Archives

All posts by kanishka10

Hello aspiring hackers. In this howto, we will learn about installing ClearOS UTM in Vmware. For those beginners who do not know what an UTM is, it is an Unified Threat Management software. Still no idea. It is a software with all security features bundled into one. It is based on CentOS and Red Hat and is used by many enterprises as a gateway. Its features include Stateful firewall (iptables), Intrusion detection and prevention system, Virtual private networking, Web proxy with content filtering and antivirus, E-mail services, Database and web server, File and print services, Flexshares and MultiWAN.

As a penetration tester, it is very important to study about UTMs. So Let us start with this installation guide for ClearOS. Download the open source version of ClearOS UTM from here. That would be community version. Once the iso file has finished downloading, Open Vmware Workstation (Version 12 used for this article). Hit “CTRL+N”. The below window should open.

Make sure the “Typical” option is selected and click on “Next”. That takes us to the next window. Click on “Browse” and browse to location of the iso file we just downloaded and select it.

Now the window should look like the one shown above. Click on “Next”. The Guest operating system should be automatically selected for you, if not select Linux as OS and version as Centos. Click on “Next”. Even if you leave the default options, the installation continues.

Give a name to the virtual machine. Choose the name of virtual machine and its location as you like. I named it ClearOS. Click on “Next”.

Allocate the hard disk memory for your virtual machine. Keep the minimum as 15GB. Click on Finish.

It will show you a summary of all the selections you made. If you want to make any changes, click on Customize hardware or else click on “Finish”.

The virtual machine is created with the name you gave it. Before powering on the virtual machine, we need to add another network adapter to the virtual machine. Any gateway needs two network adapters. For reasons that will be explained later, I am adding two host only network adapters. Go to the settings of the virtual machine as shown below and click on “add” button as shown below.

You can see that the default network adapter assigned is NAT. On the right side, we can change it to Host-Only network as shown below. Vmware automatically creates one Host-only network adapter by default. We need to create the second Host-Only adapter manually Vmware Virtual Network Adapter. To add another adapter, click on “add” button as shown below.

 

A new sub-window will open showing you all the types of hardware which can be added. Click on the “network adapter” as we want to add a network adapter. Click on “Next”.

In the next window,select “custom” as your type of network adapter and in the dropdown box you will find our newly created Host-only Network. For me it is Vmnet3. Select that and click on “Finish”.

As you can see below, our ClearOS virtual machine now has two network adapters. Click on OK to close the settings window.

Now Power ON the machine. After a small delay, the virtual machine will Power ON.The machine will power ON and take you to the screen as shown below. Use the option “Install ClearOS ……” using arrow keys on your keyboard. Hit on Enter. Even if you don’t hit Enter, the option you highlighted will be automatically selected after some time.

The system will prompt you to hit Enter to start the installation process. Press the “Enter” key.

Select the language in which you want to run the installation process and click on “Continue”.

Next, we will be shown the Installation summary. We can change any settings of the virtual machine from here. Let’s change the Network settings from here. Click on the highlighted area.

The “Network and Hostname” window will open. By default, both the adapters will be turned OFF. We need turn it ON by toggling the switch as shown in the image below.

In ON position, it will look like below. Do this for both the adapters. Once turned ON, click on “Done” to the top left.

This will take us back to the Installation Summary page as shown below. Configure other settings if you want.

Once all the settings are configured, click on “Begin Installation”. This will start the installation process. Don’t worry if you forgot any configuration. The system will prompt you if it needs anything to be set as shown below. In this case, I forgot to set the ROOT password.

So I click on that message and set a Root password as shown below. Once the password is set, click on “Done”.

Now it shows the message “Root password is set” as shown below.

The installation process will continue and once it is finished, you will be prompted to reboot the system. Reboot the system. It will ask for credentials. Enter them and you will be greeted with a screen as shown below.

That’s it. You have successfully installed ClearOS in Vmware. Now launch into the Graphics mode console by choosing the highlighted option. You will see something like below. You will be shown the IP address of the virtual machine we just created and also how to access it from a remote machine. That’s all for now.

If you are a regular user of Kali Linux or for that matter any Ubuntu or Debian machine, you should be knowing what apt get update is. It is a simple way of updating the packages of Linux systems. Frequently many users of Kali Linux faced the problem as shown in the image given below while running the update command. This is called Kali Linux apt get update error.

Today we will see how to fix this problem. As underlined in the given image, the error occurs when verifying the signatures. What signatures is the error referring to? Just like any software nowadays, the Debian packages are supplied with a digital signature to preserve their integrity. Before downloading the packages, these signatures are verified. If these don’t match, we get an error as shown below.

To solve this problem, we need to get the new signature. This can be done using the command

wget -q -0 – archive.kali.org/archive-key.asc | apt-key add

as shown in the image shown below.

Once this is done, apt-get update command should work fine as shown below.

These days hackers are using numerous ways to get into our systems. One of them is by sending a malicious portable executable file to us or make us download the malicious executable file and execute it on our system.We have seen one such Real World Hacking Scenario in the issue of Hackercool February 2017. In this scenario we have not only seen how hackers can make malicious executable files but also how they bypass antivirus and convince the innocent users to click on those malicious files. In this howto, we will learn how to perform analysis of portable executable files.

Analysis helps us to determine what the file was intended to do once clicked. There are two types of analysis: static analysis and dynamic analysis. In static analysis the sample is analyzed without executing it whereas in dynamic analysis the sample is executed in a controlled environment. Static analysis is performed on the source code of the sample portable executable. There are various tools which help us in static analysis of portable executables. One such tool is PEframe. PEframe reveals information about suspicious files like packers, xor, digital signature, mutex, anti debug, anti virtual machine, suspicious sections and functions and much more. PEframe is open source and can be installed in Kali Linux as shown below.

Open a terminal and type the command as shown below to clone PEFrame from Github.

After PEFrame is cloned successfully, a new directory is formed with name peframe. You are automatically taken into this directory. This tool requires simplejson (a subset of JavaScript). So install it using pip command. Next, we need to run the setup.py file from the directory. Since it is a python file, we need to run the command “python setup.py” install to install PEframe.

Once the installation is finished, type command “peframe -h” to see its simple usage

Before we analyze the portable executables, let us analyze some files we created for tutorials of our magazine. The first one is msf.pdf we created using Metasploit.

As you can see in the above image, we found not only an IP address but also an url hosting some executable file. It can be assumed that as we open this pdf file, another executable will be downloaded from the IP address and executed in our system. Let us now analyze a hta file created with Metasploit next.

This file is analyzed as a HTML document with IP address and it has a library called kernel32.dll. This file probably opens a payload when clicked upon. Given below is another similar file in visual basic format.

Given below is a macro file. You can see all these files have an IP address where probably a listener is running.

Now let us analyze a portable executable file. Kali Linux has some exe files already stored in its windows-binaries folder. We will analyze the plink.exe file.

Plink.exe is a command line utility file similar to UNIX ssh. It is mostly used for automated operations. As you can see in the image given above, the program is giving more detailed information to us than the other files. The plink.exe has four sections and none of them appears to be suspicious. But the file has a packer, mutex and antidbg. The packer it used is Microsoft Visual C++ which is normally used for genuine programs.

Given above is its Antidbg and Mutex information. The dynamic link libraries it imports is also given. Given below are the apis (application programming interfaces) used by the file.

The filenames found in the portable executable are given in the image below. As you can see it has a big list of filenames.

Metadata is data about the data. Metadata reveals a lot of information about a file. Given below is the metadata of our portable executable. We can see that it is a part of Putty Suite.

Even the description of the file is given. Normally malware does not contain so much information about itself like this Plink file. Only genuine files contain so much information because they have no use to hide themselves. Now let us analyze another file. This file is also present in Kali Linux and it is a keylogger. It is klogger.exe present in the same windows-binaries folder.

As you can see in the above image, the file which has five sections has two suspicious sections and the packer it uses is ASPack v2.11. Let us have a look at its suspicious sections once.

Given below in the image are its api alerts and filenames. As you have observed, this file reveals very less information than the previous analyzed file. This in itself does not mean that the file is malicious but it gives a general idea about it. That’s all about Forensics using static analyzer PEFrame. We will be back with a new tool in our next howto.

(Article taken from our Hackercool Magazine)

In our eternal journey of learning hacking and penetration testing, we need to install or set up so many software and labs. XAMPP server is one such important installation that may be useful to us especially if we want to become expert in web hacking.

XAMPP stands for Cross-Platform (X), Apache (A), MariaDB (M), PHP (P) and Perl (P). It is a simple, lightweight Apache distribution that makes it extremely easy for developers to create a local web server for testing and deployment purposes. It is open source and very simple to set up. Once we set up Xampp Server, we can install any CMS in it to practice website hacking or web security.

In this howto, we will see how to install Xampp web server in Ubuntu 16 Desktop. This Ubuntu Desktop is installed as a virtual machine in Vmware Player ( You can also use Oracle Virtualbox). Ubuntu (or for that matter any Linux distribution) has a default web server installed. But I decided to install Xampp server for its simplicity and ease of use.

Why are we setting this up in an Ubuntu system? Because most of the web servers in real life are set up in Linux and this makes it easy for us to simulate real world hacking attacks. Now let’s get to the installation part. Go to the downloads page of Xampp server and download the appropriate version (Many people download the 64 bit version and try to install it in 32 bit OS). For this tutorial, we are using the Xampp version 5.6.23.0 32 bit version since my OS is 32 bit.

The download should complete in a short time depending on the speed of your internet. Once the download is finished, open terminal. This can be done by clicking on search app at the top left of the Ubuntu Desktop and searching for terminal.

Once the terminal is open, navigate to the Downloads folder as shown in the image below. Type “ls” command to see a .run file of XAMPP server. Use command “chmod” to change the permissions of the “run” file. Once the colour of the .run file changes, execute the file by using command “./xampp-linux-5.6.23-0-installer.run” without quotes.

If you get an error as shown below, then you are not running with root privileges which are required for executing this file.

Click on “OK” and execute the .run file with “sudo” command as shown. When it prompts for sudo password, give the password.

The setup will start as shown below. Click on “Next”.

Click on “Next” again.

The system will show you the directory in which this server is being installed. Click on “Next”.

Click on “Next” again.

The system will show you a message that it is ready to install XAMPP server on your computer. Click on “Next”.

The installation process will start as shown below. It will take a bit long of time but it should not be too longer. Just go to a small stroll and come back.

After the installation is finished, you will be shown a window as below. Make sure that the “Launch XAMPP” checkbox is enabled and click on “Finish“.

The XAMPP server application is launched as shown below.

Go to tab “Manage Servers” as shown below. Make sure that Apache web server and MYSQL database servers are running. If any service is not running, you can start them using buttons given below. The services should be green in colour.

Now let’s see if you can access the phpmyadmin of the web server. PHPmyadmin allows yo- u to manage databases from the browser, Open a browser and type “localhost/phpmyadmin” in the tab to access phpmyadmin.  If everything went well, you should see this page shown below.

Now let’s see if we can access a website on the web server. In the browser window, just type “localhost” without quotes and you should see the webpage given below. This is the default webpage of XAMPP server.

Everything is set with our XAMPP web server. The XAMPP server can be started or stopped form the terminal using given commands as shown below.

 

 

 

Hello aspiring hackers. Today we will learn about Linux Configuration Enumeration POST Exploit. After getting a successful meterpreter session on the target Linux system (as shown here or here), the next logical step is to perform some enumeration on the target Linux machine. Metasploit has many POST exploits corresponding to Linux enumeration.

The first module we will see is Linux configuration enumeration. The enum_configs module is used to collect information from the configuration files found of applications commonly installed in the system. These applications may include Apache, Nginx, Snort, MySQL, Samba, Sendmail, sysctl, cups, lampp and SNMP etc. This POST module searches for a config file in the application’s default path and if the application exists on the target system, the module will download the files and store it.

If the application doesn’t exist or the config file is moved from its default location, this module will display the “file not found” message. (Just like any POST exploit or as shown in the shell_to_meterpreter exploit, we need to background the current session and load the POST module as shown above. Then set the session id and run the exploit). Here is the enum configs module in action as shown below.

 

 

Hello aspiring hackers. In this howto we will learn about WordPress Mobile Detector Plugin  upload and execute module .WordPress is a free and open-source content management system (CMS) based on PHP and MySQL. It is very popular not only for the ease with which a website can be set up using it, but also how simply multiple plugins and themes can be added in it to give extended functionality without much hassle. But these plugins can pose a high security risk if not properly coded.

One such plugin is WordPress Mobile Detector. This plugin is used to display content on WordPress sites in a format suitable for phones and tablet devices. This plugin is used mostly by business users. Version 3.5 of this plugin is affected with file upload vulnerability. A hacker can upload malicious arbitrary files and execute them.

Let us see how this module works. Load the module and check the options it requires as shown below.

The options this module requires are the remote host address (target address), the targeturi and the local host address (IP address of Kali Linux). The only thing that can go wrong in setting options is that of targeturi, the location where WordPress is installed. If you set it wrong, this module may not work. Check if the target is indeed running the vulnerable version of the plugin using the “check” command.

Execute the modue using the “run” command. If everything went well, you should get a meterpreter shell on the target machine as shown below. You can see in the image below as to how this exploit works. This vulnerability is an arbitrary file upload vulnerability which allows hackers to upload any file into the target web server So this module first creates a malicious file, hosts it on a web server and uploads it into the target web server using this vulnerability.

We will be back with a new exploit next time. Until then, Goodbye.

Hello aspiring hackers, as you already know, the latest version of Kali, Kali rolling edition 2017.3 has been released. In this howto, we will see how to install Kali Linux 2017.3 in VirtualBox. The newest edition of Kali Linux gives users the best of all worlds – the stability of Debian, together with the latest versions of the many outstanding penetration testing tools created and shared by the information security community. The best feature I like in this version is constantly updated tools. Now let us start with the installation part. Download the latest version of Kali Linux from here.

For this howto, we will use VirtualBox version 5.30 (the latest version till date) which can be downloaded from here. Before we start the installation there’s a small step we need to perform. Enabling Virtualization technology in the host (the system on which VirtualBox is installed or being installed).

Virtualization is a feature included in processors which when enabled will help in accelerating virtual machines used by Virtualbox, Vmware or Hyper-V. Intel Processors have Intel-VTx and  AMD processors have AMD-V hardware acceleration features. I don’t know what exactly is the reason but this feature is disabled by default in modern CPU’s. This feature can be enabled by booting into the BIOS or UEFI.

The BIOS key is different for different PC brands. Here I have given the BIOS hot keys for some popular PC brands I collected from internet.

Acer – Del or F2                                                                                                                                Asus – Del, F2 or F9                                                                                                                            Acer – Del or F2                                                                                                                                  Compaq Presario – F10                                                                                                                        Dell – F2 or F12                                                                                                                                      HP – Esc or F10                                                                                                                                      Lenovo -F1 or F2                                                                                                                                    Samsung – F2                                                                                                                                        Sony – F2                                                                                                                                        Toshiba – Esc, F1 or F12

To boot into BIOS, you need to restart the system and start pressing the respective hot key for your PC brand. Once you boot into BIOS,you will see a screen as shown below. This is a BIOS screen for a Lenovo system.

Enable that feature as shown below and Save the options and exit.

With that taken care of,  Open Virtualbox and go to “Machine” and click on “New” or hold “CTRL+N”. The below window will pop up.

Click on “Expert Mode” and the window should transform as shown below.

Choose the name for your virtual machine. I named it Kali 2017.3. Choose the OS type as “Linux” and version as “Debian(32 bit)” ( since I am installing 32bit version.). Allocate memory of atleast 1GB. Keep other options default and click on “Create”.

Allocate hard disk size around 14GB or minimum 10GB and click on “Create”.

A virtual machine is created. Now open its settings, go to system settings and enable the PAE/NX feature as shown below.

Turn on the Virtual machine. It should start up as shown below.

Browse to the ISO file of Kali Linux we downloaded.

In our previous guides, we were performing Install. For a change, we will do the Graphical Install this time. Select the Graphical Install Option.

Choose the language as “English” or as applicable. Click on “Continue“.

Select the location of your choice. I chose “India.” Click on “Continue“.

Choose your keyboard. Click on “Continue“.

The system will load some additional components and then prompt you for the hostname. Enter hostname and click on  the “Continue” button.

Give any domain name if you want. However it is optional. You can even leave it blank. Click on  “Continue”.

The system will prompt you to set the root password. Enter the root password, confirm it  and click on “Continue.”

The system will prompt you to partition disks. If you are not sure what to do or a novice, choose “Guide-use entire disk” option. Click on “Continue“.

Click on “Continue“.

Select the partitioning scheme of your choice. If you are a new user, choose the first option as recommended. Click on “Continue“.

Then we will be shown an overview of current settings we chose. Choose the option “Finish partitioning and write changes to disk.” and Click on “Continue“.

Select the option “Yes” to write the changes to disk. Click on “Continue”.

The installation will start. It will take a bit of time to be finished.

In the middle of the process, you will be prompted if you want to use a network mirror. select “No” or “Yes” according to your choice. I chose “YES”.

In the “Proxy” window, leave it blank and Click on “Continue“.

Then system will ask you whether to install the grub Boot loader or not. Select “Yes” and click on “Continue“.

Select the highlighted option and click on “Continue”.

When the installation is completed, the system will ask you to boot into the system. Click on “Continue” to perform this.

The system will reboot into the operating system. Enter the username as “root” and the password as configured above. Now comes the most interesting but contentious part. Yes, installation of guest additions. Open a terminal and type command “apt update && apt -y dist-upgrade” without quotes. This will update system to the latest packages and repositories.

Reboot the system using “reboot” command to make sure system is updated.  Now to install Guest Additions, type command “apt -y install virtualbox-guest-x11” without quotes in the terminal. This will take some time so don’t panic. Just wait and watch.

Reboot  the system again. This will successfully install Guest Additions in Kali. Hope this was helpful. If you face any problems during installation, please leave a comment below. Thanks.

In the previous howto, we have seen how to research about a vulnerability in the FTP service running on our target system and exploit it to gain a shell on that system. In this howto, we will  see hacking the SSH service running on port 22. It can be seen that the target is running OPenSSH 4.7p1 SSH server.

I googled about the above mentioned version to find out if it had any vulnerabilities and exploits for those vulnerabilities. After an arduous search, I found one exploit but that seemed to be not working (Its not always a positive result in hacking).

Remember that we already gained a shell on the SSH server in one of our previous howtos. We did this using the credentials we obtained during enumeration of the target system. (This is why enumeration is so important). We used this credentials in a Metasploit SSH login module to get a shell on our target system.

This time we will see another way of gaining access to the SSH server using the same module. This SSH login module can also be used to brute force the credentials of the SSH server. Let’s see how it works. Load the module and check the required options.

In order to brute force the credentials, we need to specify a dictionary for cracking username- s and passwords in the similar fashion we set while using Hydra. We will use the same dictionary we have used while performing password cracking with Hydra.

I have set the same file for both username and passwords. To conserve time I have set the option “stop_on_success” to True. This option will stop the brute forcing if it finds even one login credential. I have set the “verbose” option also to TRUE. This module is normally used to brute force multiple SSH servers at once. That’s the reason it has “RHOSTS” option instead of “RHOST” option. Any how we can still set a single IP as target. All the options are shown as below.

After all the options are set, execute the exploit using the command “run”.

Once the password is cracked successfully, the module displays the credentials and automatically gives us a shell on the target system as shown in the above image. The available sessions can be viewed as shown below.

We can also login into the SSH server using the credentials we obtained prior as shown below.

Hello aspiring hackers. The exploit we will see today is a POST exploitation Metasploit exploit that performs Powershell enumeration in Windows. Windows PowerShell is a task automation and configuration management framework designed by Microsoft which consists of a command line shell and associated scripting language built on the .NET Framework and .NET Core.

PowerShell provides full access to COM and WMI, enabling administrators to perform administrative tasks on both local and remote Windows systems. Its same as a command line shell but powershell is more powerful than CMD. It is a very helpful tool for network asministrators. If used properly, it can also be used by hackers to the full potential.

But we need to know about the Powershell settings installed on the target system for this. This powershell enumeration module exactly does that for us. Let us see how this module works. Just like any Metasploit POST module, we need to have a valid meterpreter session to run this module. Background the current meterpreter session and load the powershell environment enumeration module as shown below. Type command “info” to view the information about this module as shown below.

Type command “show options” to view the options to be configured. Set the session ID of the meterpreter session we just sent to background and execute the module using command “run”.

As you can see in the image above, our module successfully completed powershell enumeration of the target machine. Powershell version 2.0 is installed on our target system an there are no powershell snap-ins are installed. It seems none of the users have powershell profiles.

Hello aspiring hackers. The module we will learn about today is the Git Submodule Command Execution Exploit. If you are a developer, cyber security enthusiast or at least a computer user, you should have definitely used (or heard about) Github. Git is an open source version control system developed by none other than the awesome Linus Trovalds (yes the same guy who created Linux).

It is a system designed to keep in touch with constant changes made to the code of software by developers. GitHub is a popular hub where developers store their projects and network with like minded people. Github stores information in a data structure called a repository. The particular module exploits a vulnerability in Git submodule.

Git submodules allow users to attach an external repository inside another repository at a specific path.This vulnerability in the Git submodule can be exploited by an attacker who can change the URL of a sub- module in a repository. This URL in the submodule can be changed to point towards a malicious link.

This module is a local exploit and works on Git versions 2.7.5 and lower. Now let us see how this module works. Start Metasploit and load the exploit as shown below. Type command “show options” to see all the options we need for this module to run.

First, we need to configure the malicious Git server. Set the options : LHOST, git_uri and Iport options as shown below. The git_uri option sets the malicious git submodule. Use command “run” to start our Git server. As the user git clones from our URL, we will get a command session on the target.

Now we need to send this malicious Git url to our intended victims. Probably it should be set as a software to convince the users to clone into their machine. Here we are testing this on KaIi Linux 2016 machine which has the vulnerable version of Git installed. We need to instruct the user to update the submodule just cloned. Let us see what happens on the victim machine.

As this happens in our victim system, we will already get a command shell on our attacker system as shown below.

We can see the active sessions using the command “sessions”.