At tonight's meeting, we continued to focus on Penetration testing. Clint had prepared an extensive Impress slide presentation on installing and building media based on Kali Linux as well as the tools followed by outlining the penetration testing process of gathering information, vulnerably scanning, and finally testing actual vulnerability using various tools on Kali Linux including nmap, openVAS, Armitage and metaspoit. Clint demonstrated all this using two laptops, VirtualBox, and a private network consisting of router and an internet connection for displaying websites.
The actual report for tonight's meeting is still a work in progress as we plan on making the LibreOffice Impress slides along with some additional notes as the report. Also, you can email Clint at c_tinsley at msn.com, he will send the pdf of the slides directly to you. We hope to make the full meeting report available here on Saturday, March 19th. Please come back to see the full report then.
Our thanks to Taos who provided the pizza, soda and cookies for our meeting.
Vulnerability Testing Fundamentals
Warning: It is a violation of Idaho Code to use these tools on Public and Enterprise/Company Networks without Permission!
- Tools – Kali Linux Distribution
- Hard Disk Installation
- Bootable USB w/Persistence Creation
- Additional – OpenVAS and LazyKali
- Lab Environment – VirtualBox, Home Network.
- Identifying “Targets” (Computers & Networks)
- Identify Vulnerabilities (Scan)
- Exploit Vulnerabilities (Attack)
Kali Linux www.kali.org
- Overview - http://docs.kali.org
- Tools – http://tools.kali.org/tools-listing
- Tool Groups – Information Gathering, Vulnerability, Exploitation
- Others enumerated!
- Kali Usage – http://docs.kali.org/category/general-use
Installing Kali Linux
- Hard Disk Installation
- USB with Persistence
- Update Update Update
- USB Persistence Size Impact
- Kali Tools on Debian
Hard Disk Installation
- Supports both full disk usage and dual boot.
- Download iso file. https://www.kali.org/downloads/
- Partitioning Schemes
- Recommend LVM (Can be encrypted)
- Multiple Partition Selection - /home, /usr, /var, and /tmp. This allows better management by being able to manage the individual file systems and doing backups and avoiding “disk full”.
- On Windows, use the win32 disk imager (download)
- Linux: UNetbootin doesn’t work! dd can be used
- Better: gnome-disks using “Restore Image” function
- Demonstration ….
- cd home/tinslecl/Downloads/kali-linux-2016.1-amd64/
- Select kali-linux-2016.1-amd64.iso with gnome-disks and restore image to USB Drive.
USB Persistence Size
- When persistence is configured, it creates an overlay where all changed or added files are stored.
- My first USB had 4 GB of persistence storage, on the first update, it ran out of storage for two reasons. 1) The download was almost a gig. 2) All the updated package files were moved to the overlay persistence storage.
- My 8GB peristence volume is now down to 3.2 GB after two updates, loosing about 1 GB per update.
- My 108 GB persistence volume is also showing 5 GB of use after two updates. Still have 97 GB of storage.
Create Persistent Storage
- cd home/tinslecl/Downloads/kali-linux-2016.1-amd64/ from /mnt/root prompt :~# as root user.
- read start _ < <(du -bcm kali-linux-2016.1-amd64.iso | tail -1)
- echo $start (My result was 2810 for 2016.1)
- echo $end
- parted /dev/sdb mkpart primary $start $end
- fdisk /dev/sdb
- mkfs.ext3 -L persistence /dev/sdb3
- mkdir -p /mnt/my_usb
- mount /dev/sdb3 /mnt/my_usb
- echo "/ union" > /mnt/my_usb/persistence.conf
- cat /mnt/my_usb/persistence.conf
- umount /dev/sdb3 Then powerdown, reboot to USB device and choose persistent from menu.
Installing Kali Tools and Add-ons
- Install openVAS on Kali Linux (very useful)
- Install lazykali on Kali Linux (makes kali easier)
- Install Kali Tools on Ubuntu: Katoolin
Install openVAS 8 Scanner
- apt-get update && apt-get upgrade && apt-get dist-upgrade
- apt-get install openvas
- Rebuilding NVT cache... done.
- User created with password 'be766841-0ea7-4fe2-a777-23fbb0bb83bc'.
- Download files: hackpack.tar.gz lazykali.sh
- tar -zxf hackpack.tar.gz
- cd hackpack
- chmod 777 install.sh
- ./install.sh (install hackpack)
- ./lazykali.sh (cd to location first)
- Answer N to update prompt, updates are not available
Fix Lazy Kali Exploit DB
- Update Exploitdb
- Alternate fix:
- cd /usr/share/exploitdb/
- wget https://github.com/offensive-security/exploit-database/archive/master.zip
- unzip -qq master.zip
- rsync -a exploit-database-master/ /usr/share/exploitdb/
- rm -rf master.zip exploit-database-master/
- http://www.techrepublic.com/article/Pro-tip-install-kali-linux-tools- on-ubuntu-with-this-easy-script/
- Open a terminal window
- Install git with the command sudo apt-get install git
- Now, download Katoolin with the command sudo git clone https://github.com/LionSec/katoolin.git
- Copy the katoolin executable to the proper directory with the command sudo cp katoolin/katoolin.py /usr/bin/katoolin
- Give the executable proper permissions with sudo chmod ugo+x /usr/bin/katoolin
- You are now ready to use Katoolin.
Testing Environment VirtualBox or Home Network
- Install VirtualBox 5 (Well Documented)
- Test Machines
- Wordpress from Turnkey:
- https://www.turnkeylinux.org/ - test images Wordpress.ova
- Metasploit Vulnerability Test Machine:
- metasploitable-linux-2.0.0.zip Extract & Install to VirtualBox
- Damn Vulnerable Linux 1.5 – Source Forge
Vulnerability Process tools.kali.org
- Information Gathering:
- nmap (Zenmap GUI) – Document Targets
- Identify Vulnerabilities
- OpenVAS 8 Scan
- Nmap can also be used.
- Attack Possible Vernabilities (are they real?)
- Armitage + Metaspoit
- Maltego – All-In-One – Requires Registration
Document … Document!
- nmap is a great tool for scanning your local network and identifying all the devices on your network
- Using nmap, I documented my home network and also generated target specific .xml files for use in vulnerability testing using Armitage.
- nmap -T4 -A -p 1-1000 172.30.0.* > netscan.txt
- nmap -T4 -A -p 1-1000 172.30.0.* -oX netscan.xml
- 172.30.0.* is my home network ip range.
My Home Network - nmap
nmap scripts /usr/share/nmap/scripts
nmap test target
- nmap --script <script_name.nse> <target>
- nmap –script http-vuln-check.nse scanme.nmap.org
- Admin Network & Security Magazine Feb/Mar 2016
- nmap (ports & services) – generate .xml scan files
- OpenVAS 8
- ovenvas startup
- Demo: Openvas Scans & Reports – Web Based
- https://127.0.0.1:9392 - Admin password from install.
Vulnerability Testing Armitage + Metasploit
- Start up Metasploit Database
- systemctl start postgresql
- msfdb init (if not done previously)
- msfdb start (start Metasploit database
- Run Armitage
- Tutorial: http://www.fastandeasyhacking.com/manual
- Metasploit console
- Much Much More to learn!
- Lots of YouTube videos
- Google & Other Search Engines
- Manuals - RTFM