Hacking | Tools Hacking | Tutorial Hacking | Metasploits | Linux | Backtrack | Ubuntu | Windows 7 |: Linux

Showing posts with label Linux. Show all posts

Saturday, 11 May 2013

How to Install Software's in Kali Linux

Kali Linux is the next generation and advance version of Backtrack Linux, it is more stable, secure and upgraded version of Linux based on Debian. It has been designed for Penetration Tester and Information Security professional and students, it contains all the necessary tools to conduct a successful penetration testing on web application, network, VoIP and WiFi.

Beside ethical hacking tools, a Linux distribution must have necessary utilities and software's so that it can become the first desktop operating system. Kali Linux is stable and it can load required drivers automatically, and it also has Add/Remove Software utility from where you can manage your software's. It already has necessary tools installed from Document viewer to VLC player, but some tools that are required for a desktop computing are not installed and you need to install / configure them by yourself.

This article is the discussion of software's installation in Kali Linux, you can install as many software's as you want but I will discuss the installation of some important software's for example:

Skype (for communication)
Open Office
Flash

When Backtrack 5 was launched, we have discussed the installation of important software's on it but now the time has changed and we have Kali Linux so we will discuss the installation on it.

How to Install Skype in Kali Linux
The first step is to get Skype from its official website, make sure to select your distribution carefully. For Kali choose Ubuntu 10.04 and download it.

After downloading open terminal and locate the download directory, and install it by using dpkg -i command:

Root@ehacking:~/Downloads# sudo dpkg -i skype-ubuntu-lucid_4.1.0.20-1_i386_001.deb

How to Install Open Office in Kali Linux

Open office is a wonderful alternate of MS office, the easiest way to install open office is by using terminal and command "apt-get install openoffice.org" but one of our user has discussed about the repositories problem in Kali Linux. We have also seen that the debain repositories is not working properly hence you cannot install packages by using the terminal. The solution is as follows:

Necessary changes are required for Apt Repositories, kindly follow the steps mentioned below:

root@ehacking:~# cd ..
root@ehacking:/# ls
bin   etc         lib         mnt   root selinux tmp vmlinuz
boot home        lost+found opt   run   srv      usr
dev   initrd.img media       proc sbin sys      var
root@ehacking:/# cd etc/apt
root@ehacking:/etc/apt# nano sources.list

Important: Do not delete the lines that are already present on the source file, just add the following repositories in this file:

deb [arch=i386,amd64,armel,armhf] http://http.kali.org/kali kali-dev main contrib non-free
deb [arch=i386,amd64,armel,armhf] http://http.kali.org/kali kali-dev main/debian-installer
deb http://http.kali.org/kali kali main contrib non-free
deb-src http://http.kali.org/kali kali main contrib non-free
deb-src http://security.kali.org/kali-security kali/updates main contrib non-free

Press CTRL O than enter and than CTRL X for exist, you are almost done. Next step is to update your Linux, on terminal type apt-get update
Now it is very easy to install software's by using terminal for Office type:

# apt-get install openoffice.org

How to Install Flash in Kali Linux

# apt-get install flashplugin-nonfree

Now your Kali is ready to install as many software's as you want.

Monday, 6 May 2013

How I Hacked A Remote Computer By Just IP Address

Hacking a remote computer is always a hot topic among hackers and crackers, a newbie hacker or someone who wants to learn hacking always ask these questions that how to hack into a computer by just knowing the IP address. Although we have discussed so many methods before and I always insist to learn some basic commands, protocols and their usage. This is my story like I have hacked into a remote by just using IP address (I have not downloaded any file even I have not cleared the logs). This story was not planned it just happened and I am sure you will like it and you will learn a lot of things if you don't know the basic commands and protocols.

It was Saturday night and I was working hard on social engineering toolkit remote attack (WAN,Internet attack) that is why I was playing with my router for port forwarding and other stuffs, remember my ISP using a dynamic mechanism so I have created DNS server to get the static IP. It was almost night and I have decided to get some sleep and than I have saved my browser tabs so that next time I will use them.

Its Sunday evening I have opened my browser and the previous tabs open automatically and then I got pop up window it asked about the user-name and password of my router I have looked to the address bar the IP address was same as it was saved by me, I was shocked that my ISP has not changed my WAN IP (remember ISP using dynamic IP), after this I have open a website about whatismyip and I have seen that my IP is different it means the window that ask about user name and password is the IP of another computer.

Just got an idea why not to brute force it and get the access on the victim router, hydra has been discussed before, but before brute force I have decided to use guessing technique and I than I have entered so many combination but failed than I just used the default user name and password huurraaah I was in.

Security was very low, than I did a quick nmap scan to get the open ports (remember I have turned off the firewall of victim router). According to the nmap result ftp and telnet was open and then I realized how vulnerable this victim is.

I came across to my terminal and open telnet to the victim by using the default password and I was in and now I was able to take control of this computer but this was not include in the plan.

FTP (file transfer protocol), I came to my terminal again and this time I have used FTP command with the same combination of user name and password and successful. Remember FTP access means you can download and upload files on remote computer means full access. You can use some GUI ftp client but I used command.

Countermeasure

Always use a strong password
Turn on your Firewall (both on router and computer)

Backtrack commands tutorial

How to Login in BackTrack
Once the installation of BackTrack is done, the default username and password required to log in are root / toor

How to Open GUI Environment BackTrack
After you are logged in you can start the GUI Environment by issuing the startx command

How to check IP address
root@bt:~# ifconfig

How to Setup IP Address Manually
root@bt:~# ifconfig eth0 192.168.1.8
root@bt:~# route add default gw 192.168.1.1
root@bt:~# echo nameserver 192.168.1.1 > /etc/resolv.conf

How to Change the Root Password
root@bt:~# passwd Enter new UNIX password: {enter your new password here}
Retype new UNIX password: {enter your new password again}
passwd: password updated successfully

How to start services
root@bt:~# /etc/init.d/openvpn start
Starting Virtual private network daemon(s)…
root@bt:~# /etc/init.d/openvpn stop

How to check kernel version
Use the uname -a as show below

Common Apt Commands
apt-get install Downloads and all of its dependencies, and installs or upgrades them.
apt-get remove [--purge] Removes and any packages that depend on it. –purge specifies that packages should be purged.
apt-get update Updates packages listings from the repo, should be run at least once a week.
apt-get upgrade Upgrades all currently installed packages with those updates available from the repo. should be run once a week.
apt-get dist-upgrade [-u] Similar to apt-get upgrade, except that dist-upgrade will install or remove packages to satisfy dependencies.
apt-cache search Searches packages and descriptions for .
apt-cache show Shows the full description of .
apt-cache showpkg Shows a lot more detail about , and its relationships to other packages.
man apt Will give you more info on these commands as well as many that are in less common usage.

Common dpkg commands
dpkg -i Installs a package file; one that you downloaded manually, for example.
dpkg -c Lists the contents of a .deb file.
dpkg -I Extracts package information from a .deb file.
dpkg -r Removes an installed package named
dpkg -P Purges an installed package named . The difference between remove and purge is that while remove only deletes data and executables, purge also deletes all configuration files in addition.
dpkg -L Gives a listing of all the files installed by . See also dpkg -c for checking the contents of a .deb file.
dpkg -s Shows information on the installed package . See also apt-cache show for viewing package information in the Debian archive and dpkg -I for viewing package information extracted from a .deb file.
dpkg-reconfigure Reconfigures an installed package.