7 Installing Vulnerable Software For Target Machine, Free Hacking Complete Course

-
Free Hacking Complete Course Step By Step

Installing Vulnerable Software For Target Machine

In this section we’ll install some vulnerable software on our Windows XP virtual machine. We’ll be attacking this software in later chapters. Open your Windows XP virtual machine and, while still logged in as user Admin, follow the directions to install each of the packages listed here.

Zervit

Download Zervit version 0.4 from http://www.exploit-db.com/exploits/12582/. (Click the Vulnerable App option to download the files.) Unzip the downloaded archive and double-click the Zervit program to open and run it. Then enter port number 3232 in the console when the software starts. Answer Y to allowing directory listing, as shown in Figure  Zervit will not automatically restart when you reboot Windows XP, so you will need to restart it if you reboot.


SLMail

Download and run SLMail version 5.5 from http://www.exploit-db.com/exploits/638/, using the default options when prompted. Just click Next for all of the options and don’t change anything. If you get a warning about a domain name, just ignore it and click OK. We don’t really need to deliver any email here. Once SLMail is installed, restart your virtual machine. Then open Start > All Programs > SL Products > SLMail > SLMail Configuration. In the Users tab (default), right-click the SLMail Configuration window and choose New > User, as shown in Figure.


Click the newly created user icon, enter username (for Ex. Accused), and fill in the information for the user. The mailbox name should be Accused with password password. Keep the defaults and press OK once you’ve finished.

3Com TFTP 2.0.1

Next, download 3Com TFTP version 2.0.1 as a zipped file from http://www.exploit-db.com/exploits/3388/. Extract the files and copy 3CTftpSvcCtrl and 3CTftpSvc to the directory C:\Windows.


Then open 3CTftpSvcCtrl and click Install Service. Click Start Service to start 3Com TFTP for the first time. From now on, it will automatically start when you boot up the computer. Press Quit to exit.

XAMPP 1.7.2

Now we’ll install an older version of the XAMPP software, version 1.7.2, from http://www.oldapps.com/xampp.php?old_xampp=45/. (The older version of Internet Explorer on Windows XP seems to have some trouble opening this page. If you have trouble, download the software from your host system and copy it onto Windows XP’s desktop.)

  • Run the installer and accept the default options as they’re presented to you. When installation is finished, choose option 1. start XAMPP Control Panel,
  • In the XAMPP Control Panel, install the Apache, MySQL, and FileZilla
  • services (select the Svc checkbox to the left of the service name). Then click the Start button for each service. Your screen should look like the one shown in Figure.
  • Click the Admin button for FileZilla in the XAMPP Control Panel. The Admin panel.
  • Go to Edit > Users to open the Users dialog.
  • Click the Add button on the right of the dialog box.
  • In the Add User Account dialog box, enter for ex. Accused Hacker and press OK.
  • With Accused Hacker highlighted, check the Password box under Account Settings and enter password.
Click OK. When prompted to share a folder, browse to the Administrator (My System User Name) Documents folder on Windows and select it to share it. Leave the defaults for all other checkboxes, as shown in the figure. Click OK once you’ve finished and exit the various open windows.

Adobe Acrobat Reader

Now we’ll install Adobe Acrobat Reader version 8.1.2 from http://www.oldapps.com/adobe_reader.php?old_adobe=17/. Follow the default prompts to install it. Click Finish once you’re done. (Here again you may need to download the file to your host system and copy it to Windows XP’s desktop.)

War-FTP

Next, download and install War-FTP version 1.65 from http://www.exploit-db .com/exploits/3570/. Download the executable from exploit-db.com to Admin user of desktop and run the downloaded executable to install. You do not need to start the FTP service; we will turn it on when we discuss exploit development in future.

WinSCP

Download and install the latest version of WinSCP from http://winscp.net/. Choose the Typical Installation option. You can uncheck the additional add-ons. Click Finish once you’re done. Installing Immunity Debugger and Mona Now we’ll finish up the Windows XP virtual machine by installing a debugger, a tool that helps detect errors in computer programs. We’ll be using the debugger in the exploit development chapters. Visit the Immunity Debugger registration page at http://debugger.immunityinc.com/ID_register.py. Complete the registration and then press the Download button. Run the installer.
When asked if you want to install Python, click Yes. Accept the license agreement and follow the default installation prompts. When you close the installer, the Python installation will automatically run. Use the default installation values.
Once Immunity Debugger and Python have been installed, download mona.py from http://redmine.corelan.be/projects/mona/repository/raw/mona.py/. Copy mona.py to C:\Program Files\Immunity Inc\Immunity Debugger\PyCommands.
Open Immunity Debugger, and at the command prompt at the bottom of the window, enter !mona config -set workingfolder c:\logs\%p. This command tells mona to log its output to C:\logs\<program name>, where <program name> is the program Immunity Debugger is currently
debugging.
Now our Windows XP target is set up and ready to go.


Summary

We set up our virtual environment, downloaded and customized Kali Linux for attacks, configured our virtual network, and configured our target operating systems—Windows XP/7/8 (With Required Software), Windows 10 (Just Download and Install), and Ubuntu (Just Download And Install). In the next chapter, we will get used to working with the Linux command line, and we’ll be on our way to learning how to use the many pentesting tools and techniques in this book.

In our last video we had installed all the Target Virtual Machines Setup, our next tops will be Using Kali Linux Command Line. If you have not followed us yet, then do so so that you do not miss the upcoming topics. Click Here To Read Our Blogs From Getting Started.


Comments

Post a Comment

Popular posts from this blog

3 Configuring the Network for Virtual Machine, Hacking Complete Free Course Step By Step

-
Image
Hacking Free Complete Course Step By Step Configuring the Network for Virtual Machine After installing Kali Linux as a Virtual machine we must configuring the network for virtual machine because we’ll be using Kali Linux to attack our target systems over a network, we need to place all our virtual machines on the same virtual network. VMware offers three options for virtual network connections:   Bridged  NAT Host only.   You should choose the bridged option, but here’s a bit of information about each: The bridged network connects the virtual machine directly to the local network using the same connection as the host system. As far as the local network is concerned, our virtual machine is just another node on the network with its own IP address. NAT, short for network address translation, sets up a private network on the host machine. The private network translates outgoing traffic from the virtual machine to the local network. On the local network, traffic from the virt...
Read more

5 Setting Up Android Emulators, Free Hacking Course Complete Step By Step

-
Image
Free Hacking Course Complete Step By Step Setting Up Android Emulators In Kali Linux Now we’ll set up three Android emulators on Kali to use for mobile testing. First we’ll need to download the Android SDK. Open the Iceweasel web browser from within Kali and visit https://developer.android.com/sdk/index.html. Download the current version of the ADT bundle for 32-bit Linux and save it to your root directory. Open a terminal, list the files there (ls), and extract the compressed archive that you just downloaded with unzip (the x’s represent the name of your file, as versions may have changed since this was written). root@kali:~# unzip adt-bundle-Linux-x86-xxxxxxxxxxx.zip  Now use cd to go into the new directory (with the same name as the file without the .zip extension). # cd sdk/tools # ./android The Android SDK Manager should open, as shown in Figure. We’ll download any updates to the Android SDK tools and Android SDK platform tools (checked by default), as well as Android 4.3 and ...
Read more

14 Creating Standalone Payloads with Msfvenom, Free Hacking Complete Course Step By Step

-
Image
Free Hacking Complete Course Step By Step Creating Standalone Payloads with Msfvenom In 2011, Msfvenom was added to Metasploit. Before Msfvenom, the tools Msfpayload and Msfencode could be used together to create standalone encoded Metasploit payloads in a variety of output formats, such as Windows executables and ASP pages. With the introduction of Msfvenom, the functionality of Msfpayload and Msfencode was combined into a single tool, though Msfpayload and Msfencode are still included in Metasploit. To view Msfvenom’s help page, enter msfvenom -h . So far with Metasploit, our goal has been to exploit a vulnerability in the target system and take control of the machine. Now we’ll do something a little different. Instead of relying on a missing patch or another security issue, we are hoping to exploit the one security issue that may never be fully patched: the users. Msfvenom allows you to build standalone payloads to run on a target system in an attempt to...
Read more