Tweaking

Good Evening Friends. As of Sept 2015, VMware recommended using the distribution-specific open-vm-tools instead of the VMware Tools package for guest machines. This means that instead of Vmware tools, the users should install openVM tools specific to the guest OS. The makers of Kali Linux  have made changes to  the latest Kali rolling kernel accordingly. These openVM tools have all the needed functionality  such as file copying, clipboard copy/paste and automatic screen resizing are working perfectly. Now let us see how to install OpenVM tools in Kali Linux rolling 2016.

openvm1

Open a terminal and locate the “sources.list” file. Open the “sources.list” file with any text editor. Here I opened with the Vi editor. The command is “vi /etc/apt/sources.list

openvm2

When the file opens, type “i” to get into insert mode. You cannot make changes to this file unless you get into insert mode.

openvm3

Now type “deb http://http.kali.org/kali kali-rolling main contrib non-free” without quotes. Hit ESC, then SHIFT+:wq to save and close the file.

openvm4

Next type command apt-get update. 

openvm5

Then type command apt-get install open-vm-tools-desktop fuse. When it asks if you want to continue, type Y.

openvm6

After installation is over, reboot the system and you will get the screen as shown below. Happy hacking.

openvm7

 

 


Good evening friends. We have seen how to exploit many recent vulnerabilities using Metasploit. ( Go here, if you missed them ). Metasploit is a pentesting software which is by default installed in Kali Linux. Metasploit releases updates  every wednesday with the latest exploits. See the video or scroll through for textual howto.

msfupdat1

In order to get the latest exploits, we need to regularly update the Metasploit framework by typing command “msfupdate” as shown below.

msfupdat2

But in our latest version of Kali Linux, i.e Kali Linux rolling 2016.1, as soon we start Metasploit after updating, we are getting the following error.

msfupdat3

Fixing this error is very simple. We just need to install ruby on our system. Type command apt-get install ruby as shown below.

msfupdat4

After ruby installation is finished, start Metasploit. It should open successfully as shown below. It is that much simple to fix msfupdate error in Kali Linux. Happy hacking.

msfupdat5

Good Evening Friends. Today our howto is about how to setup OpenVAS in Kali Linux or Kali Linux Sana for that matter. As you already know, OpenVAS is a vulnerability scanner which replaced Nessus vulnerability scanner in Kali Linux. You should already have observed that Nessus is not installed by default in Kali Linux( see here if you are looking how to install Nessus in Kali Linux). Openvas is installed by default in Kali Linux. We just need to configure it to make it available for vulnerability scanning. Let’s see how. Open terminal and type command “openvas-check-setup“. We will use this command  many times from now. The good thing about installation of Openvas is it is very simple. Simple in the sense that it will automatically give the fix for the errors we face in configuring Openvas. As shown below, we will get a error and the “fix” to fix that error just below it.

openvas1

As shown in the “fix” above, type command “openvas-mkcert” . This will create an openvas ssl certificate as shown in the below two images.

openvas2

 

openvas3

The certificate will end like as shown below.

openvas4

When the certificate is successfully created, once again type command “openvas-check-setup” to check the next step in the process. You can see below underlined what our next command is.

openvas5

Type the command “openvas-nvt-sync” as shown below.

openvas6

The process will run and end as shown below.

openvas7

Once again, type command “openvas-check-setup“. It will prompt you the next command to run.

openvas8

Type the command “openvas-mkcert-client -n -i“. This will create a client certificate for the Openvas manager.

openvas9

Once the client certificate is successfully created as shown above, once again check the setup by typing command “openvas-check-setup“. This time it will ask you to create a user as shown below.

openvas10

Type the below command to create a user. Choose your username and password as per your choice. I have chosen “root” and “toor” consecutively.

openvas11

Next type command “openvas-check-setup”. It will ask you to rebuild as shown below.

openvas12

Before rebuilding, start the openvas scanner as shown below by typing command “/etc/init.d/openvas-scanner start“.

openvas13

Then type command “openvas –rebuild” to update the database.

openvas14

Next type command “openvas-check-setup”. 

openvas15

Type command “openvas-scapdata-sync”. This will take a bit long time.

openvas16

openvas17

Once the above process is finished, type command “openvas-check-setup” once again.

openvas18

Type command “openvas-certdata-sync“.  The process will run as shown below.

openvas19

Next, type command “openvas-check-setup” for one last time, hopefully. You will get a message that your OpenVAS installation is OK as shown below.

openvas20

Restart the system and start openvas by typing command “openvas-start“.

openvas21

Open your browser and point it to port number 9392 as shown below. You should get a warning as shown below. Click on “I understand the risks”.

openvas22

This will prompt you with a login screen. Login with the credentials we created above.( Hope you have not forgotten them).

openvas24

Once you login you should see the screen as shown below. Hurrah, you have successfully configured Openvas in Kali Linux. Happy hacking.

openvas25

Good evening everybody. It’s been a dream of every budding hacker to bypass the antivirus solutions of their targets. Well, today we have the answer in the form of a program called Shellter. To say in their own words,  “By using Shellter, you automatically have an infinitely polymorphic executable template, since you can use any 32-bit ‘standalone’ native Windows executable to host your shellcode. By ‘standalone’ means an executable that is not statically linked to any proprietary DLLs, apart from those included by default in Windows. ”

So let’s see how to install Shellter in Kali Linux Sana. The version we are using here is the latest version Shellter V5.8 which can be downloaded from here. Go to the download page and download the zip file.

shellter1

Go to the Downloads folder. You will see the “shellter.zip” file as shown below. I copied the file to the root folder but if you want to keep the file in Downloads folder you can keep it. This step is not mandatory.

shellter2

Now change the permissions of the zip file as shown below. Until you change the permissions, you cannot unzip the files. Next unzip the contents of the file. Type “ls“. You will see a new directory with name “shellter”.

shellter3

You have successfully installed Shellter in Kali Linux Sana. Navigate into the directory “Shellter” to see its contents as shown below. We will see how to use Shellter to bypass antivirus in our next howto. Until then, happy hacking practice.

shellter4

Here’s a video version of this howto

Good evening Friends. Today we will see how to install Veil Evasion in Kali Linux. Although this howto is made on Kali Linux Sana, it is same for all the versions of Kali. For the novices, Veil-Evasion is a tool to generate payload executables that bypass common antivirus solutions. First of all download and save the zip file of veil evasion as shown below from here.

veil1a

Next, Open terminal and go to the directory where the zip has been downloaded. Commonly it is root or Downloads. Mine is in root. Next unzip the contents of the zip file by using command unzip “Veil-Evasion-master.zip” as shown below.

veil2

When unzipping is finished, type “ls” command once again. You will see a new directory “Veil-Evasion-master”. Change into that directory as shown below and type “ls” to see the contents of that directory.

veil3

There will be a dircetory named “setup”. Change into that directory. You will see a file named “setup.sh”. Execute that file using command  “./setup.shveil4

It will prompt you a question whether you want to continue with the installation or not. Type “y”.

veil5

The installation will start. It will ask you whether to install Wine. Click on “Install”.

veil6

Next it will install Python. Click on “Next”.

veil7

Click on “Next”.

veil8

If it asks you to overwrite existing files of any Python, select “yes”.

veil9

Click on “Next” for the below window.

veil10

Finsih the installation by clicking on “finish”.

veil11

Next, the system will ask you to install pywin32. Pywin32 is a set of extension modules that provides access to many of the Windows API functions. Click on “Next”.

veil12

Click on “Next”.

veil13

Click on “Next”.

veil14

Click on “Finish” the script.

veil15

Next it will install pycrypto. Click on “Next”.

veil16

Click On “Next”.

veil17

Select language as “English” and click on “OK”.

veil19

Next it prompt you to install Ruby. Accept the license and click on “Next”.

veil20

Click on Install.

veil21

Click on Finish to to finish the installation of Ruby.

veil22

You will see the below screen as the installation finishes.

veil23

Now let us see if our installation has been successful by starting the program. Go to the “Veil-Evasion-master” directory in which there is a python script called “Veil-Evasion.py”. Execute this script by typing command “./Veil-Evasion.py”.

veil24

This is how Veil-Evasion looks when started.

veil25

 

 

 

 

 

NOTE : Kali Linux Rolling 2016.2 has been released. This guide works even for that too.

Good evening friends. I have seen that most of the people are still facing many problems while installing Kali Linux in Virtualbox. So today i brought the easiest method to install Kali linux in Virtualbox. It doesn’t involve  typing of any lengthy  commands. For this howto, I am installing Kali Linux v2.0 Sana in virtualbox version 5. This howto works for any host OS, from Windows XP to Windows 10. Just install the latest Virtualbox version for that operating system.

The makers of Kali Linux are providing prebuilt virtualbox images which are available for download here. First download the image.  It would be a compressed image. Now extract the contents of  the file at any location of your choice.

kaliv1

It would be a ova extension file as shown below.

kaliv2

Now open Virtualbox. Go to “File” and choose option “Import appliance”. Click on it.

kaliv3

As soon as you click on it, the below window will open.

kaliv4

Now, browse to the location of the OVA file we just downloaded. Click on “Next”.

kaliv5

You will see the below window.  Check out all the options shown. Change any options if required.

kaliv6

Make sure that the location where you are creating disk has enough space. Click on Import.

kaliv7

The process of importing will start as shown below.

kaliv8

It will take some time to process.  Just wait. As soon as the importing is over you will see the virtual machine  as shown below.

kaliv9

Power On the virtual machine.  After some system processes, you will be asked for the username. The username is “root”.

kaliv10

Next you will be prompted for password. The default password is “toor”.

kaliv11

If everything went well, you should see the interface as shown below. Go to full screen to see if its working. You are all good to go. See, this is the easiest way to install Kali Linux in virtualbox. Hope it was helpful. Please comment if you encounter any problem. I would be happy to solve it.

kaliv12

Good Evening friends. Today we will see how to add new exploits to Metasploit from the exploit database. As we all know, Metasploit is a framework to exploit systems. This howto is being done in Kali Linux which has Metasploit installed by default. You can see below that here Metasploit has total 1467 exploits.  Now let us add the recently released Microsoft Windows Media Center MCL vulnerability exploit to Metasploit framework.

      edb1

Go to the website exploit-db.com and open the search option as shown below. Go to the Advanced Search option and give the below values to search for all the exploits for Metasploit.

edb2

As the below image shows, we get all the exploits authored by Metasploit. We are interested in the  Ms15-100 Microsoft Windows Media Center MCL vulnerability underlined below.

edb3

Now click on the download option as shown below. A window will open as shown below.  Select the Save option.

edb4

Now open a terminal and navigate to the Downloads folder to check your download.  In our present case it is “38195.rb”.

edb5

Now navigate to the directory where metasploit stores its exploits by typing command “cd/root/.msf4“. Go into modules directory and create a directory named “exploits” inside that directory. Now go into the exploits directory(which you just created) and create another directory named “windows”, inside the windows directory( which once again you just created) create directory “local”. If you are getting confused, all the steps are given in below image, just follow them. We are just creating a valid path for metasploit to find this exploit. Once you are in the local directory, copy the exploit you just downloaded to the local folder as shown below.

edb6

Ok, we’re almost done. Now restart the system and fire up your Metasploit. Now you can see that we have 1468 exploits as 1467 previously.

edb7

Now let us search for our exploit by typing command “search ms15_100”.  Load the exploit as shown below.  We have successfully added a new exploit  to Metasploit. Hope that was helpful.

edb8

 

Hi Friends, this is a guide on how to reset nessus password in Windows. Open a command line terminal with administration privileges. Navigate to the installation folder of Nessus as shown below. That would be in program files.

nessuswrp1

Once you are in that folder, type “dir” command to see the contents of the folder as shown below.

nessuswrp2

Now type command ” nessuscli.exe lsuser ” to see all the nessus users. In my case there is only one user present. Now to reset his password, type command ” nessuscli.exe chpasswd root “. Then enter the new password twice as shown below. Congrats, you have successfully changed your nessus password.

nessuswrp3

 

See how to install Nessus in Kali Linux

Hi Friends, its common that we forget things. I have forgotten my nessus password so many times. Today we will see how to reset nessus password in Kali linux in case you have forgotten it. Open a terminal, and type the command “cd /opt/nessus/sbin” to navigate to the sbin directory. Here type “ls”  to see the contents of this directory as shown below.

nessuslrp1

Next type command “./nessuscli lsuser ” to see all the nessus users present. Here, we have only one.  Ok, let’s reset the password for user root. Type command ” ./nessuscli chpasswd root “. The system will prompt you to enter the new password. Enter the password two times as shown below. You have successfully changed the nessus password. Now logon with the new password.

nessuslrp2