Posted on

Setup Vulhub Lab For hacking practice

Hello aspiring ethical hackers. In this article you will learn how to setup a Vulhub lab for pen testing practice. Getting instances of vulnerable software is one of the most important requirement for practicing penetration testing. Vulhub provides an open-source collection of pre-built vulnerable docker environments. The best thing about Vulhub is that readers don’t need any pre-existing knowledge of dockers and their operation. The only requirement is Docker should already be installed on the system to be able to use Vulhub.

Let’s see how to setup Vulhub Lab. We will do this in Kali Linux on which we already installed Docker earlier. In Kali Linux, open a Terminal and use wget or Git to download the zip archive of Vulhub as shown below.

Once the download is finished, extract the contents of the vulhub-master.zip using unzip command.

This will create a new directory named vulhub-master.

Start the Docker service.

Once the Docker service is started, navigate into the vulhub-master directory and you should see many vulnerable docker images.

Let’s start the WordPress Docker container for testing. Although this container is vulnerable with a different vulnerability, we will use it for showing exploitation of a different vulnerability. Navigate into the WordPress directory and start the docker container as shown below.

Once the container is started, use command “docker ps” to see all the docker  processes running

Every docker container has a container ID. The one with container ID 2522cc4********* is our WordPress docker container. We can use command “docker inspect <container id>” to get more information about the particular Docker container.

The IP address of the WordPress Docker container is 172.22.0.3. The Gateway address is that of the Kali host machine (172.22.0.1). Enter the IP address of the docker container in the browser and you will be prompted to set the password for the WordPress instance.  

Here is the WordPress website we just created (we wanted to set the site title as docker test but misspelled it to docket test).

Go to Exploit Database and download the vulnerable wp-responsive-thumbnail-slider plugin. The plan is to install this vulnerable plugin in WordPress.

Login into the WordPress dashboard with the credentials you set up.

Upload the plugin and activate it.

Now, start Metasploit and load the wp_responsive_thumbnail_slider_upload module.

Set the docker container IP address (172.22.0.3) and check if the target is vulnerable.

The “check” command confirms that the target is indeed vulnerable. It’s time to exploit it. Set the LHOST option to the IP address of the gateway (172.22.0.1). Set the WPusername and WPpassword options to the credentials you have set in the beginning and then execute the module.

The target we set on docker is exploited successfully. The Vulhub Lab we set up is working successfully.

Posted on

Install Parrot OS in VMWare

Hello aspiring Ethical Hackers. In this article, you will see how to install Parrot Security OS in VMware. Kali Linux is the most popular pen testing distro. Its regular updates and stability accord it the top spot. Apart from Kali Linux, there are many other pen testing distros available. One pen testing distro that can give tough competition to Kali Linux is Parrot Security distro. Parrot Security sports many more tools than Kali Linux which includes software for cryptography, cloud, anonymity, digital forensics and of course programming.

In this article, We will be installing Parrot Security OS in VMWare using the OVA file provided by the makers of Parrot OS. You can download the OVA file of Parrot Security OS from here. Once the OVA file is finished downloading, Open VMWare and click on “Open”.

Enable the checkbox to accept the terms and conditions and click on “Next”.

In the new window that opens, browse to the OVA file you downloaded and click on “import”.

If you get an “import failed” error as shown below, click on “Retry”.

The import process starts as shown below.

Once the importing process is finished, Power On the virtual machine.

The installation is finished.

See how to install it on VirtualBox.

Posted on

Install Parrot Security OS in VirtualBox

Hello aspiring Ethical Hackers. In this article, you will learn how to install Parrot Security OS in Virtualbox. Kali Linux is the most popular pen testing distro. Its regular updates and stability accord it the top spot. Apart from Kali Linux, there are many other pen testing distros available. One pen testing distro that can give tough competition to Kali Linux is Parrot Security distro. Parrot Security sports many more tools than Kali Linux which includes software for cryptography, cloud, anonymity, digital forensics and of course programming.

In this article, We will be installing Parrot Security OS in Virtualbox using the OVA file provided by the makers of Parrot OS (See how to install Parrot Security OS using the ISO file). You can download the OVA file of Parrot Security OS from here. Once the OVA file is finished downloading, Open Virtualbox and click on “Import”.

Browse to the OVA file we just downloaded and click on “Next”.

All the settings applied to the virtual machine are displayed. Change any settings if necessary and click on “Import”.

When Software License Agreement is displayed, Click on “Agree”.

Virtual box will start importing the Parrot Security OS virtual appliance as shown below.

After the import is complete, it will be displayed in the list of virtual machines as shown below.

We just need to power it up and the attacker machine is ready.

Posted on

Parrot OS VirtualBox installation using ISO File

Hello aspiring ethical hackers. In this article, you will see how to install Parrot Security ISO in VirtualBox. In our previous article readers have seen how to install Parrot Security OS in VirtualBox using OVA file (VirtualBox image file). In this article, readers will see how to install Parrot  Security OS in VirtualBox using ISO file. Download the Parrot security ISO file from here. Once ISO file is finished downloading, open VirtualBox, go to Machine > New or hit CTRL+N as shown below.

A  new window will open as shown below.

Click on “Expert mode”.

Fill up the details. Configure the machine folder, type of OS, version etc and allocate the RAM (RAM should be minimum 2GB). Once everything is configured, Click on “Create”.

Allocate the hard-disk size (minimum 16 GB is the minimum requirement but keep it at least 20 GB). Set the other options as shown below. Click on “Create”.

The virtual machine is created. Start the newly created virtual machine. It should start as shown below.

     Browse to the ISO file we downloaded earlier and add it as shown below. Then, click on “Start”.

  The interface changes as shown below. Click on “Install”.

Once you are at the OS interface, click on “Install Parrot “. The Calamares Installer opens.

Click on “Next “.  Select Location and click on “Next”.

Select the keyboard mode and click on “Next”.

Set the partition. Select “Erase disk” and click on “Next”.

Create a user and set credentials to the newly created user.

Review all the settings and click on “Install”.

Click on “Install Now.”

The system starts installing as shown below.

Once the system has finished installing as shown below, click on “Done” .

This will restart the system and will take you to the Login screen. Login using credentials of the newly created user and you are good to go. Happy hacking.

Posted on

Installing MATE Desktop in Kali Linux

Hello readers. Today our readers will learn about installing mate desktop in Kali Linux. You all know the first release of Kali Linux this year, Kali Linux 2020.1 has been released in the month of January. The latest version brought many changes like not giving root user by default and some new tools. The most distinct change it brought is a single installer image for installation. Earlier we had different installation images for different desktop environments which include GNOME, KDE etc.
With 2020.1 release, there will be a single installation image for all these and users would have to select the desktop environment he/she needs while installing. The information about different desktop environments and their pros and cons can be seen here.

Today we will see a tutorial on how to install MATE Desktop environment in Kali Linux 2020.1. MATE Desktop although looks old fashioned is light and has a simple interface. Here’s how to install MATE desktop environment in Kali Linux 2020.1. We have performed this tutorial from a X11 terminal but all these commands can be run from any other desktop environment’s terminal. Power on the Kali 2020.1 virtual machine and login (since there is no root user you should login as a user you created or the default user:password i.e kali:kali).

Open a terminal and using nano open the file /etc/apt/sources.list. with sudo

Add these two lines of code to the file and save it.
deb http://kali.download/kali kali-rolling main non-free contrib
deb-src http://kali.download/kali kali-rolling main non-free contrib

To save the file hit CTRl+X and when it prompts select “Yes”.Run command sudo apt-get update

Now everything is ready to install MATE desktop. Run the command given below.
sudo apt-get install mate-core mate-desktop-environment-extra mate-desktop-environment-extras

When the system prompts you for permission to install MATE and its related software, type “Y”.

The installation will take some time to finish. After the installation is finished, restart the system (the command is sudo reboot or reboot if you are doing it from terminal). Once the system reboots and takes you to the login screen, before logging in click on the “settings” icon beside the “Signin” button. There you will see all the desktop environments present on the system right now. Select MATE and then login.

Installing MATE desktop has been successfully finished with this.

Liked this article? Learn advanced ethical hacking tutorials in our Monthly Magazine. Enjoy Free for 3 months.