Archives

All posts for the month November, 2017

Hello aspiring hackers, as you already know, the latest version of Kali, Kali rolling edition 2017.3 has been released. In this howto, we will see how to install Kali Linux 2017.3 in VirtualBox. The newest edition of Kali Linux gives users the best of all worlds – the stability of Debian, together with the latest versions of the many outstanding penetration testing tools created and shared by the information security community. The best feature I like in this version is constantly updated tools. Now let us start with the installation part. Download the latest version of Kali Linux from here.

For this howto, we will use VirtualBox version 5.30 (the latest version till date) which can be downloaded from here. Before we start the installation there’s a small step we need to perform. Enabling Virtualization technology in the host (the system on which VirtualBox is installed or being installed).

Virtualization is a feature included in processors which when enabled will help in accelerating virtual machines used by Virtualbox, Vmware or Hyper-V. Intel Processors have Intel-VTx and  AMD processors have AMD-V hardware acceleration features. I don’t know what exactly is the reason but this feature is disabled by default in modern CPU’s. This feature can be enabled by booting into the BIOS or UEFI.

The BIOS key is different for different PC brands. Here I have given the BIOS hot keys for some popular PC brands I collected from internet.

Acer – Del or F2                                                                                                                                Asus – Del, F2 or F9                                                                                                                            Acer – Del or F2                                                                                                                                  Compaq Presario – F10                                                                                                                        Dell – F2 or F12                                                                                                                                      HP – Esc or F10                                                                                                                                      Lenovo -F1 or F2                                                                                                                                    Samsung – F2                                                                                                                                        Sony – F2                                                                                                                                        Toshiba – Esc, F1 or F12

To boot into BIOS, you need to restart the system and start pressing the respective hot key for your PC brand. Once you boot into BIOS,you will see a screen as shown below. This is a BIOS screen for a Lenovo system.

Enable that feature as shown below and Save the options and exit.

With that taken care of,  Open Virtualbox and go to “Machine” and click on “New” or hold “CTRL+N”. The below window will pop up.

Click on “Expert Mode” and the window should transform as shown below.

Choose the name for your virtual machine. I named it Kali 2017.3. Choose the OS type as “Linux” and version as “Debian(32 bit)” ( since I am installing 32bit version.). Allocate memory of atleast 1GB. Keep other options default and click on “Create”.

Allocate hard disk size around 14GB or minimum 10GB and click on “Create”.

A virtual machine is created. Now open its settings, go to system settings and enable the PAE/NX feature as shown below.

Turn on the Virtual machine. It should start up as shown below.

Browse to the ISO file of Kali Linux we downloaded.

In our previous guides, we were performing Install. For a change, we will do the Graphical Install this time. Select the Graphical Install Option.

Choose the language as “English” or as applicable. Click on “Continue“.

Select the location of your choice. I chose “India.” Click on “Continue“.

Choose your keyboard. Click on “Continue“.

The system will load some additional components and then prompt you for the hostname. Enter hostname and click on  the “Continue” button.

Give any domain name if you want. However it is optional. You can even leave it blank. Click on  “Continue”.

The system will prompt you to set the root password. Enter the root password, confirm it  and click on “Continue.”

The system will prompt you to partition disks. If you are not sure what to do or a novice, choose “Guide-use entire disk” option. Click on “Continue“.

Click on “Continue“.

Select the partitioning scheme of your choice. If you are a new user, choose the first option as recommended. Click on “Continue“.

Then we will be shown an overview of current settings we chose. Choose the option “Finish partitioning and write changes to disk.” and Click on “Continue“.

Select the option “Yes” to write the changes to disk. Click on “Continue”.

The installation will start. It will take a bit of time to be finished.

In the middle of the process, you will be prompted if you want to use a network mirror. select “No” or “Yes” according to your choice. I chose “YES”.

In the “Proxy” window, leave it blank and Click on “Continue“.

Then system will ask you whether to install the grub Boot loader or not. Select “Yes” and click on “Continue“.

Select the highlighted option and click on “Continue”.

When the installation is completed, the system will ask you to boot into the system. Click on “Continue” to perform this.

The system will reboot into the operating system. Enter the username as “root” and the password as configured above. Now comes the most interesting but contentious part. Yes, installation of guest additions. Open a terminal and type command “apt update && apt -y dist-upgrade” without quotes. This will update system to the latest packages and repositories.

Reboot the system using “reboot” command to make sure system is updated.  Now to install Guest Additions, type command “apt -y install virtualbox-guest-x11” without quotes in the terminal. This will take some time so don’t panic. Just wait and watch.

Reboot  the system again. This will successfully install Guest Additions in Kali. Hope this was helpful. If you face any problems during installation, please leave a comment below. Thanks.

In the previous howto, we have seen how to research about a vulnerability in the FTP service running on our target system and exploit it to gain a shell on that system. In this howto, we will  see hacking the SSH service running on port 22. It can be seen that the target is running OPenSSH 4.7p1 SSH server.

I googled about the above mentioned version to find out if it had any vulnerabilities and exploits for those vulnerabilities. After an arduous search, I found one exploit but that seemed to be not working (Its not always a positive result in hacking).

Remember that we already gained a shell on the SSH server in one of our previous howtos. We did this using the credentials we obtained during enumeration of the target system. (This is why enumeration is so important). We used this credentials in a Metasploit SSH login module to get a shell on our target system.

This time we will see another way of gaining access to the SSH server using the same module. This SSH login module can also be used to brute force the credentials of the SSH server. Let’s see how it works. Load the module and check the required options.

In order to brute force the credentials, we need to specify a dictionary for cracking username- s and passwords in the similar fashion we set while using Hydra. We will use the same dictionary we have used while performing password cracking with Hydra.

I have set the same file for both username and passwords. To conserve time I have set the option “stop_on_success” to True. This option will stop the brute forcing if it finds even one login credential. I have set the “verbose” option also to TRUE. This module is normally used to brute force multiple SSH servers at once. That’s the reason it has “RHOSTS” option instead of “RHOST” option. Any how we can still set a single IP as target. All the options are shown as below.

After all the options are set, execute the exploit using the command “run”.

Once the password is cracked successfully, the module displays the credentials and automatically gives us a shell on the target system as shown in the above image. The available sessions can be viewed as shown below.

We can also login into the SSH server using the credentials we obtained prior as shown below.

Hello aspiring hackers. The exploit we will see today is a POST exploitation Metasploit exploit that performs Powershell enumeration in Windows. Windows PowerShell is a task automation and configuration management framework designed by Microsoft which consists of a command line shell and associated scripting language built on the .NET Framework and .NET Core.

PowerShell provides full access to COM and WMI, enabling administrators to perform administrative tasks on both local and remote Windows systems. Its same as a command line shell but powershell is more powerful than CMD. It is a very helpful tool for network asministrators. If used properly, it can also be used by hackers to the full potential.

But we need to know about the Powershell settings installed on the target system for this. This powershell enumeration module exactly does that for us. Let us see how this module works. Just like any Metasploit POST module, we need to have a valid meterpreter session to run this module. Background the current meterpreter session and load the powershell environment enumeration module as shown below. Type command “info” to view the information about this module as shown below.

Type command “show options” to view the options to be configured. Set the session ID of the meterpreter session we just sent to background and execute the module using command “run”.

As you can see in the image above, our module successfully completed powershell enumeration of the target machine. Powershell version 2.0 is installed on our target system an there are no powershell snap-ins are installed. It seems none of the users have powershell profiles.

Hello aspiring hackers. The module we will learn about today is the Git Submodule Command Execution Exploit. If you are a developer, cyber security enthusiast or at least a computer user, you should have definitely used (or heard about) Github. Git is an open source version control system developed by none other than the awesome Linus Trovalds (yes the same guy who created Linux).

It is a system designed to keep in touch with constant changes made to the code of software by developers. GitHub is a popular hub where developers store their projects and network with like minded people. Github stores information in a data structure called a repository. The particular module exploits a vulnerability in Git submodule.

Git submodules allow users to attach an external repository inside another repository at a specific path.This vulnerability in the Git submodule can be exploited by an attacker who can change the URL of a sub- module in a repository. This URL in the submodule can be changed to point towards a malicious link.

This module is a local exploit and works on Git versions 2.7.5 and lower. Now let us see how this module works. Start Metasploit and load the exploit as shown below. Type command “show options” to see all the options we need for this module to run.

First, we need to configure the malicious Git server. Set the options : LHOST, git_uri and Iport options as shown below. The git_uri option sets the malicious git submodule. Use command “run” to start our Git server. As the user git clones from our URL, we will get a command session on the target.

Now we need to send this malicious Git url to our intended victims. Probably it should be set as a software to convince the users to clone into their machine. Here we are testing this on KaIi Linux 2016 machine which has the vulnerable version of Git installed. We need to instruct the user to update the submodule just cloned. Let us see what happens on the victim machine.

As this happens in our victim system, we will already get a command shell on our attacker system as shown below.

We can see the active sessions using the command “sessions”.