How to add official Kali Linux Repositories

Recently I created a Kali Linux VM and, for some reason, it didn’t come with the apt repositories. After doing some research, I found a way to do it. Follow this tutorial:

$leafpad /etc/apt/sources.list

Add the following into that file:

## Regular repositories
deb http://http.kali.org/kali kali main non-free contrib
deb http://security.kali.org/kali-security kali/updates main contrib non-free
## Source repositories
deb-src http://http.kali.org/kali kali main non-free contrib
deb-src http://security.kali.org/kali-security kali/updates main contrib non-free

After that, save the file and execute these commands:

$apt-get update
$apt-get upgrade
$apt-get dist-upgrade

You’re all set! Thanks for reading.

Tutorial Man-In-The-Middle attack using sslstrip and arpspoofing with Kali linux

Intention/Intro

Educational purposes only.
This tutorial will teach how to ARP Spoof a network and get user information even from websites with that use encryption (HTTPS). This tutorial we’ll use the Kali Linux (Live CD), the sslstrip software, we’ll modify the etter.conf file, add new rules to the iptables and use the ettercap software.

Pre-configurations

The commands below will set the iptables to redirect everything that comes from port 80 to port 10000. Our goal here is to set the sslstrip to strip HTTPS from pages and give to the end user a HTTP page (with no security, no encryption). So, the port that we’ll use to redirect the striped content will be the port 10000.

$echo 1 > /proc/sys/net/ipv4/ip_forward
$iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port 10000

Usage

It’s time to run sslstrip and do the tricks that I mentioned before. To run it, use the command below:

$sslstrip -l 10000

Now, open another terminal windows and run the command below:

$ettercap -G

A windows will pop and that’s the ettercap GUI. Click on Sniff > Unifed sniff and choose the interface that you have a internet connection (same as your victims). For exemple, I choose wlan0, but if I’re using a cable, and would’ve choose the eth0 interface. Now click on Host > Scan for hosts. Now click again on Host > Host List. Select your gateway (the IP that you can access your router. It’s usually some IP that ends with 1 [like 192.168.2.1] . Keep in mind that’s not a rule!) and click on the button Target 1. Select the IP that your target is using and click on the button Target 2 (you can select multiples IP’s if you click on them holding the Ctrl or Command key). Now, click on Plugins > Manage Plugins and a list of plugins will appear. Now, double click on dns_spoof and make shore that there’s an asterisk ( * ) by it when you double click it. Now, click on Mitm > Arp spoofing and select the first option that you see in the windows that pop up and click on OK. Now click on Start > Start sniffing. You’re all set! Wait until your target access pages like gmail, facebook, twitter or anything that you have to use credentials. When your target access those sites, the ettercap will show the user and password that your target used. Remember: The sslstrip is the responsible for making the HTTPS website unsecured! What I’m saying is that the target’s browser will request the page and the server will return a HTTPS page. The sslstrip intercept it on port 10000 and return to the user a HTTP page (no encryption). Beautiful, isn’t it?

Conclusion

This attack is simple to do and very effective. I strongly recommend that you use the Live Kali (instead of installing on your machine or on a VM). I have Kali installed on a computer and it often gives me headache to fix my mistakes. The ettercap might not work if your using a VM. In order to work, you should download/install all the extras VM tools that’s available. The ettercap might not work on a installed Kali. I couldn’t find one reason for that problem yet, but I read that if you uninstall it and install it from the Github resource, it might work better than the one that came with Kali. Warning: To install ettercap from Github, you might face missing libs. It uses a lot of different libs and it will take some time to you get them all installed on your machine. If you want to try to install it, use the commands below:

$sudo apt-get remove ettercap-common ettercap-graphic
$git clone https://github.com/Ettercap/ettercap
$cd ettercap && mkdir build && cmake ../ && make install

Ettercap, sometimes, didn’t work when I pressed the Star Sniffing option. What I did to make it work? Went to the first step of this tutorial and repeated everything.
How can you protect yourself from attacks like this? You could use a software like XArp, create static ARP tables, or you could read this.

This blog has a Brazilian Portuguese version.

Configuring USB Wifi TP-Link TLWN725N adapter on Kali Linux

I’m using the same adapter that I mentioned on a previously post, the TP-Link TLWN725N. This time I’m trying to make it work on Kali Linux. The first thing that I did was to list my USB devices (after, of course, plug in my USB Wifi adapter):

$lsusb

This command returned some results, but the one that I was interest was:

Bus 005 Device 002: ID 0bda:8179 Realtek Semiconductor Corp.

This shows that the OS recognized my adapter, but it doesn’t have any functionality. If I typed the command below, there wouldn’t show up any wlan* interfaces.

$iwconfig

The found a good tutorial in French which gave me the idea to look for the drive 8188eu (the same one that I used to make the same Wifi adapter work on Raspberry Pi). The difference here is that I must find this file that can be compilable so it can fit exactly on my OS. I Googled for rtl8188eu.tar.gz and the first link was a tarball from Github. I downloaded and extract the tarball using thise commands:

$wget https://github.com/lwfinger/rtl8188eu/tarball/master -O rtl8188eu.tar.gz
$tar xvf rtl8188eu.tar.gz

In order to compile this software, I have to use the command make. Some linux distributions doesn’t come with make pre-installed. To install it, run the command bellow:

$sudo apt-get install linux-headers-$(uname -r)

After this, follow these three steps to compile the firmware and install it:

$cd lwfinger-rtl8188eu-fcc9034/
$make
$sudo make install
$sudo modprobe 8188eu

When you’re done with the commands above, run the command below and behold your Wifi adaptor working smoothly:

$iwconfig

If you’re lazy (just like me), you can download the script that I created or clone my GitHub repository and execute it (commands below):

$git clone http://github.com/pablohenrique/l33ttutorials.git
$sudo sh ./l33ttutorials/linux/install-tplink-tlwn725n-kali-l33ttutorials.sh

Thank you for reading!

This blog has a Brazilian Portuguese version.

Configuring the Raspberry Pi keyboard

The Raspberry Pi keyboard, by default, maps any keyboard as an English keyboard. I’m not English and I use an US keyboard. In order to accomplish the keyboard configuration goal, I found some ways to do it. The last one is a script that I created and is the one that I use (and recommend).

The first thing you could do is edit the file /etc/defaults/keyboard and change the XKBLAYOUT value to “us”. Example:

$sudo nano /etc/defaults/keyboard

XKBLAYOUT=”us”

Another thing you could do is to execute the raspi-config and try to configure your keyboard from one of the options. The command would be:

$sudo raspi-config

The easiest way is to download my script. I know… If you look at it I’m just rewriting the keyboard file using the configurations that I know that all my keyboard keys are mapped correctly. This includes the pipe ” | ” key. The two examples above doesn’t guarantee that this key will work. Again, you can download my script, or you can clone my Github repository and then execute the script (commands below):

$git clone https://github.com/pablohenrique/l33ttutorials.git
$sudo sh ./l33ttutorials/raspberrypi/fixKeyboard-l33ttutorials.sh

Thank you for reading this post! I hope this could be useful.

This blog has a Brazilian Portuguese version.

Making the TP-LINK TL-WN725N USB Wifi nano work on Raspberry pi

I love my Raspberry pi. Tiny, silent and perfect for small projects. Sometimes I made some mistakes and I have to format the SD card and install the OS again. I don’t really like cables, so I bought a TP-Link TLWN725N USB wifi adapter and faced a big problem: my Raspberry Pi don’t have a drive suitable for the wifi adapter. After Googling for a few minutes, I found an awesome tutorial (by MrEngman [Thank you!]) that tough me what to do in order to make the adapter work. Using that information I created a script that can be seen below (or downloaded right here):

#!/bin/bash/
$wget https://dl.dropboxusercontent.com/u/80256631/8188eu-20131223.tar.gz
$tar -zxvf $(pwd)”/8188eu-20131223.tar.gz”
$sudo cp $(pwd)”/rtl8188eufw.bin” /lib/firmware/rtlwifi
$sudo install -p -m 644 $(pwd)”/8188eu.ko” “/lib/modules/”$(uname -r)”/kernel/drivers/net/wireless”
$sudo insmod “/lib/modules/”$(uname -r)”/kernel/drivers/net/wireless/8188eu.ko”
$sudo depmod -a
$sudo reboot

I’m using the Raspbian OS kernel 3.10.25+, so the script above will download a firmware and install it. If you check MrEngman tutorial, you’ll find different firmwares for different kernel versions. Remember, if you want, you can download my script and run it using this command line:

$sudo sh ./wireless-install-l33ttutorials.sh

Another way to get the script is to clone my Github (the git software is pre-installed on Raspbian OS) repository and execute the script file (commands below):

$git clone https://github.com/pablohenrique/l33ttutorials.git
$sudo sh ./l33ttutorials/raspberrypi/wireless-install-l33ttutorials.sh

Check my Github for more Raspberry Pi scripts: https://github.com/pablohenrique/l33ttutorials

This blog has a Brazilian Portuguese version.

Tutorial WPScan with Kali linux

Intentions/Intro

Before I dive in this post, I would like to say that everything I did was for educational purposes only! Now we can move on…
I decided to learn how to use the WPScan tool that’s on Kali linux. WPScan stands for “WordPress Security Scanner”. The tool is very useful and straight forward. The first command that I used was:

$wpscan –help

I believe that’s the wisest command that anyone that wants to learn how to use something should execute, right? The result from that command can be found at the WPScan website.
My next challenge was to find a WordPress website, which was accomplished after Googling for “WordPress website list“. I won’t say which ones I tested this tool, but I can say that it only took me 14 links to find a good target for testing.
I perform my testing using some parameters to the wpscan command, and some of them are listed bellow:

• “–url WEBSITE ” for obvious reasons
• “–enumerate PARAMETER” used to enumerate things
• “–threads NUMBER” execute your scans using more threads
• “vp” this parameter seeks Vulnerable Plugins
• “vt” this parameter seeks Vulnerable Themes
• “u” enumerate usernames
• “–wordlist FILE” use this command to make a brute force attack
• “–username USER” select an user to perform an attack

Usage

Some of the commands that I used was:

$wpscan –url http://www.SomeWebSite.com –enumerate vp –threads 10

$wpscan –url http://www.SomeWebSite.com –enumerate vt

$wpscan –url http://www.SomeWebSite.com –enumerate u

$wpscan –url http://www.MySite.com –wordlist password.lst –username User –threads 30

The last command I used on a friend’s website after he granted me the right to attack his own website. For obvious reasons, I won’t post my findings here, but I can say that, after creating a good password list, it took me some hours to find out his password and gain access to his account.

The command to list vulnerable plugins (the first one from the commands above) gave me enough information to try exploit them. Almost all the plugins that the WPScan found on the websites that I tested didn’t had any true vulnerabilities. A good source to find exploitable plugins is the exploit-db.com website.

Conclusion

This tool is very useful and easy to use. I loved playing with it and soon I’ll try to do new things, like exploit some plugins and themes. Let’s wait for another post, right?

Thank you for reading it, for the stars and for sharing this post.

This blog has a Brazilian Portuguese version.

Creating a good web development environment

For this tutorial I’ll use the Ubuntu linux (for any linux Debian based operational system this tutorial shall work). As soon as you get your OS up and running, use the commands bellow to automatically install everything that you need for a simple web development environment. For this tutorial I’ll install: Oracle Java 8, Apache2, Git, PHP5, PostgreSQL, MySQL, NetBeans 7.4, and SublimeText 2. In order to install the real Java (the one from Oracle, of course), the commands below will uninstall the openjdk and install a repository on your apt-get list. I encourage you, my dear reader, to read the script Before running it on your machine.

$sudo apt-get -y remove –purge openjdk-*
$sudo add-apt-repository -y ppa:webdup8team/java
$sudo apt-get update
$sudo mkdir -p /usr/lib/mozilla/plugins
$sudo apt-get -y install oracle-java8-installer

$sudo apt-get -y install git apache2 postgresql pgadmin3 mysql-server php5 libapache2-mod-php5 php5-pgsql php5-mysql

$wget http://download.netbeans.org/netbeans/7.4/final/bundles/netbeans-7.4-linux.sh
$sudo chmod 777 netbeans-7.4-linux.sh
$sudo ./netbeans-7.4-linux.sh

$wget http://c758482.r82.cf2.rackcdn.com/Sublime%20Text%202.0.2.tar.bz2 -O sublime.tar.bz2
$tar -xf sublime.tar.bz2
$sudo mv Sublime\ Text\ 2/ /opt/
$sudo ln -s /opt/Sublime\ Text\ 2/sublime_text /usr/bin/sublime

For the lazy people (like me), just download this script (works on 32 or 64 bit) and run it using the command below:

$sudo sh lazy-webdev-l33ttutorials.sh

You can also clone my Github repository and execute the script (commands below):

$git clone https://github.com/pablohenrique/l33ttutorials.git
$sudo sh ./l33ttutorials/linux/lazy-webdev-l33ttutorials.sh

Thanks for reading this post.

This blog has a Brazilian Portuguese version.