Latest Post

How to install Virtualbox on Kali Linux

If you want to play around with different systems through the help of virtual machines or if you simply want to create your own pentesting virtual-lab for free, installing virtualbox is one of the best options for linux. Before installing virtualbox, you'll need to make sure that the below dependencies are added to your sources.list file:
## Regular repositories
deb http://http.kali.org/kali kali main non-free contrib
deb http://security.kali.org/kali-security kali/updates main contrib non-free
## Source repositories
deb-src http://http.kali.org/kali kali main non-free contrib
deb-src http://security.kali.org/kali-security kali/updates main contrib non-free
These can be added manually through editing the sources.list file or by running the following command:
leafpad /etc/apt/sources.list
The above command will open one of the available text editors, LeafPad, and will edit your sources file that can be found in the /etc/apt/  location. Save the file after editing and close it. Now, open a terminal window and run:
apt-get update
apt-get upgrade
apt-get dist-upgrade
Once these commands are completed run the following command:
apt-get install linux-headers-$(uname -r)
And then:
wget download.virtualbox.org/virtualbox/4.2.14/virtualbox-4.2_4.2.14-86644~Debian~wheezy_i386.deb
dpkg -i virtualbox-4.2_4.2.14-86644~Debian~wheezy_i386.deb
installation-of-virtualbox-in-kali-linux

wget will download the mentioned version of virtualbox to your home/user folder and dpkg –i will unzip (de-package) your file and install it (through the use of the –i command).

If you need to test the successful installation simply type virtualbox in the terminal.

virtualbox-in-kali-linux

Now you can easily create your own pentesting lab in Kali Linux, but this will be covered in another post.

Create your first script - automatically update and upgrade your Kali Linux installation

Creating scripts is easy in Linux distributions, you just need access to any text editor - Linux has plenty available (gedit or gvim, to name just a few examples) and to some available neurons. In this example we'll use the update and upgrade commands and we'll create ourselves a script that once executed will automatically run the commands for us - this is the easiest example I came-up with.

Open your text editor. At the first line write
#!/bin/bash
Press enter and below this line type:
apt-get clean && apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y
Save it as "update.sh" - or any other name you would prefer.

Kali-update-script

Right click your script and on the "Permissions" tab set a checkmark near Execute - allow executing file as a program.

allow-executing-file-as-program

Now every time you boot-up your Kali, instead of typing the whole thing into a terminal, just run your script.
run-in-terminal-window




Windows automatically creates an Administrator concern human relationship amongst elevated privileges during the installation process. We generally demand to access it to perform tasks express entirely to arrangement Administrators. These are tasks performing which lawsuit inwards the UAC scream for for confirmation fifty-fifty if y'all are using an concern human relationship amongst administrative privileges. The elevated Administrator concern human relationship is disabled past times default inwards Windows 7, Windows 8, Windows 8.1, Windows 10 together with Windows Vista.

To activate it, y'all demand to utilisation whatever i of the the next elementary methods.

Important: It is recommended to entirely utilisation this concern human relationship for troubleshooting purposes together with disable it i time the chore is complete. Even if y'all create move out it enabled, protect it amongst a rigid password to foreclose unauthorized access.

Enable/ Disable the Administrator Account Using the Elevated Command Prompt

Windows automatically creates an Administrator concern human relationship amongst elevated privileges during the Enable the Hidden Administrator Account on Windows 7, 8, 8.1 & 10Command Prompt together with guide Run every bit Administrator. Windows eight together with 8.1 users, search for CMD on the Start enshroud together with inwards the results returned, correct click on Command Prompt together with guide Run every bit Administrator. Windows 10 users, search for CMD inwards the showtime bill of fare together with press Ctrl+Shift+Enter.

2. In the Elevated Command Prompt, type together with execute the next command.

net user administrator /active:yes
3. You should encounter a message indicating that the ascendance was completed successfully.

4. Upon logging out, y'all volition encounter the Administrator concern human relationship available on the login screen.

Disable the built-in Administrator account

To disable the Administrator account, type execute the next ascendance inwards Step 2.

net user administrator /active:no
This volition disable the Administrator concern human relationship together with it volition no longer seem on the login screen.

Enable the Administrator concern human relationship using the Local Users together with Groups Manager

Windows automatically creates an Administrator concern human relationship amongst elevated privileges during the Enable the Hidden Administrator Account on Windows 7, 8, 8.1 & 10
1. Press Windows key+R to opened upward the Run dialog box.

2. In it, type lusrmgr.msc together with press Enter. This volition showtime the Local Users together with Groups Manager.

3. In the Local Users together with Groups Manager, click on Users inwards the left manus pane.

4. Then, inwards the move expanse on the correct side, double click on Administrator.

5. In the next dialog box, uncheck the Account is disabled pick together with click OK.

6. Administrator concern human relationship volition endure at nowadays available on the login screen.

To disable the Administrator account, cheque the "Account is disabled" pick inwards pace 5.

This method volition entirely move if y'all are using Professional or Enterprise editions of Windows 7, Windows 8(.1) together with Windows 10. If y'all are using habitation together with basic versions of these operating systems, this method volition non move for y'all every bit Local Users together with Groups director is non available on them.

Enable or Disable the Administrator concern human relationship using the Local Security Policy Editor

1. Press Windows key+R to opened upward the Run dialog box.
Windows automatically creates an Administrator concern human relationship amongst elevated privileges during the Enable the Hidden Administrator Account on Windows 7, 8, 8.1 & 10

2. Type secpol.msc together with press Enter. This volition showtime the Local Security Policy Editor.

3. In the Local Security Policy Editor, navigate to Local Policies\Security Options.

4. In the move expanse on the correct side, double click "Accounts: Administrator concern human relationship status."

5. In the next dialog box, encircle Enable or Disable to respectively enable together with disable the Administrator account.

6. Press OK. Log off to the login enshroud to encounter the Administrator account.

Local Security Policy Editor is non available on habitation editions of Windows.


SQL Injection attacks with Havij

This is a fictional adventure with fictional characters that have fictional (non)skills based on true events. This post was created for informational purposes only and no admins lost their job during the writing of this story. It was inspired by Troy Hunt's "Hacking is child's play" article.

Bob, a 20-something year old boy, never considered himself a computer “guru”. He started using computers around the age of 18, late compared to his friends. What he lacked in experience, he gathered through patience.
Saturday morning news, July 2012: Yahoo voices was breached, half a million emails and passwords were leaked. The attack was made possible due to a SQL injection flaw on their servers.

yahoo voices logo
 
SQL injection? Sound like a medical term. Bob moves to his computer and starts typing:
sql injection attacks
He goes through the results, reads various topics and his eyes fall on: 
Havij - an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.
Havij SERP results from google search
 
He was never very tech-savvy so this might be what he was looking for. Another search follows:
havij torrent
Bam, first results, his beloved piratebay. The torrent is small in its size so it should be ready soon enough. In the meantime he'll grab a coffee, smoke a cigarette or two and wait.
Minutes later when he returns, the download session is complete. He registers – by using the all-too-easy provided steps - and fires-up the application. 

Havij default first screen

But, he remembers that he needs some websites to test it on. Opens Firefox again, set's the homepage to google.uk and enters:
inurl:newsitem.php?num=

Google results for inurl dork

This is the google “dork” he choose from a list. It's an example of “advanced search string operators” - termed by some people as “dorking”. Since Bob is inexperienced, he doesn't really care what these are or why they're named “dorks”. 
He starts copying and pasting the available results into Havij. First site doesn't work, Havij returns:
MySQL error based injection method cant be used!
MySQL time based injection method can't be used!
He moves on to the other results. Finally, one site seems to be vulnerable, he pressed “Analyze” and in less than 5 seconds:
Havij table results

This is getting interesting. From all the tables, only one seems to have the data he's looking for: labeled_user. He selects the table and clicks on “Get columns”. The important columns are there:
☐ forename
☐ surname
☐ username
☐ password
☐ email
He selects three of them: email, username and password, then presses on “Get data”. Finally, he has access to the admins usernames and passwords. But the passwords are encrypted so he needs to dig-on.

Table results with username and passwords

Havij has an MD5 decryption option available, let's try that one. He tries with the first encrypted password - Havij is using online resources to decrypt passwords.
Success! The results came in seconds and the password has been revealed: johnC1980 – it's a combination between the name of the web admin and his birthday dates - common password combination. Bob moves to the “Find admin” tab and clicks on start. The program found something like nameofthesite.co.uk/admin . He pastes the link into his browser and tries the username and password combination:

admin

John121980

Admin cpanel login screen
 
He's in. It was easier than he thought and now he has access to admin panels of this recruitment agency from the UK. He'll dig more into it tomorrow but for now he's done. He wants to celebrate his script-kiddie success.

Bob's back early in the morning. What if those five users are “recycling” their passwords? This was usually the cause for many famous successful break-ins in the past.
People are lazy and they don't want to remember 12 passwords used on 12 different websites: what they do instead? They use the same password for all sites. You got access to one, you have access to all of them.
After two hours, Bob was able to access John's Gemail, Linked-in, Facebook and twitter account. He used the same password on all of them: John121980.
Worse yet: John creates and administrates websites for other companies also. Obviously he's using the same password. From here on, Bob can get access to a huge amount of login details.
If you're curios enough, the sky is the limit.

How to create a website offline copy with wget in Kali Linux

During the "Reconnaissance" phase we might need to frequently access the targeted website and this can trigger some alarms. I used to rely on Httrack – or WebHttrack – for making one-on-one offline copies for a given web-page, but for some odd reasons it doesn't work on my current Kali installation. For those who want to give WEBHTTRACK a chance, one thing you need to remember: it's not included by default in Kali. In order to install webhttrack type the following:
apt-get update
apt-get install webhttrack
to get the full GUI version, or
apt-get update
apt-get install httrack
to get the command-line version only.

Searching for alternative easy ways to do it, I've found this tutorial from kossboss – all the credit goes there.
Open a terminal and type mkdir /mywebsitedownloads/ and then
cd / mywebsitedownloads – you can name the folder in any way you wish.
Now (copy and paste):
wget --limit-rate=200k --no-clobber --convert-links --random-wait -r -p -E -e robots=off -U mozilla http://www.nameofthesiteyouwanttocopy.com
Replace the nameofthesiteyouwanttocopy.com with the actual name of your targeted web-page. Below is the explanation of each command:

--limit-rate=200k: Limit the download to 200 Kb/sec – higher download rates might seem suspicious.
--no-clobber: don't overwrite any existing files (used in case the download is interrupted and
resumed).
--convert-links: convert links so that they work locally, off-line, instead of pointing to a website online.
--random-wait: Random waits between download – same reason as for the limit-rate.
-r: Recursive - downloads full website
-p: downloads everything, including pictures.
-E: gets the right extension of the file.
-e robots=off: prevent the website from considering your session as a robot/crawler.
-U mozilla: pretends to be just like a web-browser.

Once the download is completed you can find the offline copy in /nameofthefolder you used for saving your downloaded page – look for the home/index.html page.
wget-screen-running-offline-copy

You'll notice that it is an identical copy – it preserves the link structure, pictures, code and other formatting. Remember that anytime you interact directly with any online resources owned by the 'target', there's a chance you'll leave your digital fingerprint behind.

VLC is a video thespian amongst a lot of tricks. While you lot definitely would last aware almost converting videos amongst it, the characteristic of converting whatsoever video to ASCII is 1 that is slightly less known. As ASCII version of movies similar Star wars are real pop online, I intend this characteristic of this amazing media thespian tin last used to convey lots of fun.

VLC is a video thespian amongst a lot of tricks Convert whatsoever Video to ASCII using VLC Media Player
An event of a video inward ASCII form

All you lot postulate to create is opened upwardly whatsoever video as well as VLC volition automatically display its converted form. To convert whatsoever video inward ASCII, simply follow the steps given below:-

1) Open VLC Media Player.
2) Click on the Tools carte du jour as well as inward the drib downward list, click on Preferences at the bottom of the list.
3) Click on Video paradigm inward the left sidebar.
4) Click on the drib downward box side past times side to Output.
5) Select "Color ASCII fine art video output" from the drib downward list.
6) Click Save and restart VLC.

Older versions of VLC mightiness require you lot to modification these settings nether the Advance tab or All Settings tab. As VLC runs on a multifariousness of OSs, this fob volition operate on whatsoever PC capable of running this media player. However, it is interesting to request out that older PCs having miserable hardware volition irksome downward as well as orbit a stuttered output.

How To Remove Iceweasel and Install Firefox in Kali Linux

The default browser in Kali Linux is Iceweasel - in comparison, the default browser in previous backtrack installations has been Firefox, but this also comes from one main difference: Kali is Debian based and Backtrack was based on Ubuntu. Iceweasel is only a rebranded version of Firefox.

Ice Weasel browser logo

If you have whatever reasons and you need to install Firefox in Kali, follow the below steps.
Note: You might want to copy and paste-it into another document - since it involves removing your default browser first.
 apt-get remove iceweasel

This will remove iceweasel from the system.

echo -e "\ndeb http://downloads.sourceforge.net/project/ubuntuzilla/mozilla/apt all main" | tee -a /etc/apt/sources.list > /dev/null

apt-key adv --recv-keys --keyserver keyserver.ubuntu.com C1289A29

apt-get update

apt-get install firefox-mozilla-build

Once Firefox has been installed, you might need flash player and some other add-ons.

To install flash-player addon, open a terminal window and type:

apt-get install flashplugin-nonfree
and then
update-flashplugin-nonfree --install

Personally I also install adblock plus and noscript add-ons.
At the end, we will add Firefox to the application panel: press ALT+right click on the panel and select add to panel. From the menu, click on "Application Launcher".
Expand the "Internet" menu and select Firefox.

How To Unmute Volume at Start-up in Kali Linux

You might have noticed that , by default, the volume is muted on system startup in Kali Linux – this is more annoying then helpful sometimes. If you want to get rid of adjusting your volume every time your system boots-up, here's how you can fix this.
First, install alsa utils: open a console window (for windows users it's the older brother of  "command prompt") and type:
apt-get install alsa-utils -y 
Once installed, type in the same console window:
alsamixer
 
You'll see a screen like the one below:

alsa-mixer-console-settings

Set your volume as high as you like by using the up or down directional keys.
Press F6, and from the list of available sound-cards choose the default card you have installed on your system – in my case it's the HDA Intel.
By using the directional keys (up-down-left-right arrows), move to the Auto-Mute menu.
Set it from the default “Enabled” to "Disabled". Press “Esc” to exit the alsamixer menu, reboot Kali and afterwards you'll notice that the system volume will retain it's volume control, no more “default mute at start-up”.

While nearly of us are already aware of obvious keyboard shortcuts similar “Alt+F4” in addition to “Ctrl+C”, at that topographic point are around obscure shortcuts which nearly of us tend to overlook. These keyboard shortcuts are non alone useful for the average PC user but for advanced users every bit well. This article contains many such amazing keyboard shortcuts which if used properly could salve a lot of fourth dimension in addition to effort. So let's larn started.

Windows key+D: This shortcut is the keyboard equivalent of “Show the Desktop”. It is useful for chop-chop minimizing every opened upwards window when someone walks inwards in addition to you lot are doing around someone work.
While nearly of us are already aware of obvious keyboard shortcuts similar  Useful Keyboard Shortcuts for Windows Computers

Ctrl+Shift+Esc: This shortcut straight starts the describe of piece of occupation manager. While Alt+Ctrl+Del was used to convey out the Task Manager inwards Windows XP in addition to before versions, inwards Windows 10, Windows 8.1, Windows viii in addition to Windows 7, it only brings upwards the lock this figurer screen.

Ctrl+Click: This shortcut is useful for opening a link inwards a background tab. This is useful when you lot conduct maintain to charge a page without leaving the electrical current one.

Alt+Print Screen: takes the screenshot of the electrical current active window every bit opposed to only Print Screen which takes the screenshot of the entire screen.

Shift+Click for Yes to All in addition to No to All: If you lot conduct maintain a lot of dialog boxes hollo for aye in addition to no question, only shift+click Yes or No on 1 to aye all or no all.

Ctrl+C on an fault dialog box to re-create its contents: Suppose your figurer is giving an fault message in addition to you lot desire to re-create its contents to post to the back upwards guy, what practise you lot do? Just press Ctrl+C piece the dialog box is highlighted in addition to its contents volition live on copied to your clipboard.

Ctrl+T: This keyboard shortcut opens a novel tab inwards meshing browsers.

Ctrl+Shift+T: Reopens the concluding shut tab.

Ctrl+Shift+N: This shortcut opens a novel incognito window inwards Google Chrome.

Ctrl+Shift+P: Opens a novel someone window inwards Mozilla Firefox.

Alt+Enter afterward writing the domain hollo inwards the address bar of your browser to insert .com automatically.

Shift+Enter inserts .net domain hollo extension.

Ctrl+W: This shortcut closes the electrical current tab inwards your browser quickly.

Ctrl+Backspace: This shortcut deletes the concluding discussion you lot conduct maintain typed. It is useful inwards representative you lot typed inwards a incorrect discussion in addition to desire to delete it quickly.

Ctrl+Left or Right Arrow key: This shortcut allows you lot to motility the cursor 1 discussion at a fourth dimension instead of the default 1 graphic symbol at a time.

Ctrl++: This shortcut allows you lot to zoom inwards spider web pages inwards spider web browsers. Useful when text on a spider web page is likewise small-scale to read properly. Ctrl+Scroll bicycle tin also zoom inwards documents, file thumbnails in addition to icons inwards Windows 10, Windows 8.1, Windows 8, Windows seven in addition to Windows Vista.

Ctrl+-: This shortcut does the contrary of the previous shortcut.

Ctrl+0: Reset the webpage's zoom.

Windows key+M: Minimizes all the opened upwards windows.

Ctrl+L: This shortcut allows you lot to chop-chop boundary to the address bar of your spider web browser.

Windows key+Pause/Break: Quickly opened upwards the organization properties dialog box.

Ctrl+Shift+Delete: This shortcut opens the choice to delete your browser's history, cookies, cache in addition to other details that it stores piece you lot browse the internet. This shortcut is extremely useful for the privacy conscious.

Windows Key+L: This shortcut locks your computer.

Ctrl+H: makes the history appear.

CTRL+B: Bold CTRL+U: Underline CTRL+I: Italic.

Alt+Select: This shortcut allows you lot to select rectangular blocks of text inwards Word processors, something that is non possible amongst unproblematic select.

F2: Allows you lot to rename the selected file.

Holding Shift piece inserting a device amongst removable storage prevents automatic run.

Ctrl+F: This keyboard shortcut opens the Find choice inwards whatsoever program.

Ctrl+S: If you lot are working on a software in addition to desire to chop-chop salve your progress, this shortcut volition come upwards inwards handy.

Ctrl+Home in addition to Ctrl+End: Useful for chop-chop going to the tiptop in addition to bottom of a page.

Ctrl+P: Useful for printing the electrical current page.

Space Bar: While viewing a spider web page inwards a browser, pressing infinite bar moves the page down.

Alt+Tab: Useful for chop-chop cycling betwixt running applications. Press along amongst Shift to cycle backwards.

Ctrl+Tab: Cycle betwixt tabs inwards your browser.

Ctrl+F5: Clears the cache in addition to refreshes the electrical current tab.

Shift+Right click: Open alternate correct click options.

Alt+Double click: Open the file's properties. Alt+Enter tin also live on used for this.


These are around keyboard shortcuts that I constitute extremely useful. If you lot know around to a greater extent than useful keyboard shortcuts, practise elevate them inwards the comments.

VLC, the gratuitous in addition to opened upward origin media actor is bully at playing media of fifty-fifty the nearly obscure formats. However, that is non all it tin do. It tin move used to easily convert videos from i format to other. Converting videos amongst VLC media actor is pretty fast in addition to is inwards the league of nearly premium video converters inwards price of quality. It tin also move used to resize videos from i size to other for when you lot take away to shrink videos to check inwards your mobile devices. It tin also serve every bit a quick video cutting tool.

Convert Videos amongst VLC Media Player

To convert videos amongst VLC media player, follow the steps given below:-

1) Open VLC media player.
2) Click on Media inwards the Menu bar.
3) In the dropdown menu, click on Convert/Save. Alternatively, you lot tin press Ctrl+R to direct plow over media options.

 the gratuitous in addition to opened upward origin media actor is bully at playing media of fifty-fifty the nearly obscure  Convert, Resize in addition to Cut videos amongst VLC Media Player

4) Click on the Add push clit on the right of the File selection box to charge the video whose format you lot want to change.
5) Click on Convert/Save button.
6) In the next dialog box, click on browse to guide the goal where your converted video volition move saved.

 the gratuitous in addition to opened upward origin media actor is bully at playing media of fifty-fifty the nearly obscure  Convert, Resize in addition to Cut videos amongst VLC Media Player

7) In the profile selection option, guide from a pre-configured profile of the output or customize it past times clicking on the Settings picture on its right. You tin guide from a arrive at of encapsulation, video in addition to well formats inwards the next dialog box if you lot want to customize the output.
8) Click on Start to start conversion.
9) VLC's progress bar volition demonstrate progress. Do non unopen the actor when it is converting videos every bit it volition effect inwards output video getting corrupted.

The speed amongst which VLC converts videos depends upon your computer's specifications. Influenza A virus subtype H5N1 faster reckoner converts faster acre slower PCs accept a lot of time. At the halt of the conversion process, you lot volition teach the video inwards the format that you lot cause got selected inwards footstep 6.

Resize in addition to shrink videos amongst VLC media player

Resizing the video involves making kid changes inwards the steps followed inwards conversion. While customizing the profile inwards footstep 7, become to the Video codec tab. Inside the Resolution tab, teach inwards the desired width in addition to meridian that you lot deem check for your needs. After that, only convert the video every bit you lot ordinarily would. This would effect inwards the output video having the same dimensions that you lot specified. However, it is of import to depository fiscal establishment complaint that exact dimensions would alone move achieved if the facial expression ratio of the video is maintained. If the right facial expression ratio is non satisfied past times your dimensions, VLC volition accept i of your dimension in addition to alter the other to satisfy it.

 the gratuitous in addition to opened upward origin media actor is bully at playing media of fifty-fifty the nearly obscure  Convert, Resize in addition to Cut videos amongst VLC Media Player

Cut videos amongst VLC media player

To crop videos amongst VLC media player, become to the card bar in addition to click on View menu. Inside it, depository fiscal establishment check Advanced Controls. This volition effect inwards a few extra buttons over the normal toolbar. Play the video of your selection in addition to press the tape push clit (from the newly added buttons) at the betoken inwards the video from where you lot want to start. Then, i time to a greater extent than press this push clit when the video reaches the betoken at which you lot want to halt it. The cutting video volition automatically move saved inwards your Videos library. It is located at Libraries/Videos inwards Windows 10, Windows 8.1, Windows 8, Windows seven in addition to Windows Vista. In Windows XP, it is located at My Documents\My Videos. You tin role the Frame past times Frame push clit to teach a high grade of accuracy. You take away to install the newer versions of this program every bit older versions create non back upward this.

Related: A ameliorate agency to cutting videos amongst VLC.

Contact Form

Name

Email *

Message *

Powered by Blogger.