kali_notes

Kali Linux notes

• compile the code:

make cleanmakemake install

• update the dependencies:depmod -a
• Find loaded modules:lsmod
• Update the local package index with the latest changes made in the repositories:apt-get update
• Upgrade the existing packages:apt-get upgrade
• Upgrade to the latest version(if available):apt-get dist-upgrade
• Install nessuss and squid3

• Setting up ProxyChains

  • open the proxychains configuration file:vim /etc/proxychains.conf
  • uncomment the chaining type we want to use;dynamic_chain
  • add some proxy servers to the list
  • proxyresolv www.targethost.com
  • proxychains msfconsole

• install virtualbox

  http://www.distrowatch.com

  http://www.turnkeylinux.org ->to download for test

• wpscan to attack wordpress-sites

Information Gathering

1. Service enumeraion:

   • DNS enumeration:dnsdnum
   • SNMP enumeration:
     
snmpwalk -c public 192.168.10.200 -v 2c
snmpwalk -c public 192.168.10.200 -v 1| grep hrSWInstalledName
for tcp port scan:snmpwalk -c public 192.168.10.200 -v 1| grep tcpConnState | cut -d "." -f6 | sort -nu

   • snmpcheck(get information via SNMP protocols):snmpcheck -t 192.168.10.200

   • domain scan with fierce:

     fierce -dns internet.comfierce -dns internet.com -wordlist hosts.txt -file /tmp/output.txt

   • to start an smtp enumeration of the users on smtp server:smtp-user-enum -M VRFY -U /tmp/users.txt -t 192.168.10.200

   • Determining network range

   • Deepmagic Information Gathering Tool**dmitry**:dmitry -wnspb targethost.com -o /root/Desktop/dmitry-result
   • to issue an ICMP netmask request:netmask -s targethost.com

   • scapy

   • Identifying active machines

   • nmap -sP 216.27.130.162
   • nping(Nmap suite):nping --echo-client "public" echo.nmap.org

   • send some hex data to a specified port:nping -tcp -p 445 -data AF56A43D 216.27.130.162

   • Finding open ports

     1. nmap 192.168.56.101
   • explicitly specify the ports to scan:nmap -p 1-1000 192.168.56.101
   • scan all the organization’s network on TCP port 22:Nmap -p 22 192.168.56.*
   • explicitly - to output a file:Nmap -p 22 192.168.56.* -oG /tmp/Nmap-targethost-tcp445.txt

   • Zenmap

   • Operating system fingerprinting:

   • nmap -o 192.168.56.102

   • Use p0f to analyze a Wireshark capture file:p0f -s /tmp/targethost.pcap -0 p0f-result.log -l

   • Service fingerprinting

   • nmap -sV IPadderss

   • Using amap to idenfity the application running a specific port or a range of ports:amap -bq 192.168.10.200 200-300

   • Threat assessment with Maltego

   • an account is required in order to use Maltego:”https://www.paterva.com/web6/community/”
   • Mapping the network
   • casefile

Vulnerability Assessment

1. install nessuss(8843 port)
   
   • install openvas(9392 port)

Exploiting Vulnerabilities

1. download a Linux-based operating system named metasploitable2 .

Escalating Privileges

1. use incognito in meterpreter of metasploit

   • use getsystem in meterpreter of metasploit
   • setoolkit
   • Cleaning up the tracks

   • use irb in metasploit

   • Create a persistent backdoor
     -run persistence -h in metasploit

   • MITM attack

Password attack

1. hydra

2. brute-force attack using Medusa

   • Password profiling:
   • configure Ettercap:
     
locate etter.conf
vi /etc/etterconf


   • use auxiliary/gather/search_email_collector in metasploit

   • cracking a windows password using john the ripper

   • utilize Crunch to generate own password dictionary

   • using rainbow tables to crack:

     cd /usr/share/rainbowcrack/./rtgen md5 loweralpha-numeric 1 5 0 3800 33554422 0(rtgen to generate an MD5-based rainbow table )

   • cracking passwords with GPU using 0calhashcat

   • sucrack:allows for brute-force cracking of local accounts via su;it will fill up the log files rather quickly so please be sure to clean the log files after completion.

Wireless Attacks

1. Cracking wep with aircrack-suite:

   airmon-ng/*need to stop the wlan0 interface and take it down so that changes MAC address */airmon-ng stopifconfig wlan0 down/*change the MAC address of interface.the MAC adderss of machine idenfity you on any network*/macchanger --mac 00:11:22:33:44:55 wlan0airmon-ng start wlan0airodump-ng wlan0aireplay-ngaircrack-ng -b MACaddress wirelessattack.capture

2. Automating wireless network cracking:Gerix

   • Accessing clients using a fake AP:Gerix
   • URL traffic manipulation:
     

     sudo echo 1 >>/proc/sys/net/ipv4/ip_forward #configure IP tables  that allow our machine to route traffic/*arpspoof attack*/arpspoof -i wlan0 -t(target) 192.168.10.115 192.168.10.1arpspoof -i wlan0 -t 192.168.10.115 192.168.10.1