Tweaking

Hi Everybody, today we are going to see how to make live USB of Kali Linux. Live USB installation has many advantages like system administation, forensics and testing of the OS before making a hard drive installation. However what prompted me to make kali live USB  was wifi hacking. My laptop has a compatible adapter for wifi hacking but Kali Linux in Vmware Workstation recognizes your host’s wifi adapter as a ethernet adapter. So I thought I could postpone buying a usb wifi adapter for some time by making a live usb installation of kali linux.

Whatever, let’s get to how to make Kali Live USB. First we need to download software called win32diskimager from here,  Install the software and launch it. It will look like below.

win32diskimage1

 

Plug a USB drive into your laptop. Make sure it is atleast 4 GB.  In the “device” tab, select your USB drive. In the “image file” tab, browse to the iso image of Kali Linux as shown below.

win32diskimage2

 

Click on “Write”. That’s it you have successfully made a live USB of Kali linux. Hope that was helpful.

win32diskimage3

Kali Linux is the most advanced penetration testing distribution with a number of tools. While using these tools a measure of anonymity is required. Today we are going to see how to spoof your IP address in Kali Linux. First, check your IP address by visiting any website which shows your IP address ( http://www.whatismyip.com ). Then go to the site www.vpnbook.com.

Download the Euro1 Server OpenVPN certificate bundle as shown below. Note down the username and password given. We will need it in later steps.

kalivpn1

 

When you click on the download link, the following window opens. Since it is a zip package, system will prompt whether to open it with unzip ( the default option ). Click on “OK”.

kalivpn2

 

Open the terminal and navigate to the directory where the cocntents of the zip archive have been unzipped. Type the command “ls” to see the unzipped files. We are going to use the vpnbook-euro1-udp53.ovpn package.

kalivpn3

 

OpenVPN has been installed by default in the Kali Linux distribution. Type the command “openvpn vpnbook-euro1-udp53.ovpn” to start the process.

kalivpn4

 

The installation starts.  Enter the username and password we noted above when prompted.

kalivpn5

 

After a short time, the process is completed. Check your IP address again. If everything goes well, your IP address will be changed.

UrlScan is a security tool used to restrict types of HTTP requests that IIS will process. It is a simple tool which is very helpful in blocking harmful requests to the server. It seemingly supports only IIS 5.1, IIS 6.0, and IIS 7.0 on Windows Vista and Windows Server 2008. It has been deprecated since IIS 7.5 and IIS 8. It is said that Microsoft has included the features of UrlScan in request filtering option for IIS 7.5 and IIS 8. But it definitely is not a match for the simplicity of UrlScan. Today I am going to show you how to configure UrlScan in IIS 7.5 and IIS8. (IIS 7.5 is available in Windows server 2008 R2 and IIS 8 is available in Windows Server 2012 and Windows 8 ).

I am going to configure this in Windows server 2012 i.e IIS 8 but do not worry the configuration steps are similar in IIS 7.5. First and foremost install Web Platform Installer in your machine. This will help us to install all the components we require in simple steps. From web platform installer, select component IIS 6 metabase compatibility. This is compulsary to install URLscan.

urlscan1

 

Then, select IIS ISAPI Filters. (ISAPI filters may already be installed in IIS 7.5 ).

urlscan2

 

Click on Install. You are shown a review of components you selected to install. Click on I accept.

urlscan3

 

The components are installed and will show you a Finish screen. Click on Finish.

urlscan4

 

We are all set to install UrlScan. Download Urlscan and click on the msi package. On the window, select the option “I select the terms of license agreement” and click on “Install”.

urlscan5

 

The installation is very quick. Once it finishes,click on “Finish”.

urlscan6

 

 

Now open IIS Manager. Click on ISAPI filters.

urlscan7

 

If everything went well, we should see a filter already set like below.

urlscan8

 

Click on it. We can see that there is already a filter named URLscan 3.1 linking to the executable urlscan.dll.

urlscan9

 

Before configuring UrlScan, let’s try a little banner grabbing to check whether UrlaScan is working or not. For this, we will use tool Idserve to fingerprint the server on which we have configured UrlScan. (www.shunya.com is fictional website i set on my server ).

urlscan10

 

We can see that the version is Microsoft-IIS/8.0. Now let’s go to the configuration file of urlscan (urlscan.ini)  to make some changes to it.  It is located by default at “C:WindowsSystem32inetservurlscan” and change the value of “RemoveServerHeader” to “1” from “0”. Save the file.

urlscan11

 

Now let’s again try to bannergrab using Idserve.  Restart the web server.

urlscan12

We can see that the server version has not been disclosed hence our UrlScan is working successfully. Hope it was helpful.

Nessus is a vulnerability scanner. My first disappointment  with Kali is that it excluded nessus from its vulnerability scanning tools. However it can be installed. Let us see how to install Nessus in Kali Linux. This guide works for all versions of Kali Linux. First download the nessus debian package from the website ( here ). Go to the directory into which the package has been downloaded. It should normally be in the Downloads directory in root directory.  Open a terminal, navigate to the “Downloads” folder and type “ls“. You can see the debian package of Nessus. Then type the command “dpkg -i  package name” as shown below.

nessuskali1

Then type command “service nessusd start” to start the service.

nessuskali2

Open a browser and type “https://kali:8834/” to see the web interface of nessus. You will see the below warning that the connection is untrusted.  Click on “I understand the risks” option.

nessuskali3

 

You will get a popup to confirm the security exception. Click on that option.

nessuskali4

Then you will get a welcome screen of nessus as shown below. Click on “Continue”.

nessuskali5

Its time to create our initial account. Type the username and password you want to set up for the account. Click on Continue.

nessuskali6

Its time to enter the activation code for Nessus. You can get the activation code from here. After entering activation code, click on Continue.

nessuskali7

After activation is completed, it will download the nessus packages required. It may take a bit long time.

nessuskali8

Then we need to wait some more time while the program initializes.

nessuskali9

After the initialization is over, you will see the Nessus scan page as below.

nessuskali10

Congrats, you have successfully installed Nessus in Kali Linux.

 

If you tried to start armitage on Kali Linux, it will show you the following error.

armitage1

 

The error says that the service cannot connect to the database. Now let’s see how to configure armitage on Kali Linux. First, lets check if armitage is installed on our machine or not. Open terminal and type the command “apt-cache search armitage”Then type the command “apt-get install armitage”. If everything is right, it tells you that armitage is already installed.

 

armitage2

Now let’s rectify the database connection problem. Type the command “service postgresql start”. This will start our database service. Then start metasploit service by typing the command “service metasploit start”

armitage3

Then type the command “armitage”. You should successfully see armitage working.

armitage4

 

 

Windows provides a property to hide folders. We can set the view property of folder we want to hide to ‘hidden’, then go to “Folder and search” options, go to “view” tab and select Don’t show hidden files,folders and drives option.

The disadvantage with this method is that once we select “Show hidden files,folders and  drives” from the “Folder and Search” options all our hidden files are visible. What if we want to hide our folder completely, completely in the sense that it is not visible even if we set our settings to show all hidden files. Let’s see how to hide a folder completely in Windows.

Here, I want to hide a folder named “Secret”.

hfw1

Go to command line. Navigate to the directory where the folder we want to hide is located. Type the command “attrib +s +h secret” (batch programming is not case sensitive ) and hit Enter.

hfw2

Now we can see that the file we hid is not visible even if we set our properties to show hidden files.

hfw3

 

If you want to unhide your hidden file, go to command line and type the command “attrib -s -h secret.”

I have been searching for a way to send an executable file to someone and make him to execute it. Sending the exe directly is not feasible. So let’s see how to hide an exe file in a jpeg and test its feasibility. First of all, create a new directory named test and download some images and name them similarly. I downloaded images of a popular Tollywood actress. The plan is to lure the victim into falling in the trap. I did this on a Windows 7 machine.

expeg1

 

Go to Folder Options”, go to View tab”deselect ‘ Hide extensions for known file types‘ and select option Show hidden files, folders and drives. This will allow us to see the extensions of the files we are working with.

expeg2

 

Open Notepad, type the following text and save it with the extenson .bat”. What the following code does is it creates a new user named “hacker” with password “abc123″ in the Windows machine this code gets executed.

expeg3

 

Download BAT to EXE converter and convert the batch file we just created to an exe.

expeg4

 

expeg5

 

 

Rename the file “samy.exe” to  “samy_3.jpg”. Windows will prompt a warning. Ignore it.

expeg6

 

Right click on the file “samy_3.jpg”, drag it a little and leave. Select ‘Create Shortcuts here’. We are creating a shortcut for the file samy_3.jpg.

expeg7

 

Rename the shortcut to “samy_0.jpg”. Whatever the name you give make sure that the shortcut is clicked first and not the exe file.

expeg8

 

Right click on “samy_0.jpg” and select Properties. In the “Start in” column delete the entire text. In the “Target:” column type “C:Windowssystem32cmd.exec samy_3.jpg.” This will run the file samy_3.jpg when clicked on the samy_0.jpg.

expeg9

 

Click on “Change Icon” tab. Replace the text inside with “%SystemRoot%system32SHELL32.dll” and click on “OK”.

expeg10

 

Compress all files into zip archive with the name “samy unseen.zip”. Remember that name should be attractive enough to lure the victim into clicking the images.

expeg11

 

OK, package is ready. Now the bigger challenge is to send the package to the victim’s computer. I tried to mail the package to the victim but it didn’t work out.

expeg12

 

 So I suggest you to find your own way of sending it to the victim. To test if the package will work on the victim’s system or not open “CMD” and type the command “net user” before executing the image. It will show us all the users on the system.

expeg13

 

Then click on the image samy_0.jpg. Open “CMD” and type the “net user” command again.

expeg14

 

A new user named hacker has been created. So the trick worked.