Kali Linux
Kali Linux is a Linux distribution specifically intended for penetration testing.
Download from here.
What is a penetration test?
"A method of testing a computer system connected to a network for vulnerabilities by actually attempting to invade a computer system using known technology. It is also called penetration experiment or penetration test (also called penetration test or penetration test). [Quoted from Wikipedia](https://ja.wikipedia.org/wiki/%E3%83%9A%E3%83%8D%E3%83%88%E3%83%AC%E3%83%BC%E3 % 82% B7% E3% 83% A7% E3% 83% B3% E3% 83% 86% E3% 82% B9% E3% 83% 88)) "
It's an image of externally diagnosing vulnerabilities in a system in operation.
Kali Linux has a lot of test tools installed, so you need to be careful when setting up your tests to avoid accidental attacks.
Part 1-Environment construction-Network and commands
It explained the physical network configuration and Linux commands.
I think I understand this area roughly, so I'll take a quick look.
CLaunch
CLaunch is a launcher that runs on Windows.
In the past, I felt nostalgic that I was trying to improve efficiency in this way.
I put it in and used it lightly, but I think it is very easy to use because it starts up quickly.
http://hp.vector.co.jp/authors/VA018351/
Part 2 ~ Windows Hacking ~
Metasploit
It's like a chunk of attack software.
You can carry out an attack by executing an exe file while satisfying specific conditions on Windows.
https://www.metasploit.com/
In the book, I take screenshots of the screen, get administrator privileges, access the webcam and take voyeur, and I am doing my best to be malicious (laugh)
Anti-virus software is important, isn't it?
Veli Framework
There seems to be a framework that circumvents that antivirus software ...
https://github.com/Veil-Framework/Veil
In the book, it seems that Windows Defender detected it and the payload was not issued, but I'm sure there is a version that avoids it.
It's scary to properly extract files downloaded from the Internet.
Shellter
It seems to be software that can embed the above attack files like a Trojan horse.
It's so easy to make ...
https://www.shellterproject.com/
VirusTotal
A service that scans for viruses online.
This is convenient.
https://www.virustotal.com/gui/home/upload
MacroShop
You can embed an attack file in the macro function of MS Office.
https://github.com/khr0x40sh/MacroShop
Impressions
Do not open files downloaded from the Internet carelessly.
Obviously, Windows Defender is fine, so it's important to keep the antivirus software running properly.
Part 2 ~ Linux Hacking ~
Metasploitable3
As the name suggests, it is Linux that has a vulnerability that allows metasploit.
https://github.com/rapid7/metasploitable3
Various attacks
Port scan with nmap → identify the application in use → identify the vulnerable application (CVE Details, Exploit-DB Search by -db.com/) etc.) → Attack
Does the following part say that the backdoor is triggered when a user with :) logs in?
sock.put("USER #{rand_text_alphanumeric(rand(6)+1)}:)\r\n")
https://www.exploit-db.com/exploits/17491
It seems that Metasploitable3 already has a backdoor, and it can be connected to port 1524 immediately.
hydra
Software that analyzes passwords with dictionary attacks.
https://github.com/vanhauser-thc/thc-hydra
LAN hacking
Xplico
It is the one that can read the capture file of Wireshark or capture the packet by itself.
https://www.xplico.org/
However, as of April 4, 2020, maintenance seems to have stopped ...
It didn't work on Ubuntu 18.04 ...
https://github.com/xplico/xplico
When running on ubuntu on docker, it looks like this ...
docker run -it -p 9876:9876 --name xplico ubuntu:16.04
##Below docker prompt
apt-get update
apt-get install lsb-release
bash -c 'echo "deb http://repo.xplico.org/ $(lsb_release -s -c) main" >> /etc/apt/sources.list'
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 791C25CE
apt-get update
apt-get install xplico --fix-missing
service apache2 start
/etc/init.d/xplico start
After that, you can log in with xplico / xplico on the screen below and proceed with the analysis.
http://localhost:9876
You can create a session for monitoring by selecting Case creation → session creation.
MITMf
It's a framework that can learn man-in-the-middle attacks, but it doesn't seem to be updated.
https://github.com/byt3bl33d3r/MITMf
Impressions
It's hard to move even if you follow the book.
Or rather, the version has changed quite a bit, so it's good to get the latest information.
Web app hacking
DVWA
This is a vulnerable web application.
http://www.dvwa.co.uk/
I will borrow the image here.
https://hub.docker.com/r/vulnerables/web-dvwa/
Start with docker run --rm -it -p 80:80 vulnerables / web-dvwa and
Go to http: // localhost.
You can log in with admin / password.
Use Burp Suite to perform blind SQL injection.
However, for some reason kalilinux / kali-rolling does not include Burp Suite ...
Drop the installer from here and install it.
https://portswigger.net/burp/releases/professional-community-2020-2-1
But it stops with the following error ...
Caused by: java.lang.UnsatisfiedLinkError: /data/workspace/burpsuite_community_linux_v2020_2_1.sh.7.dir/jre/lib/libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory
So no shah, ubuntu: 18.04.
apt-get update && apt-get install openjdk-8-jre
./burpsuite_community_linux_v2020_2_1.sh
BurpSuiteCommunity
So, I installed it so far, but it looks like a GUI ...
It's better to run Kali Linux quietly with Virtual Box etc ...
bWAPP
You can learn vulnerability attacks by itself.
http://www.itsecgames.com/
I will borrow the image this time as well.
https://hub.docker.com/r/raesene/bwapp/
Once started,
http://localhost/install.php
from
http://localhost/login.php
Then you can go to the learning screen.
Impressions
It takes time to run Burp Suite, so it's a hassle ...
Hacking logon authentication
Abuse of Sticky Keys
It seems to be a way to make it possible to type arbitrary commands by replacing the dialog that appears by pressing Shift 5 times with a command prompt.
It seems to be invalid for Microsoft accounts, so it is safer to log in with a Microsoft account if possible.
Add physical device
Let's put Kali Pi in Raspberry Pi and try the above contents, NAS was convenient.
Expansion of network environment
The content was to access the hacking environment of the house with a nice feeling such as remote desktop or VPN.
Impressions throughout
Since the first edition is 2018/12, the version of the package introduced has changed, and there were some parts that got stuck in the environment construction ...
However, if you proceed too easily in an ignorant state, it seems dangerous, so is it just right?
Personally, I enjoyed it because I had an unknown experience!
