kali_notes

Kali Linux notes

compile the code:

make clean
make
make install

update the dependencies:

depmod -a

Find loaded modules:

lsmod

Update the local package index with the latest changes made in the repositories:

apt-get update

Upgrade the existing packages:

apt-get upgrade

Upgrade to the latest version(if available):

apt-get dist-upgrade

Install nessuss and squid3

Setting up ProxyChains

open the proxychains configuration file:

vim /etc/proxychains.conf

uncomment the chaining type we want to use;

dynamic_chain

add some proxy servers to the list

proxyresolv www.targethost.com

proxychains msfconsole

install virtualbox

http://www.distrowatch.com

http://www.turnkeylinux.org ->to download for test

wpscan to attack wordpress-sites

Information Gathering

Service enumeraion:

DNS enumeration:

dnsdnum

SNMP enumeration:

snmpwalk -c public 192.168.10.200 -v 2c

snmpwalk -c public 192.168.10.200 -v 1| grep hrSWInstalledName

for tcp port scan:snmpwalk -c public 192.168.10.200 -v 1| grep tcpConnState | cut -d "." -f6 | sort -nu

snmpcheck(get information via SNMP protocols):

snmpcheck -t 192.168.10.200

domain scan with fierce:

fierce -dns internet.com
fierce -dns internet.com -wordlist hosts.txt -file /tmp/output.txt

to start an smtp enumeration of the users on smtp server:

smtp-user-enum -M VRFY -U /tmp/users.txt -t 192.168.10.200

Determining network range

Deepmagic Information Gathering Tool**dmitry**:

dmitry -wnspb targethost.com -o /root/Desktop/dmitry-result

to issue an ICMP netmask request:

netmask -s targethost.com

scapy

Identifying active machines

nmap -sP 216.27.130.162

nping(Nmap suite):

nping --echo-client "public" echo.nmap.org

send some hex data to a specified port:

nping -tcp -p 445 -data AF56A43D 216.27.130.162

Finding open ports

nmap 192.168.56.101

explicitly specify the ports to scan:

nmap -p 1-1000 192.168.56.101

scan all the organization’s network on TCP port 22:

Nmap -p 22 192.168.56.*

explicitly - to output a file:

Nmap -p 22 192.168.56.* -oG /tmp/Nmap-targethost-tcp445.txt

Zenmap

Operating system fingerprinting:

nmap -o 192.168.56.102

Use p0f to analyze a Wireshark capture file:

p0f -s /tmp/targethost.pcap -0 p0f-result.log -l

Service fingerprinting

nmap -sV IPadderss

Using amap to idenfity the application running a specific port or a range of ports:

amap -bq 192.168.10.200 200-300

Threat assessment with Maltego

an account is required in order to use Maltego:”https://www.paterva.com/web6/community/”

Mapping the network

casefile

Vulnerability Assessment

install nessuss(8843 port)

install openvas(9392 port)

Exploiting Vulnerabilities

download a Linux-based operating system named metasploitable2 .

Escalating Privileges

use incognito in meterpreter of metasploit

use getsystem in meterpreter of metasploit

setoolkit

Cleaning up the tracks

use irb in metasploit

Create a persistent backdoor

-

run persistence -h

in metasploit

MITM attack

Password attack

hydra

brute-force attack using Medusa

Password profiling:

configure Ettercap:

locate etter.conf

vi /etc/etterconf

use auxiliary/gather/search_email_collector in metasploit

cracking a windows password using john the ripper

utilize Crunch to generate own password dictionary

using rainbow tables to crack:

cd /usr/share/rainbowcrack/
./rtgen md5 loweralpha-numeric 1 5 0 3800 33554422 0(rtgen to generate an MD5-based rainbow table )

cracking passwords with GPU using 0calhashcat

sucrack:allows for brute-force cracking of local accounts via su;it will fill up the log files rather quickly so please be sure to clean the log files after completion.

Wireless Attacks

Cracking wep with aircrack-suite:

airmon-ng
/*need to stop the wlan0 interface and take it down so that changes MAC address */
airmon-ng stop
ifconfig wlan0 down
/*change the MAC address of interface.the MAC adderss of machine idenfity you on any network*/
macchanger --mac 00:11:22:33:44:55 wlan0
airmon-ng start wlan0
airodump-ng wlan0
aireplay-ng
aircrack-ng -b MACaddress wirelessattack.capture

Automating wireless network cracking:

Gerix

Accessing clients using a fake AP:

Gerix

URL traffic manipulation:

sudo echo 1 >>/proc/sys/net/ipv4/ip_forward #configure IP tables  that allow our machine to route traffic
/*arpspoof attack*/
arpspoof -i wlan0 -t(target) 192.168.10.115 192.168.10.1
arpspoof -i wlan0 -t 192.168.10.115 192.168.10.1