What's New Here?

    recently ran into a situation where I needed to use Kismet with GPS support.  This was extremely difficult to accomplish, not because the installation is difficult (its actually fairly simple when you know the steps) but because there was absolutely NO decent documentation on this. Hopefully this will change that.

    What You Need?


    This header for this section should perhaps be “What I Used.”  Because I’ve only tested my only hardware, its the only thing I can say for certain will work.  I used the ALFA AWUS036NH external wireless adapter, found here:

    http://www.amazon.com/gp/product/B003YIFHJY?ref_=pe_527950_33920250









    And I used the GlobalSat ND-100S USB GPS Dongle, found here:
    http://www.amazon.com/dp/B003WNHGAO/ref=pe_385040_30332190_TE_dp_1


    How to Install in Kali???

    First we need to install a few packages in Kali Linux to get this thing to work.  First, the GPS daemon.

    # sudo apt-get install gpsd




    Then GPSd-clients package:

    # sudo apt-get install gpsd-clients

    Now, you can plug in your hardware.  If you are using a VM, make sure you pass it across.  You can verify that the GPS dongle is there by using the following command:

    # lsusb

    Then verify that your wireless adapter is there, and get the interface name.
    # ifconfig

    Next, make sure that your GPS adapter is showing up in the /dev/ directory.  To do this, use the command:

    # ls /dev/gps*

    This should also help you identify the name.  Once you have identified the path in /dev/, pass that as an argument to gpsd.

    # gpsd /dev/gps[x]


    Did it Work???

    To verify that this worked, we obviously want to boot up Kismet.  Kinda the point…right?  Once Kismet has been booted, use the backtick/accent button ( ` ) to access the Kismet menu at the top.  Scroll right to the Windows menu, then select “GPS Details.”



    Assuming you have signal, you should see the number of satellites connected and the signal strength corresponding to each.  In the example provided below, I have signal from 4 different satellites.  Alternatively, you may see a message indicating that you have no satellite signal.  If this is the case…keep walking/driving around.  It’ll happen.  Otherwise, if you are receiving a message that says no GPS device is connected, time to scrub the whole process and start over again.



    Finally, you can verify that GPS data is being written to the output by examining the contents.  In the .nettxt file below, you can see that their are coordinate values for minimum position, maximum position and peak position. 


    Source

    Justin Hutchens wrote this outstanding article on his blog. - See more at: http://www.ehacking.net/2014/08/kismet-with-gps-in-kali-linux-tutorial.html#sthash.AxSOw7CA.dpuf

    Kismet with GPS in Kali Linux - Tutorial

    Posted by Hafeez Feeze No comments

    recently ran into a situation where I needed to use Kismet with GPS support.  This was extremely difficult to accomplish, not because the installation is difficult (its actually fairly simple when you know the steps) but because there was absolutely NO decent documentation on this. Hopefully this will change that.

    What You Need?


    This header for this section should perhaps be “What I Used.”  Because I’ve only tested my only hardware, its the only thing I can say for certain will work.  I used the ALFA AWUS036NH external wireless adapter, found here:

    http://www.amazon.com/gp/product/B003YIFHJY?ref_=pe_527950_33920250









    And I used the GlobalSat ND-100S USB GPS Dongle, found here:
    http://www.amazon.com/dp/B003WNHGAO/ref=pe_385040_30332190_TE_dp_1


    How to Install in Kali???

    First we need to install a few packages in Kali Linux to get this thing to work.  First, the GPS daemon.

    # sudo apt-get install gpsd




    Then GPSd-clients package:

    # sudo apt-get install gpsd-clients

    Now, you can plug in your hardware.  If you are using a VM, make sure you pass it across.  You can verify that the GPS dongle is there by using the following command:

    # lsusb

    Then verify that your wireless adapter is there, and get the interface name.
    # ifconfig

    Next, make sure that your GPS adapter is showing up in the /dev/ directory.  To do this, use the command:

    # ls /dev/gps*

    This should also help you identify the name.  Once you have identified the path in /dev/, pass that as an argument to gpsd.

    # gpsd /dev/gps[x]


    Did it Work???

    To verify that this worked, we obviously want to boot up Kismet.  Kinda the point…right?  Once Kismet has been booted, use the backtick/accent button ( ` ) to access the Kismet menu at the top.  Scroll right to the Windows menu, then select “GPS Details.”



    Assuming you have signal, you should see the number of satellites connected and the signal strength corresponding to each.  In the example provided below, I have signal from 4 different satellites.  Alternatively, you may see a message indicating that you have no satellite signal.  If this is the case…keep walking/driving around.  It’ll happen.  Otherwise, if you are receiving a message that says no GPS device is connected, time to scrub the whole process and start over again.



    Finally, you can verify that GPS data is being written to the output by examining the contents.  In the .nettxt file below, you can see that their are coordinate values for minimum position, maximum position and peak position. 


    Source

    Justin Hutchens wrote this outstanding article on his blog. - See more at: http://www.ehacking.net/2014/08/kismet-with-gps-in-kali-linux-tutorial.html#sthash.AxSOw7CA.dpuf


    The Kali Linux distribution is one of the most used Pentesting operating systems in the world, why? because it is loaded with a massive toolkit which allows you to perform audits and tests on a wide range of systems. This is exactly the reason why we decided to publish the perfect tutorial on using Kali Linux as a security audit tool. Kali Linux is a new distribution of the well known Backtrack series which get replaced by the Kali series the last year.
    As you might have searched before there are various tutorials on the internet about how you can use Kali tools to perform security audits and pentests. A lot of these videos show you how a security expert is able to perform an specific attack on a specific device, but they do not show you how to setup such an attack on a target that you want to audit. The Kali linux tutorial will give you insight on how you need to target and audit your desired target.

    What do you need to run Kali Linux

    There are various ways on how you can use Kali Linux, for this tutorial we have chosen the virtual option of the Kali Linux distro as this is the most effective and managed way to use Kali Linux. We will be running the virtual environment with the VirtualBox application which can be downloaded for free from Oracle.

    What do you need to download

    As we mentioned above we are going to use the virtual option of the Kali Linux distro, so you will need the following files to make this work. Please install them in the specified order as your internet connection might be interrupted during the installation of the Oracle Virtualbox application.
    1. Install Virtualbox and the dependencies
    2. Wait for the installation of VirtualBox to complete
    3. Once the installation has been completed, download your prefered Kali Linux versionfrom the official website
    Once these steps have been completed you can continue to installing Kali Linux

    Installing Kali Linux

    As you now have installed the VirtualBox application, you will need to run the VirtualBox application and create a new virtual environment with the options that you desire. For our Kali Linux we decided to provide the following options:
    1. 30GB harddisk space
    2. NAT network
    3. 4GB memory
    Go ahead and select the downloaded ISO file and follow the full installation guide which is viewed during the installation of Kali Linux.

    What kind of network will I operate in

    In this Kali tutorial we chose the NAT network option, this means that you will be operating your Kali Linux environment on the same network which your ‘HOST’ is running. This is the computer where the Virtualbox application is installed.

    How do I login on Kali Linux

    Once the installation is completed you will be able to login to your Kali Linux environment with your provided credentials.
    The default password of the Kali Linux system is:
    1. username: “root”
    2. password: “toor”

    Logged in, and now what?

    Now that you have logged in, continue and open the Terminal. Once the terminal is opened we will continue to provide two commands which will update and upgrade your Kali system to the latest version.
    Provide the following commands in the Kali Linux environment:
    • sudo apt-get update
    • sudo apt-get upgrade

    Start your audit

    Now that you are running the latest version you can enter the next commands which will start the Armitage console for you. The armitage console is a GUI which uses the Metasploit database. The metasploit database is filled with exploits and scripts which you can use to audit your target.
    The commands are:
    • sudo service postgresql start
    • sudo service metasploit start
    • sudo armitage
    Once you have entered the commands a new screen will open which will hold the Armitage console. In the Armitage console you will be able to scan domains and addresses. Once they have been scanned you will be able to audit them.

    Kali Linux tutorial on audits and hacking

    Posted by Hafeez Feeze No comments


    The Kali Linux distribution is one of the most used Pentesting operating systems in the world, why? because it is loaded with a massive toolkit which allows you to perform audits and tests on a wide range of systems. This is exactly the reason why we decided to publish the perfect tutorial on using Kali Linux as a security audit tool. Kali Linux is a new distribution of the well known Backtrack series which get replaced by the Kali series the last year.
    As you might have searched before there are various tutorials on the internet about how you can use Kali tools to perform security audits and pentests. A lot of these videos show you how a security expert is able to perform an specific attack on a specific device, but they do not show you how to setup such an attack on a target that you want to audit. The Kali linux tutorial will give you insight on how you need to target and audit your desired target.

    What do you need to run Kali Linux

    There are various ways on how you can use Kali Linux, for this tutorial we have chosen the virtual option of the Kali Linux distro as this is the most effective and managed way to use Kali Linux. We will be running the virtual environment with the VirtualBox application which can be downloaded for free from Oracle.

    What do you need to download

    As we mentioned above we are going to use the virtual option of the Kali Linux distro, so you will need the following files to make this work. Please install them in the specified order as your internet connection might be interrupted during the installation of the Oracle Virtualbox application.
    1. Install Virtualbox and the dependencies
    2. Wait for the installation of VirtualBox to complete
    3. Once the installation has been completed, download your prefered Kali Linux versionfrom the official website
    Once these steps have been completed you can continue to installing Kali Linux

    Installing Kali Linux

    As you now have installed the VirtualBox application, you will need to run the VirtualBox application and create a new virtual environment with the options that you desire. For our Kali Linux we decided to provide the following options:
    1. 30GB harddisk space
    2. NAT network
    3. 4GB memory
    Go ahead and select the downloaded ISO file and follow the full installation guide which is viewed during the installation of Kali Linux.

    What kind of network will I operate in

    In this Kali tutorial we chose the NAT network option, this means that you will be operating your Kali Linux environment on the same network which your ‘HOST’ is running. This is the computer where the Virtualbox application is installed.

    How do I login on Kali Linux

    Once the installation is completed you will be able to login to your Kali Linux environment with your provided credentials.
    The default password of the Kali Linux system is:
    1. username: “root”
    2. password: “toor”

    Logged in, and now what?

    Now that you have logged in, continue and open the Terminal. Once the terminal is opened we will continue to provide two commands which will update and upgrade your Kali system to the latest version.
    Provide the following commands in the Kali Linux environment:
    • sudo apt-get update
    • sudo apt-get upgrade

    Start your audit

    Now that you are running the latest version you can enter the next commands which will start the Armitage console for you. The armitage console is a GUI which uses the Metasploit database. The metasploit database is filled with exploits and scripts which you can use to audit your target.
    The commands are:
    • sudo service postgresql start
    • sudo service metasploit start
    • sudo armitage
    Once you have entered the commands a new screen will open which will hold the Armitage console. In the Armitage console you will be able to scan domains and addresses. Once they have been scanned you will be able to audit them.

    Ah! The world of hackers. It has changed much from the fabled green black terminal operated by guys with spectacles on their eyes and a serious look on their face. Now even a script kiddie who types a few lines on a Kali Linux calls himself a hacker. The terminal is still there, but the colors have changed. It's black terminal with text of all colors. But who cares about the colors. It's the new Operating Systems : The likes of Kali Linux,
    Backtrack, BackBox Linux, Node Zero, Blackbuntu, and many more, which have made hacking much easier. However, has it got easy enough? No. Not at all.



    It's getting harder

    When the going gets tough, the tough get going
    While Kali Linux can make hacking Windows XPwirless networks, and some weak websitesvery easy, it doesn't mean it is a magical solution to all problems. Everything that can be hacked easily is ancient. No one uses Windows XP anymore, and if they do, the machines are patched because of automatic updates. Very few websites are vulnerable to the standard SQL injection attacks. You'll have to think up and use variants of standard injections to counter the defenses. Yes, WEP networks are easy to hack, and are still abundant, especially in developing countries. But if you want to hack Facebook, then you should step back already, you're going the wrong direction. Facebook isn't paying millions for security so that a kid can Google up the procedure to hack FB and be done with it overnight. But wait, how could I even imagine that you've already reached this point. While all this hacking XP and WEP shit is pretty easy, is it okay to assume you can do it, and are worried about the 'harder' part. Or wait, are you experiencing difficulty in even using Kali Linux. Can't figure out how to install it. Well...

    Oh well

    First time is always the hardest
    In the previous few paragraphs I made a big mistake. I assumed that you have installed Kali Linux and can do some basic stuff with it, and the intermediate level tasks are bothering you. I almost forgot how it was for me. Well let me tell you.


    1. I was 12. Wanted to hack this wireless network next door. 
    2. Download some shitty Windows software. Won't work. Plus had malware installed which had to be removed with antivirus.
    3. More googling, came across BT4. Googled up some tutorials on how to install it. Was too stupid for Vmware. Live? No. Couldn't create a bootable USB. I downloaded the OS and simply copied it to the USB and thought it'll boot. Googled more. Some result said something about boot order. Okay, make USB boot before hard disk. Made some sense, but it wouldn't work. As it is, I was scared as hell when modifying stuff in the scary looking BIOS interface. Hoping I don't do any damage.
    4. Some time later, BT5 was released. Me? A bit smarter this time. Could get BT5 to boot. Read some WEP hacking tutorials. Wasn't able to follow. I even had a tough time with getting the GUI to start. In BT5 we had to type startx for starting X Display server. Didn't know that. Finally, hacked wifi using Aircrack-ng GTK or something (don't remember the name exactly, but it was GUI mode of aircrack, and it was pretty easy for a beginner like me to use it).
    5. Took me an year before I knew how to do stuff without GUI. An year sounds like a long time, but remember, I have much more stuff to do than just hack. I used BT5 once every few months, only when a new network would show up in the neighbourhood, and I would hack it with my laptop. 
    6. Had a great sense of accomplishment inside me. Felt like I was king of this territory, and owned every wireless network here. But then, a WPA-2 network appeared. I tried everything I could, but gave up. I read on hackforums a tutorial on using WPS vulnerability to hack WPA. Well, it looked like it was written in an alien language. Honestly, after knowing how easy hacking WPS enable WPA networks is, I seriously think that the first time indeed is the hardest. 
    7. Fast forward to this moment. I have mastered the basics of linux command line interface, but still have a lot to learn. I can write bash scripts to automate stuff, and can use most of the tools with ease. I am currently studying exploit development and research and can write simple exploits. There's a lot left to learn. I know the depths of wireless pentesting, but only intermediate level of web pentesting. I know the basics of social engineering, but again, lot of things to learn. Now if you are concluding I'm an idiot on the basis of the fact that in every field I just know the basics, well then you need to realize that the meaning of basics in my perspective is much different from that in yours. I need to know a lot of stuff, but I know a lot too.
    So what do you conclude from this? Well if you are not able to install Kali, or follow any other tutorial in my website, then don't be surprised. If everyone who visits this website became a hacker, then we'd be having more than 100k hackers created from this website alone, which isn't a good thing at all, considering there are many other websites which receive much more traffic than mine. 

    Why so difficult

    Hacking is an art
    Because that's the way it is. Hacking is an art, and like any other, it takes practice, hard work and determination to master this art. For example, after watching dynamo on TV, I got lured into the idea of becoming a magician. Well, I tried some tricks, but failed miserably. Realized it was not my piece of cake. Some of the tricks require years of practice before they can be pulled off successfully. Not everyone who decides to be a magician ends up becoming one. There are obstacles in the way, disappointments, milestones too hard too achieve. The ones who stay determined all the way to the end only achieve this. It's not everyone's piece of cake. Same goes with hacking. What makes hackers exclusive and special is the fact that not everyone is a hacker. I am known in my class (whole school as well) for being a hacker. Why? Because I'm the only one. Not everyone who sets out to be a hacker becomes one. But there's more to the story than this.


    Not that difficult

    You are lucky that you ended up on this blog (not a quote as such)
    Well, the sites I used to learn hacking were crap. The WEP tutorial was just 3-4 lines of code and no 
    explanation. I won't be wrong if I say that, while I read a lot of tutorials, none was good enough. For every line in a tutorial, I had to google up another tutorial which explained what it meant. That is, I worked hard and figured everything out on my own. You, however, are lucky. The posts in this blog have been written such that everything is properly explained. In the later tutorials I have been a bit lazy, but it won't be a problem if you follow the tutorials in correct sequence. If you have read 2-3 tutorials on pentesting, you would already know the basics, and the 4th one wouldn't have to be very detailed. If you jump to Win 7 hacking without going through XP, then you'll encounter difficulties. Now I have created a page on this blog where I have ordered the posts in the desirable order of reading. You might also look at the navigation menu on top and read all the tutorials on a top to bottom order basis. And here's the truth finally.

    The truth

    I want to hack facebook
    If you are learning hacking to hack your friends account, then you're never going to become a hacker. Just hire someone to do it. Because the time and effort you'll invest in making an attempt to learn how to do it yourself, and eventually  failing in the same, is much more valuable than the money required to hire someone (no I don't hack FB accounts for money). You might still try social engineering, but it is not a 100% working method, and well, phishing is not hacking, and is illegal. However, if you're motives aren't that selfish, and if you are on a quest for knowledge, then rest assured, you will achieve success. Also , you need to know the art of google-fu. If you face any difficulties, remember, google is a friend (and so am I, I have replied to 100s of comments on this blog personally and always get people through difficulties). The last thing, 50% of the people who come to this blog leave within 1 min of their visit, after seeing just one page. 30% stay for 4-10 mins and read 2 posts. 20% stay for more than 10 minutes, and keep coming back. Only these 20% successfully will become a hacker. Either they succeeded in achieving what they wanted, loved the blog, and came back for more, or they didn't succeed, but came back to try again, and I'm sure they would succeed on a second attempt. Remember, never give up. Less than 20% of the visitors here actually succeed in getting what they want, try and be in that 20%. And if you have any suggestion for this post or for my way of explanation or anything else in general, please comment.

    So You Want To Be a Hacker - Kali Linux Tutorial

    Posted by Hafeez Feeze No comments

    Ah! The world of hackers. It has changed much from the fabled green black terminal operated by guys with spectacles on their eyes and a serious look on their face. Now even a script kiddie who types a few lines on a Kali Linux calls himself a hacker. The terminal is still there, but the colors have changed. It's black terminal with text of all colors. But who cares about the colors. It's the new Operating Systems : The likes of Kali Linux,
    Backtrack, BackBox Linux, Node Zero, Blackbuntu, and many more, which have made hacking much easier. However, has it got easy enough? No. Not at all.



    It's getting harder

    When the going gets tough, the tough get going
    While Kali Linux can make hacking Windows XPwirless networks, and some weak websitesvery easy, it doesn't mean it is a magical solution to all problems. Everything that can be hacked easily is ancient. No one uses Windows XP anymore, and if they do, the machines are patched because of automatic updates. Very few websites are vulnerable to the standard SQL injection attacks. You'll have to think up and use variants of standard injections to counter the defenses. Yes, WEP networks are easy to hack, and are still abundant, especially in developing countries. But if you want to hack Facebook, then you should step back already, you're going the wrong direction. Facebook isn't paying millions for security so that a kid can Google up the procedure to hack FB and be done with it overnight. But wait, how could I even imagine that you've already reached this point. While all this hacking XP and WEP shit is pretty easy, is it okay to assume you can do it, and are worried about the 'harder' part. Or wait, are you experiencing difficulty in even using Kali Linux. Can't figure out how to install it. Well...

    Oh well

    First time is always the hardest
    In the previous few paragraphs I made a big mistake. I assumed that you have installed Kali Linux and can do some basic stuff with it, and the intermediate level tasks are bothering you. I almost forgot how it was for me. Well let me tell you.


    1. I was 12. Wanted to hack this wireless network next door. 
    2. Download some shitty Windows software. Won't work. Plus had malware installed which had to be removed with antivirus.
    3. More googling, came across BT4. Googled up some tutorials on how to install it. Was too stupid for Vmware. Live? No. Couldn't create a bootable USB. I downloaded the OS and simply copied it to the USB and thought it'll boot. Googled more. Some result said something about boot order. Okay, make USB boot before hard disk. Made some sense, but it wouldn't work. As it is, I was scared as hell when modifying stuff in the scary looking BIOS interface. Hoping I don't do any damage.
    4. Some time later, BT5 was released. Me? A bit smarter this time. Could get BT5 to boot. Read some WEP hacking tutorials. Wasn't able to follow. I even had a tough time with getting the GUI to start. In BT5 we had to type startx for starting X Display server. Didn't know that. Finally, hacked wifi using Aircrack-ng GTK or something (don't remember the name exactly, but it was GUI mode of aircrack, and it was pretty easy for a beginner like me to use it).
    5. Took me an year before I knew how to do stuff without GUI. An year sounds like a long time, but remember, I have much more stuff to do than just hack. I used BT5 once every few months, only when a new network would show up in the neighbourhood, and I would hack it with my laptop. 
    6. Had a great sense of accomplishment inside me. Felt like I was king of this territory, and owned every wireless network here. But then, a WPA-2 network appeared. I tried everything I could, but gave up. I read on hackforums a tutorial on using WPS vulnerability to hack WPA. Well, it looked like it was written in an alien language. Honestly, after knowing how easy hacking WPS enable WPA networks is, I seriously think that the first time indeed is the hardest. 
    7. Fast forward to this moment. I have mastered the basics of linux command line interface, but still have a lot to learn. I can write bash scripts to automate stuff, and can use most of the tools with ease. I am currently studying exploit development and research and can write simple exploits. There's a lot left to learn. I know the depths of wireless pentesting, but only intermediate level of web pentesting. I know the basics of social engineering, but again, lot of things to learn. Now if you are concluding I'm an idiot on the basis of the fact that in every field I just know the basics, well then you need to realize that the meaning of basics in my perspective is much different from that in yours. I need to know a lot of stuff, but I know a lot too.
    So what do you conclude from this? Well if you are not able to install Kali, or follow any other tutorial in my website, then don't be surprised. If everyone who visits this website became a hacker, then we'd be having more than 100k hackers created from this website alone, which isn't a good thing at all, considering there are many other websites which receive much more traffic than mine. 

    Why so difficult

    Hacking is an art
    Because that's the way it is. Hacking is an art, and like any other, it takes practice, hard work and determination to master this art. For example, after watching dynamo on TV, I got lured into the idea of becoming a magician. Well, I tried some tricks, but failed miserably. Realized it was not my piece of cake. Some of the tricks require years of practice before they can be pulled off successfully. Not everyone who decides to be a magician ends up becoming one. There are obstacles in the way, disappointments, milestones too hard too achieve. The ones who stay determined all the way to the end only achieve this. It's not everyone's piece of cake. Same goes with hacking. What makes hackers exclusive and special is the fact that not everyone is a hacker. I am known in my class (whole school as well) for being a hacker. Why? Because I'm the only one. Not everyone who sets out to be a hacker becomes one. But there's more to the story than this.


    Not that difficult

    You are lucky that you ended up on this blog (not a quote as such)
    Well, the sites I used to learn hacking were crap. The WEP tutorial was just 3-4 lines of code and no 
    explanation. I won't be wrong if I say that, while I read a lot of tutorials, none was good enough. For every line in a tutorial, I had to google up another tutorial which explained what it meant. That is, I worked hard and figured everything out on my own. You, however, are lucky. The posts in this blog have been written such that everything is properly explained. In the later tutorials I have been a bit lazy, but it won't be a problem if you follow the tutorials in correct sequence. If you have read 2-3 tutorials on pentesting, you would already know the basics, and the 4th one wouldn't have to be very detailed. If you jump to Win 7 hacking without going through XP, then you'll encounter difficulties. Now I have created a page on this blog where I have ordered the posts in the desirable order of reading. You might also look at the navigation menu on top and read all the tutorials on a top to bottom order basis. And here's the truth finally.

    The truth

    I want to hack facebook
    If you are learning hacking to hack your friends account, then you're never going to become a hacker. Just hire someone to do it. Because the time and effort you'll invest in making an attempt to learn how to do it yourself, and eventually  failing in the same, is much more valuable than the money required to hire someone (no I don't hack FB accounts for money). You might still try social engineering, but it is not a 100% working method, and well, phishing is not hacking, and is illegal. However, if you're motives aren't that selfish, and if you are on a quest for knowledge, then rest assured, you will achieve success. Also , you need to know the art of google-fu. If you face any difficulties, remember, google is a friend (and so am I, I have replied to 100s of comments on this blog personally and always get people through difficulties). The last thing, 50% of the people who come to this blog leave within 1 min of their visit, after seeing just one page. 30% stay for 4-10 mins and read 2 posts. 20% stay for more than 10 minutes, and keep coming back. Only these 20% successfully will become a hacker. Either they succeeded in achieving what they wanted, loved the blog, and came back for more, or they didn't succeed, but came back to try again, and I'm sure they would succeed on a second attempt. Remember, never give up. Less than 20% of the visitors here actually succeed in getting what they want, try and be in that 20%. And if you have any suggestion for this post or for my way of explanation or anything else in general, please comment.


    Today our tutorial will talk about Kali Linux Man in the Middle Attack. How to perform man in the middle attack using Kali Linux?we will learn the step by step process how to do this.
    I believe most of you already know and learn about the concept what is man in the middle attack, but if you still don't know about this, here is some definition from wikipedia.
    The man-in-the-middle attack (often abbreviated MITM, MitM, MIM, MiM, MITMA) in cryptography and computer security is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.
    Scenario:
    This is the simple scenario, and I try to draw it in a picture.
    Kali Linux Man in the Middle Attack
    Victim IP address : 192.168.8.90
    Attacker network interface : eth0; with IP address : 192.168.8.93
    Router IP address : 192.168.8.8
    Requirements:
    1. Arpspoof
    2. Driftnet
    3. Urlsnarf

    Step by step Kali Linux Man in the Middle Attack :

    1. Open your terminal (CTRL + ALT + T kali shortcut) and configure our Kali Linux machine to allow packet forwarding, because act as man in the middle attacker, Kali Linux must act as router between "real router" and the victim. Read the tutorial here how to set up packet forwarding in linux.
    2. You can change your terminal interface to make the view much more friendly and easy to monitor by splitting kali linux terminal window.
    3. The next step is setting up arpspoof between victim and router.
    arpspoof -i eth0 -t 192.168.8.90 192.168.8.8
    Kali Linux Man in the Middle Attack
    4. And then setting up arpspoof from to capture all packet from router to victim.
    arpspoof -i eth0 192.168.8.8 192.168.8.90
    Kali Linux Man in the Middle Attack
    5. After step three and four, now all the packet sent or received by victim should be going through attacker machine.
    6. Now we can try to use driftnet to monitor all victim image traffic. According to its website,
    Driftnet is a program which listens to network traffic and picks out images from TCP streams it observes. Fun to run on a host which sees lots of web traffic.
    7. To run driftnet, we just run this
    driftnet -i eth0
    When victim browse a website with image, driftnet will capture all image traffic as shown in the screenshot below.
    Kali Linux Man in the Middle Attack
    To stop driftnet, just close the driftnet window or press CTRL + C in the terminal
    8. For the next step we will try to capture the website information/data by using urlsnarf. To use urlsnarf, just run this code
    urlsnarf -i eth0
    and urlsnarf will start capturing all website address visited by victim machine.
    9. When victim browse a website, attacker will know the address victim visited.
    Kali Linux Man in the Middle Attack
    Here is the video in case you can't get the text explanations above.
    Conclusion:
    1. To change or spoof the attacker MAC address, you can view the tutorial about how to change kali linux MAC address.
    2. Driftnet or Urlsnarf was hard to detect, but you can try to find the device in your network with promiscious mode which have possibliity to sniff the network traffic.
    Hope you found it useful :-)
    - See more at: http://www.hacking-tutorial.com/hacking-tutorial/kali-linux-man-middle-attack/#sthash.p8piGoyv.dpuf

    Kali Linux Man in the Middle Attack- Kali Linux Tutorial

    Posted by Hafeez Feeze No comments


    Today our tutorial will talk about Kali Linux Man in the Middle Attack. How to perform man in the middle attack using Kali Linux?we will learn the step by step process how to do this.
    I believe most of you already know and learn about the concept what is man in the middle attack, but if you still don't know about this, here is some definition from wikipedia.
    The man-in-the-middle attack (often abbreviated MITM, MitM, MIM, MiM, MITMA) in cryptography and computer security is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.
    Scenario:
    This is the simple scenario, and I try to draw it in a picture.
    Kali Linux Man in the Middle Attack
    Victim IP address : 192.168.8.90
    Attacker network interface : eth0; with IP address : 192.168.8.93
    Router IP address : 192.168.8.8
    Requirements:
    1. Arpspoof
    2. Driftnet
    3. Urlsnarf

    Step by step Kali Linux Man in the Middle Attack :

    1. Open your terminal (CTRL + ALT + T kali shortcut) and configure our Kali Linux machine to allow packet forwarding, because act as man in the middle attacker, Kali Linux must act as router between "real router" and the victim. Read the tutorial here how to set up packet forwarding in linux.
    2. You can change your terminal interface to make the view much more friendly and easy to monitor by splitting kali linux terminal window.
    3. The next step is setting up arpspoof between victim and router.
    arpspoof -i eth0 -t 192.168.8.90 192.168.8.8
    Kali Linux Man in the Middle Attack
    4. And then setting up arpspoof from to capture all packet from router to victim.
    arpspoof -i eth0 192.168.8.8 192.168.8.90
    Kali Linux Man in the Middle Attack
    5. After step three and four, now all the packet sent or received by victim should be going through attacker machine.
    6. Now we can try to use driftnet to monitor all victim image traffic. According to its website,
    Driftnet is a program which listens to network traffic and picks out images from TCP streams it observes. Fun to run on a host which sees lots of web traffic.
    7. To run driftnet, we just run this
    driftnet -i eth0
    When victim browse a website with image, driftnet will capture all image traffic as shown in the screenshot below.
    Kali Linux Man in the Middle Attack
    To stop driftnet, just close the driftnet window or press CTRL + C in the terminal
    8. For the next step we will try to capture the website information/data by using urlsnarf. To use urlsnarf, just run this code
    urlsnarf -i eth0
    and urlsnarf will start capturing all website address visited by victim machine.
    9. When victim browse a website, attacker will know the address victim visited.
    Kali Linux Man in the Middle Attack
    Here is the video in case you can't get the text explanations above.
    Conclusion:
    1. To change or spoof the attacker MAC address, you can view the tutorial about how to change kali linux MAC address.
    2. Driftnet or Urlsnarf was hard to detect, but you can try to find the device in your network with promiscious mode which have possibliity to sniff the network traffic.
    Hope you found it useful :-)
    - See more at: http://www.hacking-tutorial.com/hacking-tutorial/kali-linux-man-middle-attack/#sthash.p8piGoyv.dpuf

    firefox-logo
    Contents [show]

    Introduction

    This is a small and quick guide on How to install Firefox in Kali Linux.
    Mozilla Firefox is a free and open-source web browser developed for Windows, OS X, and Linux, with a mobile version for Android, by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. Firefox uses the Gecko layout engine to render web pages, which implements current and anticipated web standards.
    As of July 2013, Firefox has between 16% and 21% of worldwide usage, making it the third most popular web browser, according to different sources. According to Mozilla, Firefox counts over 450 million users around the world. The browser has had particular success in Indonesia, Germany, and Poland, where it is the most popular browser with 57%, 45% and 44% of the market share, respectively. Source:Wikipedia
    IceWeasel is the default browser in Kali Linux which is really Firefox with a different name and logo. Debian guru’s didn’t like Mozilla’s license agreement and decided to use IceWeasel instead of Firefox. Personally, I can’t see much differences but if you’re one of those people who MUST use Firefox this guide will help you to replace IceWeasel with Firefox.
    Note: This is copy paste guide to achieve that. So yeah, this is the best way to go about..

    Close IceWeasel


    iceweasel logo

    If you have IceWeasel running, how are you going to remove it? So copy these instructions into Leafpad and close IceWeasel. Maybe you could bookmark this site to come back and check? Upto you really.

    Install Firefox in Kali Linux

    Copy paste these commands in your Terminal.
    apt-get remove iceweasel
    echo -e "\ndeb http://downloads.sourceforge.net/project/ubuntuzilla/mozilla/apt all main" | tee -a /etc/apt/sources.list > /dev/null
    apt-key adv --recv-keys --keyserver keyserver.ubuntu.com C1289A29
    apt-get update
    apt-get install firefox-mozilla-build

    Testing

    Now find Firefox logo and fire it up.
    Hope this small guide helps someone out there..

    Thanks for reading.
    End of guide How to install Firefox in Kali Linux.

    How to install Firefox in Kali Linux

    Posted by Hafeez Feeze No comments

    firefox-logo
    Contents [show]

    Introduction

    This is a small and quick guide on How to install Firefox in Kali Linux.
    Mozilla Firefox is a free and open-source web browser developed for Windows, OS X, and Linux, with a mobile version for Android, by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. Firefox uses the Gecko layout engine to render web pages, which implements current and anticipated web standards.
    As of July 2013, Firefox has between 16% and 21% of worldwide usage, making it the third most popular web browser, according to different sources. According to Mozilla, Firefox counts over 450 million users around the world. The browser has had particular success in Indonesia, Germany, and Poland, where it is the most popular browser with 57%, 45% and 44% of the market share, respectively. Source:Wikipedia
    IceWeasel is the default browser in Kali Linux which is really Firefox with a different name and logo. Debian guru’s didn’t like Mozilla’s license agreement and decided to use IceWeasel instead of Firefox. Personally, I can’t see much differences but if you’re one of those people who MUST use Firefox this guide will help you to replace IceWeasel with Firefox.
    Note: This is copy paste guide to achieve that. So yeah, this is the best way to go about..

    Close IceWeasel


    iceweasel logo

    If you have IceWeasel running, how are you going to remove it? So copy these instructions into Leafpad and close IceWeasel. Maybe you could bookmark this site to come back and check? Upto you really.

    Install Firefox in Kali Linux

    Copy paste these commands in your Terminal.
    apt-get remove iceweasel
    echo -e "\ndeb http://downloads.sourceforge.net/project/ubuntuzilla/mozilla/apt all main" | tee -a /etc/apt/sources.list > /dev/null
    apt-key adv --recv-keys --keyserver keyserver.ubuntu.com C1289A29
    apt-get update
    apt-get install firefox-mozilla-build

    Testing

    Now find Firefox logo and fire it up.
    Hope this small guide helps someone out there..

    Thanks for reading.
    End of guide How to install Firefox in Kali Linux.

    In keeping with the Kali Linux Network Services Policy, there are no network services, including database services, running on boot so there are a couple of steps that need to be taken in order to get Metasploit up and running with database support.
    This post solves the following issues when starting metasploit:
    1. [-] Error while running command db_connect: Failed to connect to the database: PG::Error: ERROR:  permission denied to create database : CREATE DATABASE “metasploit3″ ENCODING = ‘utf8′
    2. [-] Error while running command db_connect: Failed to connect to the database: FATAL: role “root” does not exist
    3.  msf > db_status[*] postgresql selected, no connection

    Start the Kali PostgreSQL Service

    Metasploit uses PostgreSQL as its database so it needs to be launched first.
    service postgresql start
    You can verify that PostgreSQL is running by checking the output of ss -ant and making sure that port 5432 is listening.
    State Recv-Q Send-Q Local Address:Port Peer Address:Port
     LISTEN 0 128 :::22 :::*
     LISTEN 0 128 *:22 *:*
     LISTEN 0 128 127.0.0.1:5432 *:*
     LISTEN 0 128 ::1:5432 :::*

    Start the Kali Metasploit Service

    With PostgreSQL up and running, we next need to launch the metasploit service. The first time the service is launched, it will create a msf3 database user and a database called msf3. The service will also launch the Metasploit RPC and Web servers it requires.
    service metasploit start

    Launch msfconsole in Kali

    Now that the PostgreSQL an Metasploit services are running, you can launch msfconsole and verify database connectivity with thedb_status command as shown below.
    msfconsole
    msf > db_status
     [*] postgresql connected to msf3
     msf >

    Configure Metasploit to Launch on Startup

    If you would prefer to have PostgreSQL and Metasploit launch at startup, you can use update-rc.d to enable the services as follows.
    update-rc.d postgresql enable
    update-rc.d metasploit enable
    I don’t claim ownership with this post, this is also available in Kali Linux Official Documentation. I again suggest readers to do some study and read Kali Official Documentation.
    If you’re interested on how to use metasploit to pentest Windows 2003 Server, following guide will take you through step by step procedures.
    Thanks for reading. Please share.

    Start Metasploit Framework in Kali Linux

    Posted by Hafeez Feeze No comments

    In keeping with the Kali Linux Network Services Policy, there are no network services, including database services, running on boot so there are a couple of steps that need to be taken in order to get Metasploit up and running with database support.
    This post solves the following issues when starting metasploit:
    1. [-] Error while running command db_connect: Failed to connect to the database: PG::Error: ERROR:  permission denied to create database : CREATE DATABASE “metasploit3″ ENCODING = ‘utf8′
    2. [-] Error while running command db_connect: Failed to connect to the database: FATAL: role “root” does not exist
    3.  msf > db_status[*] postgresql selected, no connection

    Start the Kali PostgreSQL Service

    Metasploit uses PostgreSQL as its database so it needs to be launched first.
    service postgresql start
    You can verify that PostgreSQL is running by checking the output of ss -ant and making sure that port 5432 is listening.
    State Recv-Q Send-Q Local Address:Port Peer Address:Port
     LISTEN 0 128 :::22 :::*
     LISTEN 0 128 *:22 *:*
     LISTEN 0 128 127.0.0.1:5432 *:*
     LISTEN 0 128 ::1:5432 :::*

    Start the Kali Metasploit Service

    With PostgreSQL up and running, we next need to launch the metasploit service. The first time the service is launched, it will create a msf3 database user and a database called msf3. The service will also launch the Metasploit RPC and Web servers it requires.
    service metasploit start

    Launch msfconsole in Kali

    Now that the PostgreSQL an Metasploit services are running, you can launch msfconsole and verify database connectivity with thedb_status command as shown below.
    msfconsole
    msf > db_status
     [*] postgresql connected to msf3
     msf >

    Configure Metasploit to Launch on Startup

    If you would prefer to have PostgreSQL and Metasploit launch at startup, you can use update-rc.d to enable the services as follows.
    update-rc.d postgresql enable
    update-rc.d metasploit enable
    I don’t claim ownership with this post, this is also available in Kali Linux Official Documentation. I again suggest readers to do some study and read Kali Official Documentation.
    If you’re interested on how to use metasploit to pentest Windows 2003 Server, following guide will take you through step by step procedures.
    Thanks for reading. Please share.

    Popular Posts

    back to top