Click to Show/Hide Starters Guide
Recent Posts

Tuesday, April 4, 2017

Configure your web application pentesting lab

In the previous tutorial, we set up our web application pentesting lab. However, it's far from ready, and we need to make some changes to get it working as per our needs. Here's the link to the previous post if you didn't follow that-

Set up your web app pentesting lab

Contents

  1. Fixing the problems
  2. Changing credentials
  3. Adding recaptcha key
  4. Enabling disabled stuff
  5. Installing missing stuff
  6. Giving write privileges

Fixing problems

If you remember from previous post, we reached this point-

There's some stuff in red color
All the stuff in red needs fixing. If you are lucky, we have the same set of issues which need fixing. Otherwise, you'll have to do some googling to find out how to fix problems which you are facing and I am not.

Changing mysql username and password

The default credentials are 'root' and 'p@ssw0rd' in the config.inc.php file. We change it to the correct mysql login credentials, 'root' and '', in my case. You can change depending on your mysql credentials. This gets rid of our biggest worry - Unable to connect to database!

This is the biggest problem. Solving this means we can create our database, some modules may not work
perfectly, but DVWA will run. Without fixing this, we won't even be able to start.
To fix this, open /opt/lamp/htdocs/DVWA-master/config/config.inc.php file in your favorite text editor.



This password isn't the password of our mysql database. In my case, password is nothing, i.e. two single quotes (i.e. '').
Update the value here. In case your mysql password is something else, use that. Change
the username too is need be.
This is the corrected password value in my case. After this, refresh the page and click "Create/Reset database"

Now everything works fine after you click Create/Reset database.

Now we'll fix the other remaining issues.

Fixing missing recaptcha key


Firstly, we need to solve the recaptcha key missing problem. Go to this URL-
Go to the URL, you'll see a form like this

Fill form, values don't matter much
You obtain site key and secret key. Site key = Private key, secret key = private key
Open the config.ini.php file in your favourite text editor
Edit the recaptcha public key and private key fields. Here is what I did.

Now we have a a recaptcha key. One red down, 3 to go.

Fixing disabled allow_url_include 

We simply have to locate the configuration file and edit the value of the parameter from Off to On.

The php configuration file is located at /opt/lampp/etc/php.ini
Edit it with your favourite text editor, you'll need root privileges (sudo)
Locate the allow_url_include line by using search feature of your text editor

Change Off to On 
Restart the lampp service



Reload page, you'll see that the issue is fixed

Note: Any other function which is disabled can be enabled in a similar manner. All settings are in the php.ini file. You just need to search for the corresponding line and edit it.



Fixing missing modules

If a module is shown as missing , then we need to install it. In my case, everything is installed. Most likely, since you are also using XAMPP, everything would be installed. However, if that is not the case, then you have to figure out how to install the modules. If you aren't using XAMPP and did everything manually, then apt-get would be the way to go. Otherwise look at XAMPP's (or whichever bundle you are using) documentation.

Fixing File Ownership

We need to give www-data user write access to two directories. We'll can use chgrp and chmod commands in unison to give only the privileges that are needed, or we could go the lazy way and use chmod 777 (full read, write and execute privileges to everyone). I'm feeling lazy and I'm just gonna go the chmod way. Run the command below-

chmod 777 <directory>

Replace directory with the correct directory.
This is the last thing that needs to be done

Everything is green finally! Also, notice the credentials, we'll need it later.
"admin // password"
Database created. Populated with tables. 
Finally the damn vulnerable application is running.
The username = "admin" and password is "password" ("admin // password" that we saw three pics ago).
Everything is running perfectly. This is the page you should see after successful login.

I'll leave you at the welcome page of DVWA. In the next tutorial, we'll begin proper exploitation of the intentional vulnerabilities, moving from trivial stuff to the really hard stuff. The first two tutorials complete the installation and configuration parts.

Set up your own web application pentesting lab

Without any preface, let me get straight to the point. In this tutorial, we will be installing Damn Vulnerable Web Application (DVWA) on a Ubuntu virtual machine. Our attacker machine would be Kali Linux, which is also installed as a virtual machine (or virtual box). The host can be any OS, and doesn't matter since we won't be using it at all. An alternate configuration is when your host is either Kali or Ubuntu, in which case you need only one VM, to install their the other OS. Alternatively, you could just use a single Kali machine both as attacker as well as victim (running the vulnerable application). However, that makes things less realistic.

Contents

  1. Pre-requisites
  2. Installing DVWA
Disclaimer : No cool stuff in this tutorial, just straightforward installation.

Pre-requisites

You need to have Kali Linux (rolling release) and Ubuntu (I'm using 16.04) up and running. If you aren't familiar with virtual machines and stuff, then take a break of a few days, get familiar with them, install and run a few Linux (any flavour) VMs, drink some coffee, etc. Once you're comfortable with virtual machines (and have Kali & Ubuntu up nd running), proceed onward.

You also need some minimal knowledge of linux, networking, and web applications. As an exercise, you could try getting some free web host (a pathetic one will suffice, since you are only doing this for learning and won't need anyone to use your website), and deploy a wordpress site. Tinker around the website, install themes and stuff to get a feel for it. Then, go one step further and deploy a wordpress instance on your linux virtual machine. This time, don't use the wordpress UI to do things, but instead try and figure out stuff manually. Install themes, modules, etc. on your own by placing them in the correct directory. Just tinker away, in short, till you have some level of familiarity with web applications.

Now, you are familiar with web apps, virtual machines, and linux (not networking though). The task above were pretty simple but for now you can move ahead with the tutorial with the given amount of expertise. Also, the pre-reqs listed above are for the entire web pentesting series, and most probably you'll be able to follow this tutorial without completing some of them, since this is the first and very basic installation tutorial.

Important: Make sure you use the same version of stuff as me. This will avoid scenarios where our systems behave differently (in which case you'll have to use google-fu to figure our how to deal with unexpected stuff happening).

Ubuntu Version - 16.04.1 LTS
XAMPP Version - 7.1.1 (you'll install this later in the tut)

Installing DVWA

This is a fairly simple procedure.  Below are screenshots with explanation. At the end of the tutorial, I have listed commands that you need to type to get all this done (you can simply copy paste the commands). The unnecessary steps are not present in list of commands (in screenshots they are there to enhance your understanding oh what's going on).

Overview-

  1. First we will download DVWA.
  2. Then we read it's doc and find out what to do.
  3. After reading doc, we realize we need to install XAMPP, we do that.
  4. After installing XAMPP, we test if it works by starting it and opening localhost on our machine.
  5. Once we're sure that XAMPP works, we will proceed and copy DVWA files to htdocs folder of XAMPP.
  6. Now we check if localhost/DVWA-master leads us to the vulnerable app. If it does, then we did everything right.

Open Damn Vulnerable Web App website in your browser. Click on download. You'll get an archive, extract it.
Navigate to the extracted archive. Get a lay of the land. You'll find that there is documentation available in docs folder.
Here is the relevant section of the documentation. We need to install XAMPP. You can get it to work
with any other equivalent software bundle, but for ease, let's stick to the recommended way.
Proceed to download the XAMPP bundle. I went with the latest version (going with latest version
poses a slight problem for us, while DVWA is flawed, our PHP version is perfectly patched. For now, let's
ignore this. If this cause hinderance at a later stage, then we'll deal with it)
Navigate to downloads directory and run the installer for XAMPP
Realise that you forgot to run the installer as root! (kudos if you ran as root and didn't make the
same mistake as me)
Run installer as root
It's a simple installer. You'd know what to do.

Wait for it to finish.
Start the XAMPP server (note that the directory is lampp in linux systems)
Check if your server is running by typing 127.0.0.1 or localhost on your browser. XAMPP is now up
and running properly. Let's run our vulnerable app on XAMPP now.
As suggested by the documentation, we simply move our folder into the htdocs directory.
Open the localhost/DVWA-master URL and you'll see that everything works as expected. Our initial
setup is successfully done.
There is still further configuration to be done, but I don't want to extend the tutorial any further. After the next section, there is link to part 2 of this series.

Commands

For below commands to work, ensure the following-

  • xampp-linux-x64-VERSION-installer.run - this file downloaded and is located in Downloads folder
  • DWVA-master directory is located in home folder (the archive to be downloaded and extracted to obtain this directory).
  • Replace VERSION with the version you have downloaded (7.1.1.0 in my case)
Here are the commands-


  1. cd ~/Downloads
  2. chmod a+x xampp-linux-x64-VERSION-installer.run
  3. cd ~
  4. sudo ./xampp-linux-x64-VERSION-installer.run
  5. sudo mv ~/DWVA-master/ /opt/lampp/htdocs/

Part 2 : fixing the problems and finishing the configuration. Here's the link -

Configuring DVWA


Extras


  1. Read about localhost (what does this URL signify - 127.0.0.1)
  2. Commands used - ls, cd, mv, sudo. Use man pages to find out what these mean (eg. type man mv into the terminal)


Sunday, March 19, 2017

Stay anonymous while hacking online using TOR and Proxychains


In this tutorial we will guide you how to stay anonymous while hacking online using TOR and Proxychains. Hiding your ass while hacking is easy just require some configuration which we will gonna see in this tutorial. Just follow this as shown.





First thing First!!!!

TOR

Tor is software and an open network that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy. It gives you access to the dark web.

Dark web is nothing but the encrypted network that exists between tor servers and their clients.

For more detail : https://www.torproject.org/

PROXYCHAINS

A tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy. 

Supported auth-types: "user/pass" for SOCKS4/5, "basic" for HTTP.

Lets start!




STEPS:

1. Open kali linux terminal and type
root@kali:-# sudo apt-get install tor proxychains
root@kali:-# sudo service tor start
root@kali:-# gedit /etc/proxychains.conf
Go to http://proxylist.hidemyass.com/ . Select one ip and add as shown :


root@kali:-# proxychains wget http://ipinfo.io/ip -qO-

That's it! Now you can use proxychains with any sort of command.

 Example:
root@kali:-# proxychains sqlmap -u http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15 --dbs

****************************************************

ETHICAL HACKING COURSE (88% off) : Click here

****************************************************




Saturday, February 25, 2017

Install Kali Linux On Raspberry Pi 3 : Creation of a Hacking Machine



In this tutorial, we will tell you how to install kali Linux on raspberry pi 3. Raspberry pi is a single board small computer which is portable as well. Raspberry pi 3 is the third generation Raspberry Pi. It will cost you around $35-$40 (totally worth it). It will come with handy specs.




INSTALLATION REQUIREMENTS : 

STEPS:

  Note: Below ( ) are used to mention the time in the video.

1. Download all files from the above links.

2. Insert SD CARD and open Win32DiskImager . Locate your kali linux image file and sd card. Hit        write. 

3. After the writing process is done. Insert SD card in Raspberry Pi and do setup as shown (1:21)

4. Open Network sharing (1:39) . Do the settings as shown.

5. Open cmd and type arp -a .Note your ip address. (2:38)

6. Open Putty (3:00) and do configuration as shown.

7. Commands to install GUI 
     apt-get update (4:20)
     apt-get install lxde (4:40)
     apt-get install lightdm (5:15)

8. Open Xming (5:29) and type startlxde (5:37)

9. Successfully Installed (5:52)

Saturday, February 4, 2017

Compiling Linux Kernel (on Ubuntu)

This guide may not exactly be relevant to this blog, but as an exercise in getting familiar with Linux, I'll post it anyways. Here are a few disclaimers-


  1. Don't follow this guide for compiling linux kernel, there are much better guides out there for that purpose (this is the one I followed). The guide exists to help you learn some new stuff which you didn't know before, and to improve your understanding of Linux a bit.
  2. My knowledge of Linux and operating systems, in general, is somewhat limited, and hence, some things might be wrong (or at least not perfectly correct).
  3. The main reason for writing this tutorial is because I had to submit a document showing what I did. It's not exactly related to hacking. It just gives you some insight into linux (which I perceive is helpful).
  4. Do everything on a virtual machine, and be prepared for the eventuality that you'll break your installation completely.

Linux Kernel

Running uname -r on your machine would show you what kernel version you're using. uname -a would give you some more details regarding that. 

Every once in a while, a new stable kernel release is made available on kernel.org. At the time of writing this, the release was 4.9.8. At the same time, there is also the latest release candidate kernel, which is not of our interest, as it's bleeding edge (latest features are available in the kernel, but there could be bugs and compatibility issues), and hence not stable enough for our use. 

I download the tar ball for the latest kernel (a compressed archive of ~100MB size, which becomes ~600 MB upon extraction). What we get upon extraction is the source files of your linux kernel. We need to compile this to get an object file which will run our OS. To get a feel for what this means, I have a little exercise for you-

Small (and optional) exercise


We will do the following-
  1. Make a folder, and move to that folder
  2. Write a small c++ hello world program
  3. Compile it, using make
  4. Run the compiled object file.
On the terminal, run the following-

Step 1:
mkdir testing
cd testing
Step 2:
cat > code.cpp
Paste this into the  terminal
#include <iostream>

int main(){
    std::cout << "Hello World\n";
    return 0;
}

After pasting this, press ctrl+d on your keyboard (ctrl+d = EOL = end of line).
If this doesn't work, just write the above code in your favourite text editor and save as code.cpp


Step 3:
make code
Step 4:
./code
 Notice how we used the make command to compile our source code and get an executable. Also, notice how the make command itself executed this command for us-
g++ code.cpp -o code
In our case, since there was only one source file, make knew what to do (just compile the single file). However, in case there are multiple source, make can't determine what to do.

For example, if you have 2 files, and the second one depends on the first one in some way. Then, you need the first one to be compiled before the second one. In case of the kernel, there are possibly millions of source code files, and how they get compiled is a very complex process.

If you navigate to the folder containing linux kernel (the folder where you extracted the tar ball), you'll get an idea of the sheer magnitude of complexity behind a kernel. For example, open the Makefile file in that folder in your favourite text and editor and see the contents of the folder. Makefile contains instructions which make (the command line tool we used earlier) uses to determine how to compile the source files in that directory (and subdirectories).

Some tools

Compiling our simple c++ program didn't need much, and your linux distribution (I'm using Ubuntu 16 for this tutorial) would come with the required tools pre-installed. However, compiling kernel needs some more stuff, and you'll need to install the required tools. For me, this command installed everything that was needed-
sudo apt-get install libncurses5-dev gcc make git exuberant-ctags bc libssl-dev
 Many of these tools would actually be pre-installed, so downloading and installing this won't take too long.

(if you're not on Ubuntu/Kali, then refer to this guide, as it has instruction for Red Hat based and SUSE based systems as well)

Download kernel

In the guide that I followed, he suggested that I clone this repository-
git clone git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git
After cloning the repo, I had to choose the latest stable kernel and then proceed further with it. This would be useful when you want to keep pulling updates and recompiling your kernel. However, for the purpose of this tutorial, let's ignore this possibility (because cloning the git repo took a lot of time and the downloaded file was huge and everything was taking forever).

Instead, we just download and extract the tarball (as discussed earlier in the Linux Kernel section).


Configuration

Here, we have two options. 
  1. Use a default configuration
  2. Use the configuration of your current kernel (on which your OS is running right now).
As in downloading the kernel step, I tried both methods, and for me, the default one worked better. Anyways, for current configuration, run the following-
cp /boot/config-`uname -r`* .config
This copies the configuration for your current kernel to a file in the current folder. So, before running this command, navigate to the folder containing the extracted tarball. For me, it was /home/me/Download/linux-4.9.8

For default config (recommended), run
make defconfig

If you don't see a config file, don't worry. In linux, files/directories starting with . are hidden. On your terminal, type vi .config (replace vi with your favourite text editor) and you can see the config file.

Compiling

Similar to the way you compiled your c++ program, you can compile the kernel. In case of c++ program, we didn't have any Makefile, so we had to specify the name of the source file (make code), however, since we have a Makefile here, we can simply type make, and our Makefile and .config file (and probably many more files) will tell make what to do. Note that the config file contains the options which were chosen for your current kernel. However, on a later kernel, there might be some choices which weren't available in the the previous kernel (the one you're using). In that case, make will ask you what to do (you'll get to choose between option - yes and no, or options - 1,2,3,4,5,6, etc.). Pressing enter chooses the default option. Again, I suggest you use the default configuration file to avoid any issues.

To summarise, simply run this command-
make
If you have multiple cores, then specify it as an argument (compilation will be faster). For example, if you have two cores, run make -j2
If you have 4 cores, run make -j4 

Now, you can do something else for a while. Compilation will take some time. When it's finished, follow the remaining steps.

Installation

Simply run this command-
sudo make modules_install install

Fixing grub

There are following things that need to be changed in the /etc/default/grub file. Open this file as sudo, with your favourite text editor, and do the following.

  1. Remove GRUB_HIDDEN_TIMEOUT_QUIET line from the file.
  2. Change  GRUB_DEFAULT to 10 from 0
This is how my file looks after being edited. 

What these changes do is-
  1. Grub menu for choosing OS to boot from is hidden by default in Ubuntu, it changes that to visible.
  2. The menu shows up for 0secs, before choosing the default option. It changes it to 10 secs, so we get a chance to choose which OS to boot from.

After all this, just run the command to apply the changes.
sudo update-grub2

Now restart the machine.

Did it work?

If it worked, then you'll ideally see something like this upon restart -


In advanced options, you'll see two kernels. If you did everything perfectly, and no drivers issues are there, then your new kernel will boot up properly (4.9.8 for me). If you did everything reasonably well, and didn't mess things up too bad, then at least your original kernel should work, if not the new one. If you messed things up completely, then the new kernel won't work, nor would the old kernel (which was working fine to begin with). In my case, in the first trial, my new kernel wasn't working. In the second trial, both kernels were working.

Once you have logged in to your new kernel, just do a uname -r and see the version, and give yourself a pat on the back if it is the kernel version you tried to download.
I did give myself a pat on the back
If your new kernel is not working, then either go through the steps and see if you did something wrong, or compare with this guide and see if I wrote something wrong. If it's none of these, then try the other methods (default config instead of current kernel config, and vice versa). If that too doesn't work, try out some other guides. The purpose of the guide, as explained already, isn't to teach you how to compile linux kernel, but to improve your understanding, and I hope I succeeded in that.

Removing the kernel (optional and untidy section)

The accepted answer here is all you need. I'm gonna write it here anyways. Note that I'm writing this from memory, so some things may be a bit off. Follow the AskUbuntu answer to be sure.

Remove the following (this is correct)-

/boot/vmlinuz*KERNEL-VERSION*
/boot/initrd*KERNEL-VERSION*
/boot/System-map*KERNEL-VERSION*
/boot/config-*KERNEL-VERSION*
/lib/modules/*KERNEL-VERSION*/
/var/lib/initramfs/*KERNEL-VERSION*/
For me, Kernel version is 4.9.8. I don't remember exactly what commands I typed, and am too lazy to check them again, but I think these would work (no guarantee).

cd /boot/
rm *4.9.8*
cd /lib/module 
rm *4.9.8*
cd /var/lib/initramfs
rm *4.9.8*

Also, I have a faint recollection that the name of the initramfs folder was something a bit different in my case (not sure).

Kthnxbye

Tuesday, December 20, 2016

How to hack WPS wifi using android

Below is a guest post by Shabbir, and I'd like to add some comments describing what to expect ahead. First, there are two methods, both are very simple. One works with rooted phones only, and the other works with/without root. Without root you can get connected to the wireless network, but won't find out it's password. These methods work only on vulnerable wifis, so success rate is low. Still, since it's a 5 minute process (simply install an app from play store), it might be worth the effort for most people. <actual post starts below>


You know if you ask me, hacking a wifi network is easiest of the all hacking techniques. And Yes, it is Boring, time consuming and difficult to hack wifi when it comes to android. Because in android you don’t have much powerful resources and you don’t have many hacking attacks and don’t have lots of hacking tools like you do have in Laptop, Pc or mac.
In Today’s post we are going to cover the topic “how to hack wifi with android”.

Hi, this is Shabbir. A guest writer, and contributor at kali tutorials. He is the author of a blog known as “Hacking Tutorials. Let’s get to the tutorial.

We are going to exploit a wifi vulnerability found in most of the router’s security called WPS (wifi protected setup).

According to Wikipedia. A major security flaw was revealed in December 2011 that affects wireless routers with the WPS PIN feature, which most recent models have enabled by default. The flaw allows a remote attacker to recover the WPS PIN in a few hours with a brute-force attack and, with the WPS PIN, the network's WPA/WPA2 pre-shared key. Users have been urged to turn off the WPS PIN feature.
We are describing two methods that are most effective in hacking wifi with android and are almost successful.
Things Required for Both tutorials
  • Android Phone with good Processor and RAM
  • Android Phone Must be Rooted
  • A Wifi Network to hack (Very Important)
  • WPS CONNECT app from Play store (for 1st tutorial)
  • WPS WPA Tester app (for 2nd tutorial)

How this is going hack wi-fi Let’s get to the process

Many Guy says this is the fake app but hey guys this is not a fake app, this is working app for hacking wi-fi password from android mobile. You can hack WiFi network with this app, which has WPS enabled in their router security.
If you found any wi-fi network in your Android mobile, which shows WPS security. You can easily connect with any WPS  security wifi without given any type password. WPS Connect bypasses WPS security and gives you access to connect with wi-fi without typing any password.

Some of recent wifi hacking tutorials on Kali Tutorials.


With this app, you’ll connect to WiFi networks which have WPS protocol enabled. This feature was only available in version 4.1.2 of Android.
App developed for educational purposes. I am not responsible for any misuse.
WPS Connect is focused on verifying if your router is vulnerable to a default PIN. Many routers that companies install own vulnerabilities in this aspect. With this application, you can check if your router is vulnerable or not and act accordingly.
Includes default PINs, as well as algorithms such Zhao Chesung (ComputePIN) or Stefan Viehböck (easyboxPIN).

Step 1

Open the app

Step2

Tap Refresh Icon to get wifi AP with Mac addresses

Step 3

Tap on the wifi you wanna hack

Step 4

Try every pin one by one in the app and try to hack wifi password

Step 5

You have successfully hacked wi-fi via WPS.

2nd app is Wi-fi WPS WPA Tester

WPS Connect app hack only WPS routers with limited features. But this is an advanced app for hacking wifi password from android mobile. Make sure your phone is rooted. You can check the wireless security of your routers from this Android app. If your router is not secure this wifi hacking android app easily bypass wifi password from android mobile and connect with android mobile to router directly without need any type of password.
The algorithm of wps default (zaochensung) SOME of the routers, you can receive the WPA WPA2 WEP set to the router.

Step 1

Open the app

Step 2

Tap on the wifi you wanna hack

Step3

Try every pin one by one in the app and try to hack wifi password

Step4

 After that app will try to brute force and if it succeeded then You have successfully hacked wi-fi via WPS. If some problem came in that process. Ask us in Comment Section.

Conlusion:

This wifi hacking Android apps works in rooted and without rooted android mobile. So you can easily hack wifi password from your android phone without rooting your android phone with this app.
© Kali Tutorials, 2016. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Shashwat Chaudhary and Kali Tutorials with appropriate and specific direction to the original content.
Bitcoin: 1B5aLqJcMW7zznffTxQwta8JTZsxBDPguC