4 Installing required tools for Penetration Testing in Kali Linux After Network Settings, Hacking Free Complete Course Step By Step

-
Hacking Free Complete Course Step By Step

Installing required tools for Penetration Testing in Kali Linux After Network Settings

Installing Nessus

Although Kali Linux has just about every tool we’ll need, we do need to install a few additional programs. First, we’ll install Tenable Security’s Nessus Home vulnerability scanner. This scanner is free for home use only (you’ll see a description of limitations on the Nessus website). 

Note that Nessus is very actively developed, so the current version as well as its GUI may have changed a bit since this book went to press.

Use the following steps to install Nessus Home from within Kali:
  • Open Applications > Internet > Iceweasel Web Browser and enter http://www.tenable.com/ products/nessus-home/ in the address bar. Complete the Register for an Activation Code information and click Register. (Use a real email address—you’ll need the activation code later.)
  • Once you reach the Downloads page, choose the latest version of Nessus for the Linux Debian 32-bit platform (Nessus-5.2.5-debian6_i386.deb as of this writing) and download it to your root directory (the default download location).
  • Open a Linux terminal (click the terminal icon at the top of the Kali screen) to open a root prompt.
  • Enter ls to see a list of the files in your root directory. You should see the Nessus file that you just downloaded.
  • Enter dpkg -i followed by the name of the file you downloaded (you can type the first letter of the filename and press tab to use tab completion) and press enter to begin the install process. Installation may take a while as Nessus processes various plugins. Progress is shown by a line of hash symbols (#). 
Selecting previously unselected package nessus.
(Reading database ... 355024 files and directories currently installed.)
Unpacking nessus (from Nessus-5.2.5-debian6_amd64.deb) ...
Setting up nessus (5.2.5) ...
nessusd (Nessus) 5.2.5 [build N25109] for Linux
Copyright (C) 1998 - 2014 Tenable Network Security, Inc
Processing the Nessus plugins...
[###########                                                                                                                                       
  • Once you’re returned to the root prompt with no errors, Nessus should be installed, and you should see a message like this.
All plugins loaded
Fetching the newest plugins from nessus.org...
Fetching the newest updates from nessus.org...
Done. The Nessus server will start processing these plugins within a
minute
nessusd (Nessus) 5.2.5 [build N25109] for Linux
Copyright (C) 1998 - 2014 Tenable Network Security, Inc
Processing the Nessus plugins...
[##################################################]
All plugins loaded
- You can start nessusd by typing /etc/init.d/nessusd start
- Then go to https://kali:8834/ to configure your scanner

  • Now enter the following to start Nessus.
root@kali:~# /etc/init.d/nessusd start

  •  Open the URL https://kali:8834/ in the Iceweasel web browser. You should see a SSL certificate warning, similar to that in Figure.

Note : If you access Nessus from outside the Iceweasel browser in Kali, you will need to go to https://<ipaddressofKali>:8834 instead.



  •  Expand I Understand the Risks and click Add Exception. Then click Confirm Security Exception without any change, as shown in Figure (For Example in my case location https://educat.nmu.edu/ replaced with https://kali:8834/)


                        • Click Get Started at the bottom left of the opening Nessus page and enter a username and password on the following page. I’ve chosen admin : password for my example. If you choose something else, remember it because we’ll use Nessus in future. (Note that I use poor passwords throughout this blog, as will many clients you encounter. In production, you should use much better passwords than password.)
                        • At the next page, enter the activation code you received via email from Tenable Security.
                        • Once registered with Tenable Security, choose the option to download plugins (downloading will take some time). Once Nessus processes the plugins, it will initialize.
                        • When Nessus finishes downloading plugins and configuring the software,
                        • you should see the Nessus login screen, as shown in Figure. You should be able to use the credentials for the account you created during setup to log in.


                        To close Nessus, just close its tab in the browser. We will come back to Nessus in future blogs.

                        Installing The Ming C Compiler

                        We need to install a cross compiler so we can compile C code to run on Microsoft Windows systems. The Ming compiler is included in the Kali Linux repositories but is not installed by default. Install it with this command.

                        root@kali:~# apt-get install mingw32

                        Installing Hyperion 

                        We’ll use the Hyperion encryption program to bypass antivirus software. Hyperion is not currently included in the Kali repositories. Download Hyperion with wget, unzip it, and compile it with the Ming cross compiler you installed in the previous step, as shown in Listing.

                        root@kali:~# wget http://nullsecurity.net/tools/binary/Hyperion-1.0.zip
                        root@kali:~# unzip Hyperion-1.0.zip
                        Archive: Hyperion-1.0.zip
                        creating: Hyperion-1.0/
                        creating: Hyperion-1.0/FasmAES-1.0/
                        root@kali:~# i586-mingw32msvc-c++ Hyperion-1.0/Src/Crypter/*.cpp -o hyperion.exe
                        --snip--

                        Installing Veil-Evasion

                        Veil-Evasion is a tool that generates payload executables you can use to bypass common antivirus solutions. Install Veil-Evasion Kali by first downloading it with the command wget. Next, unzip the downloaded file master.zip and change to the Veil-master/setup directory. Finally, enter ./setup.sh and follow the default prompts.

                        root@kali:~# wget https://github.com/ChrisTruncer/Veil/archive/master.zip
                        --2015-11-26 09:54:10-- https://github.com/ChrisTruncer/Veil/archive/master.zip
                        --snip--
                        2015-11-26 09:54:14 (880 KB/s) - `master.zip' saved [665425]
                        root@kali:~# unzip master.zip
                        Archive: master.zip
                        948984fa75899dc45a1939ffbf4fc0e2ede0c4c4
                        creating: Veil-Evasion-master/
                        --snip--
                        inflating: Veil-Evasion-master/tools/pyherion.py
                        root@kali:~# cd Veil-Evasion-master/setup
                        root@kali:~/Veil-Evasion-master/setup# ./setup.sh

                        [Web]: https://www.veil-evasion.com | [Twitter]: @veilevasion 

                        [*] Initializing Apt Dependencies Installation
                        --snip—
                        Do you want to continue? [Y/n]? Y
                        --snip--
                        root@kali:~# 

                        Ettercap Setup

                        Ettercap is a tool for performing man-in-the-middle attacks. Before running it for the first time, we need to make a couple of changes to its configuration file at /etc/ettercap/etter.conf. Open its configuration file from a Kali root prompt in the nano editor. 

                        root@kali:~# nano /etc/ettercap/etter.conf

                        First change the userid and groupid values to 0 so Ettercap can run with root privileges. Scroll down to where you see the following lines in the file. Replace whatever values you see following the equal signs (=) with a 0. 

                        [privs]
                        ec_uid = 0 # nobody is the default
                        ec_gid = 0 # nobody is the default

                        Now scroll down to the Linux section of the file and uncomment (remove the leading # characters) before the two lines shown at 1 and 2 in Listing to set Iptables firewall rules to redirect the traffic. 

                        #---------------
                        # Linux
                        #---------------
                        # if you use ipchains:
                                #redir_command_on = "ipchains -A input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rport"
                                #redir_command_off = "ipchains -D input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rport"
                        # if you use iptables:
                                1 redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
                                2 redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"

                        Save and exit the file by pressing ctrl-X and then Y to save the changes.

                        In our last video we had installed all the Configuring the Network for Virtual Machine, our next tops will be setting up android emulators. If you have not followed us yet, then do so so that you do not miss the upcoming topics. Click Here To Read Our Blogs From Getting Started.



                        Comments

                        Post a Comment

                        Popular posts from this blog

                        14 Creating Standalone Payloads with Msfvenom, Free Hacking Complete Course Step By Step

                        -
                        Image
                        Free Hacking Complete Course Step By Step Creating Standalone Payloads with Msfvenom In 2011, Msfvenom was added to Metasploit. Before Msfvenom, the tools Msfpayload and Msfencode could be used together to create standalone encoded Metasploit payloads in a variety of output formats, such as Windows executables and ASP pages. With the introduction of Msfvenom, the functionality of Msfpayload and Msfencode was combined into a single tool, though Msfpayload and Msfencode are still included in Metasploit. To view Msfvenom’s help page, enter msfvenom -h . So far with Metasploit, our goal has been to exploit a vulnerability in the target system and take control of the machine. Now we’ll do something a little different. Instead of relying on a missing patch or another security issue, we are hoping to exploit the one security issue that may never be fully patched: the users. Msfvenom allows you to build standalone payloads to run on a target system in an attempt to...
                        Read more

                        3 Configuring the Network for Virtual Machine, Hacking Complete Free Course Step By Step

                        -
                        Image
                        Hacking Free Complete Course Step By Step Configuring the Network for Virtual Machine After installing Kali Linux as a Virtual machine we must configuring the network for virtual machine because we’ll be using Kali Linux to attack our target systems over a network, we need to place all our virtual machines on the same virtual network. VMware offers three options for virtual network connections:   Bridged  NAT Host only.   You should choose the bridged option, but here’s a bit of information about each: The bridged network connects the virtual machine directly to the local network using the same connection as the host system. As far as the local network is concerned, our virtual machine is just another node on the network with its own IP address. NAT, short for network address translation, sets up a private network on the host machine. The private network translates outgoing traffic from the virtual machine to the local network. On the local network, traffic from the virt...
                        Read more

                        2 How to Create and Use Virtual Machines For Hacking, Hacking Complete Free Course Step By Step

                        -
                        Image
                        Hacking Free Complete Course Step By Step How to Create and Use Virtual Machines For Hacking Virtual machines allow you to run an operating system in an app window on your desktop that behaves like a full, separate computer. You can use them play around with different operating systems, run software your main operating system can’t, and try out apps in a safe, sandboxed environment. There are several good free virtual machine (VM) apps out there, which makes setting up a virtual machine something anybody can do. You’ll need to install a VM app, and have access to installation media for the operating system you want to install. What’s a Virtual Machine? A virtual machine app creates a virtualized environment—called, simply enough, a virtual machine—that behaves like a separate computer system, complete with virtual hardware devices. The VM runs as a process in a window on your current operating system. You can boot an operating system installer disc (or live CD) inside the...
                        Read more