, and actions with sudo are logged so you can refer to them later when troubleshooting a system change.

And as the video notes, it’s easy to enable root by giving it a password. I feel like I’m missing something - disabling root by default is common sense if they expect people to use Kali in non-forensic environments, and if someone knows Kali well enough to use it forensically then they should also know how to get around the default limitation.

2 Likes

Hi @sadamytjp, you can easily change the root password using sudo passwd root from the “kali” user and then log in using the “root”. But there was a reason why kali started shipping default from a different user. You don’t need to be on the root to get things done. If you need some program to run at the root level, you can just use sudo for that particular program. This way there is less chance of someone messing up with the machine than by default on the root level

1 Like

Duly noted, but I’m not exactly sure what you mean by “non-forensic environments”. There’s certainly overlap between pentesting and computer forensics; those looking to get certification are usually also learning at least some forensics. The only people I imagine not using it in such an environment, are those who might be trying to teach themselves pentesting on their own.
Also, the goal of ethical hackers is often to get root on target machines, sometimes it’s a single-minded obsession. To not have it by default on their own machine (or should I say their Pwm machine? lol) feels odd, almost disrespectful (on my personal 'puter!).
By “old-school admin”, do you mean sysadmin in an organization’s network? Were you administrator for many lusers? (I mean, users, lol). Then I’m not surprised that you are surprised. As a non-system-admin, maybe also a freelancer, I would want to extend complete total control of my machine to other boxen (does anyone call them that anymore?) Some Kali admins do want unlimited access, and don’t want to need to “get around” limitations. These are the people who don’t care, and do not want to care, for a single organization’s network on a daily basis. For better or worse this is the personality type often attracted to Kali, as opposed to something like the more Red-Hat-corporate-friendly Fedora Security “spin”. Personally in the past, I have installed Shark linux specifically because it allows sudo without a password. Such distros are out there. Yeah, illogical: I know, but it’s also a lot of fun!

How to create root access & root account login into Kali Linux 2020

I did a video on that too to answer the question https://www.youtube.com/watch?v=RqpR6yFgcaA&t=1s

hi there
what is the username and passowrd for this kali 2020.1

thanks

Hi @Mohamed_Ali_Dewji, if you downloaded the VM version of Kali from their official website then the username and password is kali and kali

Sorry I missed your reply, cuvtixo. I didn’t want to sound like I dislike Kali, and I hope I didn’t come across that way. My concern was just when it’s used by someone who is just starting out with Linux. And even then, it’s not that Kali can’t be used for that purpose, it’s just built with professionals as their main audience. It’s like having someone use vim as their first command-line editor instead of nano - it can be done, but it’s a big tangent if the main goal is to teach something other than how to use vim.

There’s a meta thread at StackExchange where you can see some people grouse about using Kali as a learning platform:

The comments can get a little snarky, but there’s some good information in there.

As to the “old-school admin” comment, I’ve been using Linux and managing it since the 1990s - first on a small network at a local ISP, and later at larger companies with larger networks. I can definitely appreciate the ease that comes with being root all the time, but I’ve broken enough systems with typos or other mistakes (or had others break systems the same way) that I’ve come to appreciate sudo for reminding me I’m doing something impactful (and logging it).

Fortunately you can adjust any distribution to match your desired behavior - disabling root by default is usually a matter of not having a password set, so setting a root password will fix that. And you can edit the sudoers configuration to add a “NOPASSWD” in the right place to tell sudo not to ask for a password when you use it.

My turn to apologize. I’ve been away getting parts to upgrade a used laptop to take stationx courses. I actually didn’t expect a response, but yes, you’re right. Offensive Security reminds me of “Red Hat” who were the first to come out with standardized Linux tests. Now they’re giant and bought by IBM (?!) None of the lead developers of other distros dove headfirst into pentesting education like Offensive Security, and they did it again with Android/Smartphones.
Building Arch from scratch was a struggle for me; getting all the packages up and running! Any beginner who does that is worthy of getting and learning penetration tools (kinda dramatic of me, I know) And then I found Blackarch, and thought “this is the way new pentesters should start. Baptism by fire.”
So, you’re right. Beginners can and do go straight to Kali for it’s penetration testing tools without learning bash and other linux fundamentals. But I certainly didn’t learn that way, and, I tend to think if someone borks their Kali installation for a newbie mistake, it’s on them. I don’t have experience being held responsible for wrecking other’s systems, or correcting others’ mistakes with root, and I’m sure that would give a different perspective. My argument would hold better for something like Pentoo. Just, I wanted to give the perspective of, for example, a “Red Team” person, for whom privilege escalation is everything. I didn’t want to contradict you at all, just add a little something