Friday, May 31, 2013

HOWTO : Compile x86 software on x86_64 Ubuntu

Step 1 :

Make sure you are using x86_64 Ubuntu system.

sudo apt-get install build-essential gcc-multilib

Step 2 :

Suppose you are using x86_64 system and want to compile a x86 version software.

gcc -m32 test.c -o test

file test

That's all! See you.

Tuesday, May 28, 2013

HOWTO : TP-Link TL-MR3020 as WiFi Pineapple Made Easy


PLEASE CONSIDER THIS ARTICLE IS OUT-DATED AS THE PINEAPPLE FIRMWARE IS NO LONGER SUPPORTED BY THE ORIGINAL AUTHOR. MEANWHILE, THE FIRMWARE IS ALSO VULNERABLE. PLEASE DO NOT TRY TO DO IT. I DO NOT SUPPORT IT ANYMORE TOO. THANKS.

Please be informed that this tutorial is written for Pineapple Mark IV only

Hardware

(1) TP-Link TL-MR3020
(2) SanDisk Cruzer Fit USB Flash Drive (8GB)

Software

(1) OpenWrt
(2) Wifi Pineapple firmware

Wifi Pineapple is created by Hak5. It is quite expensive device. It is also named as Jasager (in German). The meaning in English is "Yes Man".

Wifi Pineapple is the Rouge Wifi Access Point (AP) to answer “Yes” to all Wifi probe requests by mobile devices.

If a Wifi client is looking for the SSID of Macdonld the Pineapple (or Jasager) will reply “That’s Me!”. If another Wifi client is looking for an SSID of Starbucks, again the Pineapple will reply “That's Me!”

Once victims' mobile devices connected to Wifi Pineapple, you can carry out a Man-in-the-Middle attack against the victims.

Now, we are going to make a custom Wifi Pineapple in a much cheaper price, e.g about $30-USD or less in a much more simply way. (Please note that the previous tutorial is out-dated and incompleted, do NOT follow it.)

Step 1 :

To download the OpenWRT (Attitude Adjustment 12.09, r36088 - at this time of writing) :

If you are fresh install from the stock version of the TP-Link TL-MR3020 -
wget http://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/generic/openwrt-ar71xx-generic-tl-mr3020-v1-squashfs-factory.bin

If you are upgrade from the previous installed OpenWRT -
wget http://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/generic/openwrt-ar71xx-generic-tl-mr3020-v1-squashfs-sysupgrade.bin

Configure your computer to static IP address :

IP address : 192.168.0.10
Gateway : 192.168.0.1


Connect the TL-MR3020 to your computer with cable. The default IP address of stock TP-Link TL-MR3020 is 192.168.0.254. Then browse to the stock IP address.

The username and password of the stock TP-Link TL-MR3020 are both "admin".

Go to the "System Tools" -- "Firmware Upgrade" to upgrade from the just downloaded .bin file.

Step 2 :

Once upgraded to OpenWRT, your device's IP address will changed to 192.168.1.1.

Configure your computer to static IP address :

IP address : 192.168.1.10
Gateway : 192.168.1.1


Then set the very STRONG root password at "System" -- "Administration".

Go to "System" -- "System" to set the timezone.

To enable wireless at "Network" -- "Wifi".

To enable DHCP at "Network" - "Interfaces" - "Edit" - select "DHCP Client" and select "OpenWrt" by clicking "Switch Protocol". If you take too much time to re-load the page, it is fine. It is because the IP address cannot be get. Just go ahead.

Now, connect your ethernet cable to the TL-MR3020 and your existing router. Connect your computer to the TL-MR3020 via wifi and the SSID is "OpenWrt".

Once you get the IP address, such as 192.168.1.100, you can connect to the TL-MR3020 via ssh.

ssh 192.168.1.100 -lroot

Enter your just created very STRONG root password.

Install the following packages :

opkg update
opkg install kmod-usb-storage
opkg install kmod-fs-ext4
opkg install block-mount


Step 3 :

Format your USB pendrive (8GB) as ext4 and swap, e.g. 2GB for swap (sda1) and 6GB for ext4 (sda2).

Then insert the USB pendrive to the TL-MR3020. Execute the following command line by line.

mkdir -p /mnt/sda2
mount /dev/sda2 /mnt/sda2
mkdir -p /tmp/cproot
mount --bind / /tmp/cproot
tar -C /tmp/cproot -cvf - . | tar -C /mnt/sda2 -xf -
umount /tmp/cproot
umount /mnt/sda2


Step 4 :

/etc/init.d/fstab enable
/etc/init.d/fstab start


vi /etc/config/fstab

Change the content as the following :

config mount
        option target /
        option device /dev/sda2
        option fstype ext4
        option options rw,sync
        option enabled 1
        option enabled_fsck 0

config swap
        option device /dev/sda1
        option enabled 1


The following is the command for the vi if you do not familiar with vi :

i - go to the insert mode and ready for edit
Esc - exit from insert mode
:w - write the changes to the file
:q - quit the vi

Then type the following command to reboot the device :

reboot

Once it boot up again, you login to it via ssh.

To check if the USB pendrive is mounted as "/" or not :

mount
df


Step 5 :

Turn off the TL-MR3020 and take the USB Pendrive out from the TL-MR3020 and insert to your computer.

Back up the USB Pendrive to your computer.

mkdir mr3020
sudo cp -R /media/1234....1123/* ~/mr3020/
sudo cp -R ~/mr3020/lib ~/mr3020/lib-original


*** Where /media/1234....1123/ is different from yours.

You also need to make a backup of the /lib directory.

Do not take out the USB Pendrive from your computer.

Step 6 :

Download the upgrade package of Pineapple to your computer, such as Ubuntu :

wget http://wifipineapple.com/index.php?downloads&downloadUpgrade=2.8.1

Install unsquashfs on your Ubuntu if you do not have it :

sudo apt-get install squashfs-tools

Extract the files from the upgrade-2.8.1.bin :

unsquashfs upgrade-2.8.1.bin

cd squashfs-root


Copy the requested directories to the USB Pendrive.

sudo cp -R bin/* /media/1234....1123/bin/
sudo cp -R sbin/* /media/1234....1123/sbin/
sudo cp -R usr/* /media/1234....1123/usr/
sudo cp -R etc/* /media/1234....1123/etc/
sudo cp -R www/* /media/1234....1123/www/
sudo cp -R pineapple /media/1234....1123/
sudo cp -R lib/firmware/* /media/1234....1123/lib/firmware/
sudo cp lib/* /media/1234....1123/lib/
sudo cp lib/wifi/* /media/1234....1123/lib/wifi/

sudo cp ~/mr3020/etc/config/fstab /media/1234....1123/etc/config/
sudo cp ~/mr3020/etc/passwd /media/1234....1123/etc/
sudo cp ~/mr3020/etc/shadow /media/1234....1123/etc/
sudo cp -R ~/mr3020/lib-original /media/1234....1123/


Step 6a :

To allow the victim to surf the internet via Pineapple, you need to change the DNS and Gateway at /etc/config/dhcp /etc/config/network from 172.16.42.1 to 172.16.42.42.

Step 7 :

Insert back the USB Pendrive to TL-MR3020.

The Pineapple SSID will be "pineapple 0:37'". The username is "root" and the password is your very STRONG password.

Step 8 (Connectivity) :

The following is one of the ways to use the Pineapple (TL-MR3020) by the way of tethering :

Connect your laptop to internet via wireless or 3G.

Set Wired Connection at the Network Manager of the Ubuntu to :

Uncheck Connect Automatically at the wired connection of Network Manager of Ubuntu.

Then connect the CAT5/5e/6 cable to the Pineapple and your laptop.

At the laptop, download the script.

wget http://wifipineapple.com/wp4.sh
chmod +x wp4.sh
sudo ./wp4.sh




The source code of wp4.sh :



Now, your computer (laptop) can access internet and also can access the TL-MR3020. Victims can also access the internet when they connected to your Pineapple.

Once you want to reset what wp4.sh set, you need to run the following script that is created by me.

sudo ./killwp4.sh



When the TL-MR3020 is rebooted, you need to run wp4.sh again to get the access.

Important

There are TWO important things you should NOT do, otherwise, you will brick the TL-MR3020. They are :

First - Do NOT upgrade the OpenWrt from the web interface as the USB pendrive will not be mounted. Unless, you install the related packages again as above stated.

Second - Do NOT upgrade the Pineapple in the normal way. Make sure keep away from the /lib directory. Or, if you have a backup, you can copy the /lib directory back.

Third - Do NOT long press the "WPS/Reset" button on the TL-MR3020; otherwise, the OpenWrt will be reset and the USB pendrive cannot be mounted. Unless, you install the related packages again as above stated.

Fourth - Some infusions (or modules) cannot be installed as it required to install to USB storage but you have not. (the user of Hak5 forum, newbi3, advised the solution and I think this solution is the best.)

Remarks

The Karma is not so powerful as the Android 4.0.4 or up will not do the probe requests. Meanwhile, victims need to connect to the open network instead of encrypted. Otherwise, Karma will not work.

The final word is that I think we can build one with the same steps and procedure for TP-Link TL-WR1043ND and TP-Link WR703N too. However, it may take risk. Make sure you have the same version/revision of the router and the OpenWrt firmware. Otherwise, you may brick the router. I Just bricked a TP-Link TL-MR3220v2 :P.

Reference

Blue for the Pineapple
The beginners guide to breaking website security with nothing more than a Pineapple
Getting Started with the Wi-Fi Pineapple IV (Video)
Security4Plus Youtube Channel (Video)
How To: Configure a WiFi Pineapple For Use With Mac OS X (Video)
The Wifi Pineapple Book - Free Download
WiFi Pineapple – First Impression
You just can't trust wireless: covertly hijacking wifi and stealing passwords using sslstrip
All about WiFi Pineapple (Video)

That's all! See you.

Friday, May 24, 2013

HOWTO : TP-Link TL-MR3020 (Pocket Router) as Wifi Pineapple


PLEASE CONSIDER THIS ARTICLE IS OUT-DATED AS THE PINEAPPLE FIRMWARE IS NO LONGER SUPPORTED BY THE ORIGINAL AUTHOR. MEANWHILE, THE FIRMWARE IS ALSO VULNERABLE. PLEASE DO NOT TRY TO DO IT. I DO NOT SUPPORT IT ANYMORE TOO. THANKS.



PLEASE DO NOT FOLLOW THIS TUTORIAL TO SETUP YOUR DIY WIFI PINEAPPLE AS IT IS OUT-DATED AND NOT COMPLETED. A 100% WORKABLE AND SIMPLE TUTORIAL IS HERE.


Hardware

(1) TP-Link TL-MR3020
(2) SanDisk Cruzer Fit USB Flash Drive (8GB)

Software

(1) OpenWrt
(2) Wifi Pineapple Web Interface
(3) Wifi Pineapple (some of the configure, library and program files only)

Wifi Pineapple is created by Hak5. It is quite expensive device. It is also named as Jasager (in German). The meaning in English is "Yes Man".

Wifi Pineapple is the Wifi Access Point (AP) to answer “Yes” to all Wifi connection.

If a Wifi client is looking for the SSID of Macdonld the Pineapple (or Jasager) will reply “That’s Me!”. If another Wifi client is looking for an SSID of Starbucks, again the Pineapple will reply “That's Me!”

From this stage you can attack WiFi clients and perfrom Man-in-The-Middle (MiTM) attacks on victims internet traffic!.

Now, we are going to make a custom Wifi Pineapple in a much cheaper price, e.g about $30-USD or less.

Step 1 :

To download the OpenWRT (Attitude Adjustment 12.09, r36088 - at this time of writing) :

If you are fresh install from the stock version of the TP-Link TL-MR3020 -
wget http://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/generic/openwrt-ar71xx-generic-tl-mr3020-v1-squashfs-factory.bin

If you are upgrade from the previous installed OpenWRT -
wget http://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/generic/openwrt-ar71xx-generic-tl-mr3020-v1-squashfs-sysupgrade.bin

Configure your computer to static IP address :

IP address : 192.168.0.10
Gateway : 192.168.0.1


The default IP address of stock TP-Link TL-MR3020 is 192.168.0.254.

The username and password of the stock TP-Link TL-MR3020 are both "admin".

Go to the "System Tools" -- "Firmware Upgrade" to upgrade from the just downloaded .bin file.

Step 2 :

Once upgraded to OpenWRT, your device's IP address will changed to 192.168.1.1.

Then set the very STRONG root password at "System" -- "Administration".

To enable wireless at "Network" -- "Wifi".

To enable DHCP at "Network" - "Interfaces" - "Edit" - select "DHCP Client" and "OpenWrt".

Now, connect your ethernet cable to the TL-MR3020. Connect your computer to the TL-MR3020 via wifi and the SSID is "OpenWrt".

Once you get the IP address, such as 192.168.1.100, you can connect to the TL-MR3020 via ssh.

ssh 192.168.1.100 -lroot

Enter your just created very STRONG root password.

Install the following packages :

opkg update
opkg install kmod-usb-storage
opkg install kmod-fs-ext4
opkg install block-mount


Step 3 :

Format your USB pendrive (8GB) as ext4 and swap, e.g. 2GB for swap (sda1) and 6GB for ext4 (sda2).

Then insert the USB pendrive to the TL-MR3020. Execute the following command line by line.

mkdir -p /mnt/sda2
mount /dev/sda2 /mnt/sda2
mkdir -p /tmp/cproot
mount --bind / /tmp/cproot
tar -C /tmp/cproot -cvf - . | tar -C /mnt/sda2 -xf -
umount /tmp/cproot
umount /mnt/sda2


Step 4 :

/etc/init.d/fstab enable
/etc/init.d/fstab start


vi /etc/config/fstab

Change the content as the following :

config mount
        option target /
        option device /dev/sda2
        option fstype ext4
        option options rw,sync
        option enabled 1
        option enabled_fsck 0

config swap
        option device /dev/sda1
        option enabled 1


The following is the command for the vi if you do not familiar with vi :

i - go to the insert mode and ready for edit
Esc - exit from insert mode
:w - write the changes to the file
:q - quit the vi

Then type the following command to reboot the device :

reboot

Once it boot up again, you login to it via ssh.

To check if the USB pendrive is mounted as "/" or not :

mount
df


Then install any package that you like, such as :

opkg update
opkg install nano
opkg install htop
opkg install bash
opkg install netcat
opkg install tar
opkg install openssh-sftp-client
opkg install nmap
opkg install tcpdump
opkg install aircrack-ng
opkg install kismet-client
opkg install kismet-server
opkg install nbtscan
opkg install snort
# karma should be installed
opkg install karma
opkg install samba36-client
opkg install elinks
opkg install yafc
opkg install python
opkg install uhttpd
# at should be installed
opkg install at
opkg install ethtool
opkg install ettercap
opkg install macchanger
opkg install netstat-nat
opkg install reaver
opkg install sslsniff
opkg install sslstrip
opkg install wget
opkg install wput
opkg install curl
# libnids should be installed
opkg install libnids
# php5 and php5-cgi should be installed
opkg install php5
opkg install php5-cgi


/etc/init.d/atd enable
/etc/init.d/atd start
touch /var/spool/cron/atjobs/.SEQ


Step 5 :

Download the upgrade package of Pineapple to your computer, such as Ubuntu :

wget http://wifipineapple.com/index.php?downloads&downloadUpgrade=2.8.1

Install unsquashfs on your Ubuntu if you do not have it :

sudo apt-get install squashfs-tools

Extract the files from the upgrade-2.8.1.bin :

unsquashfs upgrade-2.8.1.bin

cd squashfs-root


Copy the following files to the TL-MR3020 via ssh :

Should disabled the "Wireless" at the Pineapple webpage before doing the following commands :

scp /home/samiux/test/squashfs-root/usr/sbin/wpad root@192.168.1.100:/usr/sbin

Make sure you restart the "Wireless" after done.

scp /home/samiux/test/squashfs-root/usr/sbin/hostapd_cli root@192.168.1.100:/usr/sbin
scp /home/samiux/test/squashfs-root/lib/wifi/hostapd.sh root@192.168.1.100:/lib/wifi


Step 6 :

Download the Pineapple Web Interface source code to /home/samiux/test/pineapple :

sudo apt-get install git
git clone https://github.com/WiFiPineapple/web-interface.git /home/samiux/test/pineapple


Replace the uncompatiable commands :

grep -lr -e 'ps auxww' /home/samiux/test/pineapple/* | xargs sed -i 's/ps auxww/ps/g'
grep -lr -e 'ps aux' /home/samiux/test/pineapple/* | xargs sed -i 's/ps aux/ps/g'
grep -lr -e 'ps -all' /home/samiux/test/pineapple/* | xargs sed -i 's/ps -all/ps/g'


Then copy the directories to the TL-MT3020 via ssh :

scp -r /home/samiux/test/pineapple/ root@192.168.1.100:/

Download or copy the following files to "/home/samiux/test" :

/etc/config/dhcp :


/etc/config/firewall :


/etc/config/network :


/etc/config/uhttpd :


/etc/php.ini :


Then copy the following files to the TL-MR3020 via ssh :

scp /home/samiux/test/dhcp root@192.168.1.100:/etc/config
scp /home/samiux/test/firewall root@192.168.1.100:/etc/config
scp /home/samiux/test/network root@192.168.1.100:/etc/config
scp /home/samiux/test/uhttpd root@192.168.1.100:/etc/config
scp /home/samiux/test/php.ini root@192.168.1.100:/etc


Step 6a :

scp /home/samiux/test/squashfs-root/usr/sbin/autossh root@192.168.1.100:/usr/sbin/
scp /home/samiux/test/squashfs-root/usr/sbin/chat root@192.168.1.100:/usr/sbin/
scp /home/samiux/test/squashfs-root/usr/sbin/dnsspoof root@192.168.1.100:/usr/sbin/
scp /home/samiux/test/squashfs-root/usr/sbin/dsniff root@192.168.1.100:/usr/sbin/
scp /home/samiux/test/squashfs-root/usr/sbin/empty root@192.168.1.100:/usr/sbin/
scp /home/samiux/test/squashfs-root/usr/sbin/filesnarf root@192.168.1.100:/usr/sbin/
scp /home/samiux/test/squashfs-root/usr/sbin/macof root@192.168.1.100:/usr/sbin/
scp /home/samiux/test/squashfs-root/usr/sbin/mailsnarf root@192.168.1.100:/usr/sbin/
scp /home/samiux/test/squashfs-root/usr/sbin/msgsnarf root@192.168.1.100:/usr/sbin/
scp /home/samiux/test/squashfs-root/usr/sbin/sshmitm root@192.168.1.100:/usr/sbin/
scp /home/samiux/test/squashfs-root/usr/sbin/sshow root@192.168.1.100:/usr/sbin/
scp /home/samiux/test/squashfs-root/usr/sbin/tcpkill root@192.168.1.100:/usr/sbin/
scp /home/samiux/test/squashfs-root/usr/sbin/tcpnice root@192.168.1.100:/usr/sbin/
scp /home/samiux/test/squashfs-root/usr/sbin/urlsnarf root@192.168.1.100:/usr/sbin/
scp /home/samiux/test/squashfs-root/usr/sbin/update-usbids.sh root@192.168.1.100:/usr/sbin/
scp /home/samiux/test/squashfs-root/usr/sbin/webmitm root@192.168.1.100:/usr/sbin/

scp /home/samiux/test/squashfs-root/lib/librpc.so root@192.168.1.100:/lib/
scp /home/samiux/test/squashfs-root/lib/libuClibc-0.9.33.2.so root@192.168.1.100:/lib/


scp -r /home/samiux/test/squashfs-root/etc/chatscripts root@192.168.1.100:/etc/
scp -r /home/samiux/test/squashfs-root/etc/gcom root@192.168.1.100:/etc/
scp -r /home/samiux/test/squashfs-root/etc/usb_modeswitch.d root@192.168.1.100:/etc/


scp /home/samiux/test/squashfs-root/www/* root@192.168.1.100:/www/

Remarks :

The more simply way is to insert the USB pendrive to your computer and copy the said files to the USB pendrive from /home/samiux/squashfs-root or /home/samiux/test by using sudo command. However, you should make sure that you have completed up to Step 4.

Step 7 :

ssh 192.168.1.100 -lroot

Any upgrade/update from the Pineapple will brick your TL-MR3020, so you need to disable it.

touch index.php /www/
mv /pineapple/pages/upgrade.php /pineapple/pages/not-upgrade.php
touch /pineapple/pages/upgrade.php


Step 8 :

nano /etc/rc.local

hostapd_cli -p /var/run/hostapd-phy0 karma_enable


vi /etc/config/httpd.conf

Append the following :

/:root:$p$root

Reboot the TL-MR3020 :

reboot

After boot up, point your browser to the following url :

http://172.16.42.1:1471

Enter username as "root" and password as your very STRONG root password.

The SSID is "OpenWrt".

Step 9 (Connectivity) :

The following is one of the ways to use the Pineapple (TL-MR3020) by the way of tethering :

Connect your laptop to internet via wireless or 3G.

Set Wired Connection at the Network Manager of the Ubuntu to :

Uncheck Connect Automatically at the wired connection of Network Manager of Ubuntu.

Then connect the CAT5/5e/6 cable to the Pineapple and your laptop.

At the laptop, download the script.

wget http://wifipineapple.com/wp4.sh
chmod +x wp4.sh
sudo ./wp4.sh




The source code of wp4.sh :



Now, your computer (laptop) can access internet and also can access the TL-MR3020. Victims can also access the internet when they connected to your Pineapple.

Once you want to reset what wp4.sh set, you need to run the following script that is created by me.

sudo ./killwp4.sh



Step 10 (Optional) :

The following is one of the ways to use the Pineapple (TL-MR3020) with router or alike :

Change the content of the file "/etc/config/network" to the following :

If your router (such as mobile phone with tethering function) IP address range is 192.168.1.x, you can change the IP address of TL-MR3020 to 192.168.1.10 and the gateway as the gateway of your router (such as mobile phone) :

option ipaddr '192.168.1.10'
option netmask '255.255.255.0'
option gateway '192.168.1.1'
option dns '8.8.8.8'


Important

There are TWO important things you should NOT do, otherwise, you will brick the TL-MR3020. They are :

First - Do NOT upgrade the OpenWrt;
Second - Do NOT upgrade the Pineapple in the normal way.


Known Issue

After several days struggle in setting up TP-Link TL-MR3020 Pineapple, I try to test the Karma function. However, I have some problems on it.

For the Karma, I expected that the rouge access point that making by Karma will accept all connections from the nearby victim devices when they are turning on their wifi and looking for their desired networks. However, my TP-Link MR3020 does not working as I expected.

How it does not work?

I have a WPA2 CCMP encrypted access point and her SSID is HelloWorld. My DIY Pineapple's Karma SSID is OpenWrt without any encryption (open).

When I create a new network "OpenWrt" on my Android phone, my phone does not connect to the OpenWrt but connected to HellowWorld instead as I connected to it before.

Secondary, I need to connect to OpenWrt manually. I disabled the wifi function on my phone and then enabled it again. My phone will connect to the OpenWrt automatically even I have connected to Helloworld before.

Thirdly, even the HelloWorld is turned off, my phone cannot connect to OpenWrt automatically if it is not connected to it before.

My questions are :

(1) How can the Karma on my DIY Pineapple to pick up all the connections from the nearby victim devices even they do not connect to my Pineapple SSID manually?

(2) Do I misunderstand the function or feature of Karma? Or, my DIY Pineapple is not working properly only?


Reference

Blue for the Pineapple
The beginners guide to breaking website security with nothing more than a Pineapple
Getting Started with the Wi-Fi Pineapple IV (Video)
Security4Plus Youtube Channel (Video)
How To: Configure a WiFi Pineapple For Use With Mac OS X (Video)
The Wifi Pineapple Book - Free Download

That's all! See you.

Tuesday, May 21, 2013

HOWTO : Nessus on Ubuntu Desktop 12.04 LTS

Step 1 :

Go to the following link to download you copy of Nessus.

http://www.tenable.com/products/nessus/select-your-operating-system

For 32-bit :
wget "http://downloads.nessus.org/nessus3dl.php?file=Nessus-5.2.1-ubuntu1110_i386.deb&licence_accept=yes&t=8bd3179e2669137382555cb07611a795&__utma=96148739.876193166.1369081770.1369081770.1369084100.2&__utmb=96148739.3.10.1369084100&__utmc=96148739&__utmx=-&__utmz=96148739.1369084100.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided)&__utmv=-&__utmk=236900745" -O Nessus-5.2.1-ubuntu1110_i386.deb

For 64-bit :
wget "http://downloads.nessus.org/nessus3dl.php?file=Nessus-5.2.1-ubuntu1110_amd64.deb&licence_accept=yes&t=8bd3179e2669137382555cb07611a795&__utma=96148739.876193166.1369081770.1369081770.1369084100.2&__utmb=96148739.3.10.1369084100&__utmc=96148739&__utmx=-&__utmz=96148739.1369084100.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided)&__utmv=-&__utmk=236900745" -O Nessus-5.2.1-ubuntu1110_amd64.deb

Step 2 :

sudo dpkg -i Nessus-5.2.1-ubuntu1110_i386.deb

or

sudo dpkg -i Nessus-5.2.1-ubuntu1110_adm64.deb

Go to the following link to register your Nessus Plugin feed :

http://www.tenable.com/products/nessus/nessus-homefeed

sudo /etc/init.d/nessusd start

Point your Firefox to :

https://localhost:8834/

Follow the instructions on the browser.

Activate your Nessus plugin feed via the received email.

After that, you should disable the nessusd from being loaded automatically when bootup.

sudo update-rc.d nessusd disable

Step 3 :

To run it.

sudo /etc/init.d/nessusd start

Point your Firefox to :

https://localhost:8834/

That's all! See you.

HOWTO : edb-debugger on Ubuntu Desktop 12.04 LTS

When we are doing debugging work on Windows system, we will use Immunity Debugger or Olldbg. Those are very good debuggers for Windows system. When doing debugging work on Linux, there is a command line version, namely GDB (The GNU Project Debugger). How about the GUI version of Linux debugger? Yes, there is one available, it is namely Evan's Debugger (edb-debugger).

Step 1 :

sudo apt-get update
sudo apt-get install libqt4-dev libboost1.48-all-dev subversion


Step 2 :

sudo -sH
cd /opt

svn checkout http://edb-debugger.googlecode.com/svn/trunk/ edb-debugger
cd edb-debugger
qmake
make
make install


Step 3 :

To run it. You can run it at any directory.

sudo -sH
edb


If you run it for the first time, you will be prompted for not loading some plugins, you can solve it when the pop up windows showing up.

Preferences -- Directories

Symbol Directory : /opt/edb-debugger
Plugin Directory : /lib64/edb
Session Directory : /opt/edb-debugger


That's all! See you.

Sunday, May 19, 2013

HOWTO : Metagoofil on Ubuntu Desktop 12.04 LTS

Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,docx,pptx,xlsx) belonging to a target company.

The tool will perform a search in Google to identify and download the documents to local disk and then will extract the metadata with different libraries like Hachoir, PdfMiner and others. With the results it will generate a report with usernames, software versions and servers or machine names that will help Penetration testers in the information gathering phase.

Step 1 :

sudo apt-get install subversion

sudo -sH
cd /opt
svn checkout http://metagoofil.googlecode.com/svn/trunk/ metagoofil
cd metagoofil


Step 2 :

To run it.

sudo -sH
cd /opt/metagoofil
python metagoofil.py -d samiux.com -t doc,pdf -l 200 -n 50 -o samiuxfiles -f results.html


That's all! See you.

HOWTO : Fierce on Ubuntu Desktop 12.04 LTS

Fierce domain scan was born out of personal frustration after performing a web application security audit. It is traditionally very difficult to discover large swaths of a corporate network that is non-contiguous. It's terribly easy to run a scanner against an IP range, but if the IP ranges are nowhere near one another you can miss huge chunks of networks.

Step 1 :

sudo apt-get install libnet-dns*

sudo -sH
mkdir /opt/fierce
cd /opt/fierce

wget http://ha.ckers.org/fierce/fierce.pl
wget http://ha.ckers.org/fierce/hosts.txt


Step 2 :

sudo -sH
cd /opt/fierce
perl fierce.pl -dns samiux.com -wordlist hosts.txt -file output.txt


That's all! See you.

HOWTO : theharvester on Ubuntu Desktop 12.04 LTS

The objective of theharvester is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database.

This tool is intended to help Penetration testers in the early stages of the penetration test in order to understand the customer footprint on the Internet. It is also useful for anyone that wants to know what an attacker can see about their organization.

Step 1 :

sudo apt-get install subversion

sudo -sH
cd /opt
svn checkout http://theharvester.googlecode.com/svn/trunk/ theharvester
cd /opt/theharvester


Step 2 :

To run it.

sudo -sH
cd /opt/theharvester
python theharvester.py -d microsoft.com -l 500 -b google


That's all! See you.

HOWTO : Crunch on Ubuntu Desktop 12.04 LTS

Crunch is a wordlist generator where you can specify a standard character set or a character set you specify. crunch can generate all possible combinations and permutations.

Step 1 :

sudo apt-get install build-essential

sudo -sH
cd /opt
git clone git://git.code.sf.net/p/crunch-wordlist/code crunch

cd /opt/crunch
make
make install

rm -R /pentest


Step 2 :

To run it.

sudo -sH
cd /opt/crunch
./crunch


That's all! See you.

HOWTO : Reaver on Ubuntu Desktop 12.04 LTS

Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases.

Reaver has been designed to be a robust and practical attack against WPS, and has been tested against a wide variety of access points and WPS implementations.

On average Reaver will recover the target AP's plain text WPA/WPA2 passphrase in 4-10 hours, depending on the AP. In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase.

Step 1 :

sudo apt-get install subversion build-essential libpcap0.8-dev libpcap-dev

sudo -sH
cd /opt
svn checkout http://reaver-wps.googlecode.com/svn/trunk/ reaver
cd /opt/reaver/src
./configure
make
make install


Step 2 :

To run it. You can run it at any directory.

wash -h
reaver -h


That's all! See you.

HOWTO : Aircrack-ng on Ubuntu Desktop 12.04 LTS

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools.

In fact, Aircrack-ng is a set of tools for auditing wireless networks.

Step 1 :

sudo apt-get install build-essential sqlite3 subversion ethtool

sudo -sH
cd /opt
svn co http://trac.aircrack-ng.org/svn/trunk aircrack-ng
cd /opt/aircrack-ng
make sqlite=true ext_scripts=true unstable=true
make sqlite=true ext_scripts=true unstable=true install

airodump-ng-oui-update


Step 2 :

To run it with ALFA AWUS036NH (802.11 b/g Long-Range USB Adapter), you can run the command at any directory.

sudo -sH
airmon-ng
airmon-ng start wlan1
airodump-ng mon0 -c 1


To test it if is is injectable or not.

aireplay-ng -9 mon0

Step 3 (Optional) :

For Intel Corporation PRO/Wireless 5100 AGN [Shiloh], you need the following commands :

sudo -sH
airmon-zc
airmon-ng start wlan3
airodump-ng wlan3mon -c 1


Remarks

At this writing, I cannot find a way to solve the problem in airmon-ng or airmon-zc for ALFA AWUS036NHR. However, Pentoo 2013.0 RC1.1 is working perfectly for that adapter.

That's all! See you.

Friday, May 17, 2013

HOWTO : Hashcat on Ubuntu Desktop 12.04 LTS

hashcat is an advanced password recovery.

Step 1 :

sudo apt-get install p7zip

sudo -sH
cd /opt

wget http://hashcat.net/files/oclHashcat-plus-0.14.7z

p7zip -d oclHashcat-plus-0.14.7z

mv /opt/oclHashcat-plus-0.14 /opt/oclHashcat-plus
cd /opt/oclHashcat-plus


Step 2 :

To run it. If you have nVidia display card and CUDA drivers installed, you can run the example script.

sudo -sH
cd /opt/oclHashcat-plus
./cudaExample0.sh


That's all! See you.

HOWTO : Cryptohaze on Ubuntu Desktop 12.04 LTS

Cryptohaze is a CUDA & OpenCL accelerated rainbow table implementation from the ground up, and a CUDA hash brute forcing tool with support for many hash types including MD5, SHA1, LM, NTLM, and lots more!

Cryptohaze is for 64-bit system only.

Step 1 :

sudo -sH
cd /opt


wget "http://downloads.sourceforge.net/project/cryptohaze/Cryptohaze-Linux_x64_1_31a.tar.bz2?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fcryptohaze%2F%3Fsource%3Ddlp&ts=1368806028&use_mirror=nchc" -O Cryptohaze-Linux_x64_1_31a.tar.bz2

tar -xjvf Cryptohaze-Linux_x64_1_31a.tar.bz2
rm Cryptohaze-Linux_x64_1_31a.tar.bz2
cd /opt/Cryptohaze-Linux


Step 2 :

To run it.

sudo -sH
cd /opt/Cryptohaze-Linux


Create "single_charset" for the operation.

nano single_charset

Append the following :

ABCEDFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890~!@#$%^&*()_+|}{":?><`-=\][';/.,

Cracking the sample SHA1 hashes :

./Cryptohaze-Multiforcer -h SHA1 -f test_hashes/Hashes-SHA1-Full.txt -c single_charset --threads 512 --blocks 512 -m 500

That's all! See you.

HOWTO : CUDA on Ubuntu Desktop 12.04 LTS

When install Ubuntu Desktop 12.04 LTS, select "nomodeset" by pressing F6 on the purple screen with boot up menu. The boot up menu can be reached by pressing "Enter" or "Spacebar" when seeing a keybroad and a human figure on the bottom of the screen during the boot up.

After the installation, the nvidia display driver is installed automatically.

Step 1 :

sudo add-apt-repository ppa:ginggs/backports
sudo apt-get update
sudo apt-get install nvidia-cuda-toolkit


That's all! See you.

HOWTO : Make-PDF tools on Ubuntu Desktop 12.04 LTS

make-pdf tools consists of make-pdf-javascript.py and make-pdf-embedded.py which allows penetration testers to embed file or javascript to a pdf file.

make-pdf-javascript.py allows one to create a simple PDF document with embedded JavaScript that will execute upon opening of the PDF document. It’s essentially glue-code for the mPDF.py module which contains a class with methods to create headers, indirect objects, stream objects, trailers and XREFs.

make-pdf-embedded.py creates a PDF file with an embedded file.

Step 1 :

sudo -sH
mkdir /opt/make-pdf
cd /opt/make-pdf

wget http://didierstevens.com/files/software/make-pdf_V0_1_4.zip
unzip make-pdf_V0_1_4.zip

rm make-pdf_V0_1_4.zip


Step 2 :

To run them.

sudo -sH
cd /opt/make-pdf
python make-pdf-embedded.py
python make-pdf-javascript.py


That's all! See you.

HOWTO : Tor and Proxychains on Ubuntu Desktop 12.04 LTS

(A) Tor

Step 1 :

sudo nano /etc/apt/sources.list.d/tor.list

Append the following :

deb http://deb.torproject.org/torproject.org precise main

Save and exit.

sudo -sH

gpg --keyserver keys.gnupg.net --recv 886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -

apt-get update
apt-get install deb.torproject.org-keyring
apt-get install tor tor-geoipdb vidalia privoxy


Step 2 :

sudo nano /etc/privoxy/config

Append the following line :

forward-socks5 / 127.0.0.1:9050 .

If you are behind NAT or router, you should append the following line :

forward 192.168.*.*/ .

Step 3 :

sudo update-rc.d privoxy disable
sudo update-rc.d tor disable

sudo /etc/init.d/privoxy start
sudo /etc/init.d/tor start


(B) Proxychains

Step 4 :

sudo apt-get install proxychains

sudo nano /etc/proxychains.conf

Change the following line :

socks4 127.0.0.1 9050

To :

socks5 127.0.0.1 9050

That's all! See you.

Thursday, May 16, 2013

HOWTO : Wireshark on Ubuntu Desktop 12.04 LTS

Wireshark is the world's foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto (and often de jure) standard across many industries and educational institutions.

Step 1 :

sudo apt-get update
sudo apt-get install wireshark

sudo dpkg-reconfigure wireshark-common


Answer "Yes" to the pop-up which allow non-root users to capture the packets. You can consider to enable it but it is danger.

Step 2 :

To run it. You can run it at any directory.

sudo -sH
wireshark


That's all! See you.

HOWTO : OpenVAS on Ubuntu Desktop 12.04 LTS

OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.

Step 1 :

At the time of this writing, the "stable" is version 5 while the "nightly builds" is version 6.

sudo add-apt-repository ppa:openvas/stable

or

sudo add-apt-repository ppa:openvas/nightly

sudo apt-get update
sudo apt-get install openvas-scanner openvas-manager openvas-administrator greenbone-security-assistant openvas-cli openvas-check-setup gsd

sudo apt-get install xsltproc sqlite3


Step 2 :

sudo openvas-mkcert

It will generate the following :

- Certification authority:
  Certificate = /var/lib/openvas/CA/cacert.pem
  Private key = /var/lib/openvas/private/CA/cakey.pem

- OpenVAS Server :
  Certificate = /var/lib/openvas/CA/servercert.pem
  Private key = /var/lib/openvas/private/CA/serverkey.pem

To sync the Network Vulnerability Tests (NVT) feed :

sudo openvas-nvt-sync

If you are using OpenVAS 6, you also need to sync the SCAP data :

sudo openvas-scapdata-sync

After that you have to create a client certificate using the openvas-mkcert-client tool. If -n is specified the tool doesn’t ask any questions and creates a certificate for the user "om". The -i parameter installs the certificate to be used with the OpenVAS manager.

sudo openvas-mkcert-client -n om -i

Before going further, stop the following services :

sudo /etc/init.d/openvas-scanner stop
sudo /etc/init.d/openvas-manager stop
sudo /etc/init.d/openvas-administrator stop
sudo /etc/init.d/greenbone-security-assistant stop


It needs some time to fully start it, please be patient :

sudo openvassd

Migrate and rebuild the databases. It needs some time to finish :

sudo openvasmd --migrate
sudo openvasmd --rebuild

sudo killall openvassd


To start it again but wait for some seconds before doing so as it need some time to shut down for the previous command :

sudo /etc/init.d/openvas-scanner start
sudo /etc/init.d/openvas-manager start
sudo /etc/init.d/openvas-administrator restart
sudo /etc/init.d/greenbone-security-assistant restart


To create a user "admin" with the role of "Admin" :

sudo openvasad -c add_user -n admin -r Admin

You will be asked for the password. You need to use this username and password to login to the OpenVAS.

Step 3 :

Check if your setup is correct or not.

Stable builds -
sudo openvas-check-setup

or

Nightly builds -
sudo openvas-check-setup --v6

Step 4 :

To run it. Point the Firefox to :

https://localhost:9392/

Step 5 :

To update it.

sudo openvas-nvt-sync

Step 6 (Optional) :

To start it manually instead of auto-run.

Start script -
sudo -sH
nano /etc/init.d/openvas-start


Append the following to the file :

sudo /etc/init.d/openvas-scanner start
sudo /etc/init.d/openvas-manager start
sudo /etc/init.d/openvas-administrator restart
sudo /etc/init.d/greenbone-security-assistant restart


chmod +x /etc/init.d/openvas-start

Stop script -

sudo -sH
nano /etc/init.d/openvas-stop


Append the following to the file :

sudo /etc/init.d/openvas-scanner stop
sudo /etc/init.d/openvas-manager stop
sudo /etc/init.d/openvas-administrator stop
sudo /etc/init.d/greenbone-security-assistant stop


chmod +x /etc/init.d/openvas-stop

sudo update-rc.d openvas-scanner disable
sudo update-rc.d openvas-manager disable
sudo update-rc.d openvas-administrator disable
sudo update-rc.d greenbone-security-assistant disable


To start the services :

sudo /etc/init.d/openvas-start

To stop the services :

sudo /etc/init.d/openvas-stop

That's all! See you.

HOWTO : SET on Ubuntu Desktop 12.04 LTS

The Social-Engineer Toolkit (SET) was created and written by the founder of TrustedSec. It is an open-source Python-driven tool aimed at penetration testing around Social-Engineering.

Step 1 :

sudo apt-get install git

sudo -sH
cd /opt
git clone https://github.com/trustedsec/social-engineer-toolkit/ set/
cd /opt/set
python setup.py install


Step 2 :

To run it. You can run it at any directory.

sudo -sH
se-toolkit


That's all! See you.

HOWTO : MAC Changer on Ubuntu Desktop 12.04 LTS

Mac Changer is a GNU/Linux utility for viewing/manipulating the MAC address of network interfaces.

Step 1 :

sudo apt-get install macchanger macchanger-gtk

Step 2 :

To run it. You can run it at any directory.

macchanger eth0

or

Graphical interface -

macchanger-gtk

That's all! See you.

HOWTO : Nmap on Ubuntu Desktop 12.04 LTS

Nmap ("Network Mapper") is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts.

Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).

Step 1 :

sudo apt-get install nmap zenmap

Step 2 :

To run it. You can run it at any directory.

sudo -sH
nmap -sC -PN -T4 samiux.com


or

Graphical interface -

zenmap

That's all! See you.

HOWTO : Netcat on Ubuntu Desktop 12.04 LTS

Netcat is a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol.

It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities.

Step 1 :

sudo -sH
cd /opt

wget http://garr.dl.sourceforge.net/sourceforge/netcat/netcat-0.7.1.tar.gz

tar -xvzf netcat-0.7.1.tar.gz
rm netcat-0.7.1.tar.gz

cd /opt/netcat-0.7.1
./configure
make

cd /opt
mkdir /opt/netcat
cp /opt/netcat-0.7.1/src/netcat /opt/netcat/
rm -R netcat-0.7.1/


Step 2 :

To run it.

sudo -sH
cd /opt/netcat
./netcat -h


Remarks :

Please do not delete the built-in netcat-openbsd as it will also delete the ubuntu-mininal package at the same time. Your compiled netcat is different to the built-in one.

That's all! See you.

HOWTO : John the Ripper on Ubuntu Desktop 12.04 LTS

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version.

Step 1 :

sudo -sH
cd /opt
wget http://www.openwall.com/john/g/john-1.7.9-jumbo-7.tar.gz
tar -xvzf john-1.7.9-jumbo-7.tar.gz
mv john-1.7.9-jumbo-7 john
rm john-1.7.9-jumbo-7.tar.gz


Step 2 :

cd /opt/john/src

For 64-bit system :
# for general -
make clean linux-x86-64
# for cuda -
make clean linux-x86-64-cuda
# for opencl -
make clean linux-x86-64-opencl

For 32-bit system :
# for general -
make clean linux-x86-sse2
# for cuda -
make clean linux-x86-cuda
# for opencl -
make clean linux-x86-opencl

Step 3 :

To run it.

sudo -sH
cd /opt/john/run
./john


That's all! See you.

Tuesday, May 14, 2013

HOWTO : Weevely on Ubuntu Desktop 12.04 LTS

Weevely is a stealth PHP web shell that simulate an SSH-like connection. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.

Step 1 :

sudo apt-get install git

sudo -sH
cd /opt
git clone git://github.com/epinna/Weevely.git


Step 2 :

To run it.

sudo -sH
cd /opt/Weevely
./weevely.py


That's all! See you.

Monday, May 13, 2013

HOWTO : Hiawatha on Ubuntu Desktop 12.04 LTS

Hiawatha is a secured web server. I use it to replace apache for the exploitation due to her lightweight.

Step 0 :

In case /etc/init.d/tntnet is exist, you should disable it before going further.

sudo update-rc.d tntnet disable
sudo /etc/init.d/tntnet stop


Step 1 :

sudo apt-get install build-essential libc6-dev libssl-dev dpkg-dev debhelper fakeroot libxml2-dev libxslt1-dev

wget http://www.cmake.org/files/v2.8/cmake-2.8.10.2.tar.gz
tar -xvzf cmake-2.8.10.2.tar.gz
cd cmake-2.8.10.2
./configure
make
sudo make install

wget http://www.hiawatha-webserver.org/files/hiawatha-9.1.tar.gz
tar -xzvf hiawatha-9.1.tar.gz
cd hiawatha-9.1/extra

./make_debian_package

cd ..

sudo dpkg -i hiawatha_9.1_amd64.deb


or

sudo dpkg -i hiawatha_9.1_i386.deb

In case the init script does not at /etc/init.d/, you need to copy it manully.

sudo cp hiawatha-9.1/extra/debian/init.d/hiawatha /etc/init.d/


Step 2 :

update-rc.d hiawatha disable

Step 3 :

To run it.

sudo /etc/init.d/hiawatha start

To stop it.

sudo /etc/init.d/hiawatha stop

Step 4 :

Web shell site :

http://pentestmonkey.net/category/tools/web-shells

Download the php reverse shell.

sudo -sH
cd /opt

wget http://pentestmonkey.net/tools/php-reverse-shell/php-reverse-shell-1.0.tar.gz

tar -xvzf php-reverse-shell-1.0.tar.gz
mv php-reverse-shell-1.0 php-reverse-shell
rm php-reverse-shell-1.0.tar.gz
cp php-reverse-shell.php /var/www/hiawatha/


That's all! See you.

HOWTO : Hydra on Ubuntu Desktop 12.04 LTS

THC-Hydra is a very fast network logon cracker which support many different services.

Step 1 :

sudo apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev firebird2.1-dev libncp-dev libncurses5-dev

sudo -sH
cd /opt

wget http://www.thc.org/releases/hydra-7.4.2.tar.gz

tar -xvzf hydra-7.4.2.tar.gz

mv hydra-7.4.2 hydra
rm hydra-7.4.2.tar.gz

cd /opt/hydra

./configure
make
make install


Step 2 :

To run it in GUI in any directory.

xhydra

To run it in console in any directory.

hydra

That's all! See you.

HOWTO : Burp Suite on Ubuntu Desktop 12.04 LTS

Burp Suite helps you secure your web applications by finding the vulnerabilities they contain.

Step 1 :

sudo -sH
cd /opt
mkdir burpsuite
cd /opt/burpsuite

wget http://portswigger.net/burp/burpsuite_free_v1.5.jar


Step 2 :

To run it.

sudo -sH
cd /opt/burpsuite
java -jar burpsuite_free_v1.5.jar


You can create a shell script to make the run more easier.

That's all! See you.

HOWTO : OWASP Zaproxy on Ubuntu Desktop 12.04 LTS

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.

ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

Step 1 :

sudo apt-get install openjdk-7-jre-lib openjdk-7-jre-headless openjdk-7-jre icedtea-7-jre-jamvm icedtea-7-jre-cacao icedtea-7-plugin

To select version 7.

sudo update-alternatives --config java

wget http://zaproxy.googlecode.com/files/ZAP_2.1.0_Linux.tar.gz
tar -xzvf ZAP_2.1.0_Linux.tar.gz

sudo cp -Ra ZAP_2.1.0 /opt/zaproxy


Step 2 :

To run it.

sudo -sH
cd /opt/zaproxy
./zap.sh


That's all! See you.

HOWTO : Freemind on Ubuntu Desktop 12.04 LTS

FreeMind is a premier free mind-mapping software written in Java. It can be used for keeping the information gathered in the exploitation phases.

Step 1 :

sudo apt-get install freemind freemind-browser freemind-doc freemind-plugins-svg freemind-plugins-script freemind-plugins-help

Step 2 :

To run it by clicking the Freemind icon or by command :

freemind

That's all! See you.

HOWTO : SlowHTTPTest on Ubuntu Desktop 12.04 LTS

SlowHTTPTest is a highly configurable tool that simulates some Application Layer Denial of Service attacks. It works on majority of Linux platforms, OSX and Cygwin - a Unix-like environment and command-line interface for Microsoft Windows.

It implements most common low-bandwidth Application Layer DoS attacks, such as slowloris, Slow HTTP POST, Slow Read attack (based on TCP persist timer exploit) by draining concurrent connections pool, as well as Apache Range Header attack by causing very significant memory and CPU usage on the server.

Slowloris and Slow HTTP POST DoS attacks rely on the fact that the HTTP protocol, by design, requires requests to be completely received by the server before they are processed. If an HTTP request is not complete, or if the transfer rate is very low, the server keeps its resources busy waiting for the rest of the data. If the server keeps too many resources busy, this creates a denial of service. This tool is sending partial HTTP requests, trying to get denial of service from target HTTP server.

Slow Read DoS attack aims the same resources as slowloris and slow POST, but instead of prolonging the request, it sends legitimate HTTP request and reads the response slowly.

Step 1 :

sudo -sH
cd /opt

apt-get install subversion

svn checkout http://slowhttptest.googlecode.com/svn/trunk/ slowhttptest

cd /opt/slowhttptest
./configure
make
make install


Step 2 :

You can run it at any directory.

slowhttptest -h

Step 3 :

To uninstall it.

cd /opt/slowhttptest
sudo make uninstall


That's all! See you.

HOWTO : Sqlmap on Ubuntu Desktop 12.04 LTS

Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB database management systems.

Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query, stacked queries and out-of-band.

Step 1 :

sudo -sH
cd /opt

apt-get install git
git clone git://github.com/sqlmapproject/sqlmap.git


Step 2 :

To run it.

sudo -sH
cd /opt
python sqlmap.py


That's all! See you.

HOWTO : W3af on Ubuntu Desktop 12.04 LTS

W3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.

Step 1 :

Make sure you follow the steps below one by one.

sudo -sH
cd /opt

apt-get update
apt-get install git build-essential

git clone https://github.com/andresriancho/w3af.git

apt-get install python2.7-dev python-setuptools python-pip

pip install PyGithub GitPython pybloomfiltermmap esmre nltk pdfminer futures scapy-real guess-language cluster msgpack-python python-ntlm

pip install -e git+git://github.com/ramen/phply.git#egg=phply

apt-get install graphviz python-gtksourceview2

pip install xdot


Step 2 :

To run it.

sudo -sH
cd /opt/w3af

./w3af_gui


or

./w3af_console

Step 3 :

Make sure you change the path of the Metasploit at "Configuration" -- "Miscellaneous" -- "Metasploit".

e.g. /opt/metasploit/app/
e.g. /opt/metasploit/apps/pro/msf3/

Remarks :



Automated Audit using W3AF

That's all! See you.

Sunday, May 12, 2013

HOWTO : Metasploit on Ubuntu Desktop 12.04 LTS

Metasploit is an exploitation framework.

Step 1 :

If the following packages not installed, you need to install them.

sudo apt-get install ruby1.9.1 build-essential

To download it.

For 64-bit systems :

wget http://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run

chmod +x metasploit-latest-linux-x64-installer.run

sudo ./metasploit-latest-linux-x64-installer.run


For 32-bit systems :

wget http://downloads.metasploit.com/data/releases/metasploit-latest-linux-x32-installer.run

chmod +x metasploit-latest-linux-x32-installer.run

sudo ./metasploit-latest-linux-x32-installer.run


Follow the instruction on the screen. You can choose your installed directory, default is /opt/metasploit. Select to install Metasploit as service.

Step 2 :

To register your community edition. If you don't, you cannot update the Metasploit. Point your Firefox to the following url :

https://localhost/:3790

You need to wait for about 5 minutes for the initialization. Please be patient.

Fill in the blank and you will receive the license key for activation. Then, activate the copy.

Step 2a :

sudo update-rc.d metasploit disable

Step 3 :

To run it.

sudo -sH
/etc/init.d/metasploit start
cd /opt/metasploit/app
sudo msfconsole


Step 4 :

To update it.

sudo -sH
/etc/init.d/metasploit start
cd /opt/metasploit/app
msfupdate


*** Make sure you wait for at least 3 minutes before executing "msfupdate". As it need time to load all the necessary modules after the Metasploit is started.

Remarks :

If you do not select to install as service, you need to do the following to start the Metasploit.

sudo /opt/metasploit/ctlscript.sh start

That's all! See you.

HOWTO : BeEF and Metasploit Integration on Ubuntu Desktop 12.04 LTS

Step 1 :

nano beef/extensions/metasploit/config.yaml

Make change to "host", "callback_host" and "msf_path". Where the last entry at "msf_path" should be the path of the Metasploit.

It will look like this :



Remarks : you are not required to change the "host", you can keep it as 127.0.0.1. However, you need to change the "callback_host" as it is the reverse connection IP address and it should be a public IP address.

Step 2 :

nano beef/config.yaml

Go to "extension:" and change the "false" to "true" under "metasploit".

It will look like this.



Step 3 :

Start Metasploit :

sudo /etc/init.d/metasploit start
cd /opt/metasploit/app
sudo msfconsole
db_connect


Under the msfconsole :

load msgrpc ServerHost=127.0.0.1 Pass=abc123

Start BeEF :

cd beef
./beef


Point your Firefox to the following url :

http://192.168.1.102:3000/ui/panel

Enter username and password for both "beef" to login.

Remarks :

Please note that the above IP address (192.168.1.102) is just an example.



The BeEF site has a tutorial for browser autopwn with Metasploit. You can refer to here.

That's all! See you.

Saturday, May 11, 2013

HOWTO : Joomscan on Ubuntu Desktop 12.04 LTS

Joomscan is OWASP Joomla Vulnerability Scanner.

Joomla! is probably the most widely-used CMS out there due to its flexibility, user-friendlinesss, extensibility to name a few. So, watching its vulnerabilities and adding such vulnerabilities as KB to Joomla scanner takes ongoing activity.It will help web developers and web masters to help identify possible security weaknesses on their deployed Joomla! sites.

However, it is not up-to-date. The latest version of vulnerability database is on October 22, 2012 (at the time of this writing).

Step 1 :

sudo apt-get install libwww-perl libwww-mechanize-perl

Joomscan is written in Perl. Download it.

sudo -sH
cd /opt
wget "http://downloads.sourceforge.net/project/joomscan/joomscan/2012-03-10/joomscan-latest.zip?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fjoomscan%2F%3Fsource%3Ddlp&ts=1368806935&use_mirror=ncu" -O joomscan-latest.zip


Step 2 :

Once downloaded, you need to extract the content.

sudo -sH
cd /opt
mkdir joomscan

cp joomscan-latest.zip /opt/joomscan/
rm joomscan-latest.zip

cd /opt/joomscan

unzip joomscan-latest.zip


Step 3 :

To run it.

sudo -sH
cd /opt/joomscan

perl joomscan.pl -u http://www.samiux.com


Step 4 :

To update it.

sudo -sH
cd /opt/joomscan

perl joomscan.pl update


That's all! See you.

HOWTO : WPScan on Ubuntu Desktop 12.04 LTS

WPScan is a black box WordPress vulnerability scanner.

Step 1 :

To install wpscan and her related packages.

sudo apt-get install git libcurl4-gnutls-dev libruby libxml2 libxml2-dev libxslt1-dev ruby1.9.1-dev

sudo -sH
cd /opt
git clone https://github.com/wpscanteam/wpscan.git

cd wpscan

sudo gem install bundler

sudo bundle install --without test developement


Step 2 :

To run it.

sudo -sH
cd /opt/wpscan

./wpscan.rb --url http://www.samiux.com


Step 3 :

To update it.

sudo -sH
cd /opt/wpscan

./wpscan.rb --update


That's all! See you.

Friday, May 10, 2013

HOWTO : BeEF on Ubuntu Desktop 12.04 LTS

BeEF - The Browser Exploitation Framework Project is a penetration testing tool that focuses on the web browser.

Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.

Step 1 :

To download the latest version of BeEF to the current directory.

sudo -sH
cd /opt
apt-get install git
git clone git://github.com/beefproject/beef.git


Step 2 :

To install BeEF and her related packages.

cd beef

sudo apt-get install ruby1.9.1-dev libsqlite3-dev sqlite3 sqlite3-doc build-essentail

sudo gem install bundler

sudo bundle install


Step 3 :

To run it.

sudo -sH
cd /opt/beef

./beef


Then point the Firefox to http://[your IP address]:3000/ui/panel

Step 4 :

To update it.

sudo -sH
cd /opt/beef

./update-beef


Remarks :

If you also installed Metasploit, you can integrate Metasploit to BeEF to perform attacks, such as browsers autopwn.

That's all! See you.