Posted on 1 Comment

Install Parrot OS in Vmware

Kali Linux is the most popular and also my favorite pen testing distro. Its regular updates and stability accord it the top spot. Apart from Kali Linux, there are many other pen testing distros available. One of them is Parrot Security distro. Parrot Security sports many more tools than Kali Linux which includes software for cryptography, cloud, anonymity, digital forensics and of course programming. One of our readers has requested us to make a guide on how to install Parrot Security OS in Vmware. So be it.

Download the Parrot Security OS . Unlike the makers of Kali Linux, Parrot Security have not yet provided a Vmware image to download. So we have to download a iso image (depending on your architecture yo- u can download a 32bit or 64 bit iso file). Once the download is finished, open Vmware Workstation (Version 12 used for this article). Hit “CTRL+N”. The below window should open.

Make sure the “Typical” option is selected, and click on “Next”. That takes us to the next window. Initially, the “installer disc image file” field should be empty. Click on “browse” and browse to location of the iso file we just downloaded and select it. Now the window should look like below. Click on “Next”.

The Guest operating system should be automatically selected for you, if not select Linux as OS and version as Debian 8.x (since I am installing a 32bit, make it Debian 8.x64 if installing 64bit). Click on Next.

Choose the name of virtual machine and its location as you like. I named it Parrot. Click on “Next”.

Allocate the hard disk memory for your virtual machine. Keep the minimum as 20GB. Click on Finish.

It will show you a summary of all the selections you made. If you want to make any changes, click on Customize hardware or else click on Next.

The virtual machine is created with the name you gave it. Power on the virtual machine. It will boot and take you to the interface shown below. Choose the “Install” option. In the next window select “Standard Installer”. You can select these options using “tab” button.

Select the language in which you want to continue the installation process.

Select your country. For this article, I chose location as India.

Select the keyboard configuration you want.

It is important to set the root password (no need to tell it is Linux’s most powerful account) for the machine before we do anything. Set a complex password. Read the suggestions before you set the root password.

Re-enter the root password again to confirm it.

It is a good practice to use the system as a no -n root user. The system will prompt you to create a new user account for non-administrative activities. I am creating a user with name kalyan. I am giving the same name as username.

Create a password for the user account you just created. Make it a good password for security reasons.

Re-type the password again to confirm the password you have assigned.

The next step is partitioning the hard disk. Unless you are an expert or want to try something different, use the entire disk.

The system will warn you before partitioning. Select the disk for partitioning.

It will ask you to choose the partitioning scheme. Choose the first one. It is also recommended for users.

Next, it will show you changes you have configured before writing the changes to the disk. Select “Finish partitioning and write changes to the disk”.

Confirm for one last time that you want to writ-e changes to the disk. Select “Yes”.

The installation process will start and may take some time. You can have snacks and come back. After installation finishes, it will prompt whether you want to install GRUB boot loader.

Select Yes. Then it will ask you where to install the boot loader. Select the /dev/sda disk.

After the installation is finished, it will show you a message as shown below. It’s time to boot into your new system.

As the system boots, it will ask present you a login screen. You can login as either root or the new user you created it. Once you login, your new pen testing distro should look as below.

Posted on 2 Comments

How to install HP Webinspect in Windows 10

Webinspect is an automated web application security scanning tool from HP. It helps the security professionals to assess the potential vulnerabilities in the web application. It is basically a dynamic black box testing tool which detects the vulnerabilities by actually performing the attack. Today we will see how to install HP Webinspect in Windows.

We will be installing it on Windows 10. HP Webinspect requires SQL server to be installed on the system. So first install SQL server express on Windows as shown here. After SQL server is installed successfully, download the latest version of HP Webinspect from their website. We will use version 16.10 for this howto. Right click on the downloaded file and run with administrator privileges.

The installation wizard will start with the welcome message as shown below. Click on”Next”.

Accept the license agreement and click on “Next”.

You can change the installation folder if you want although keeping it default will not hurt. Click on “Next”.

If you want to setup Webinspect as a sensor, select the option and click on “Next”.

Click on “Install” to start installation process.

Once the installation is over, it will show you the below window. If you want to start HP webinspect, select the option and click on “Finish”.

The program will launch as shown below.

If you get something like below, you have no SQL server installed on your system. Install SQL server express and launch the program again.

The program will prompt you for activation as shown below. The program also offers 15 days trial. I am registering for the trial.

Once the registration process is over, the program will open as shown below. Update the program. In our next howto, We will see how to perform  web app pentesting with HP Webinspect. Until then, Happy Weekend.

That is how to install HP Webinspect in Windows.

Posted on 2 Comments

Install SQL server 2012 express in Windows 10

Good morning friends. Today we will see how to install SQL server express 2012 in Windows 10.  Download the relevant SQL server 2012 express from the website of Microsoft.  Right click on the downloaded file and run with administrator privileges. The below window should open. Click on the “New SQL server stand-alone installation” option since we are installing a new version of the database server.

Accept the license terms and click on “Next”.

Most probably the server will update to service pack 1. Leave it to update and after successful update, click on “Next”.

Click on “Install”. The installation process will start. As it will download setup files, it will take some time.

It will prompt you to select the features you want to install. If you are not sure what you want, leave the default selection and click on “Next”.

The Instance configuration window opens. Leave the default options and click on “Next”.

Click on “Next”.

Configure the authentication for the SQL server. If you have no idea, once again leave the default options and click on “Next”.

If you want to send any errors to Microsoft, select the option and click on “Next”.

The installation will start as shown below.

The installation progress will end with the below window. Congrats, You have successfully installed SQL server express 2012 in Windows 10.

That’s how we install SQL Server 2012 in Windows. See how to install HP WebInspect in Windows.

Posted on 2 Comments

How to setup OpenVAS in Kali Linux

Good Evening Friends. Today our howto is about how to setup OpenVAS in Kali Linux or Kali Linux Sana for that matter. As you already know, OpenVAS is a vulnerability scanner which replaced Nessus vulnerability scanner in Kali Linux. You should already have observed that Nessus is not installed by default in Kali Linux( see here if you are looking how to install Nessus in Kali Linux). Openvas is installed by default in Kali Linux. We just need to configure it to make it available for vulnerability scanning. Let’s see how. Open terminal and type command “openvas-check-setup“. We will use this command  many times from now. The good thing about installation of Openvas is it is very simple. Simple in the sense that it will automatically give the fix for the errors we face in configuring Openvas. As shown below, we will get a error and the “fix” to fix that error just below it.

As shown in the “fix” above, type command “openvas-mkcert” . This will create an openvas ssl certificate as shown in the below two images.

The certificate will end like as shown below.

When the certificate is successfully created, once again type command “openvas-check-setup” to check the next step in the process. You can see below underlined what our next command is.

Type the command “openvas-nvt-sync” as shown below.

The process will run and end as shown below.

Once again, type command “openvas-check-setup“. It will prompt you the next command to run.

Type the command “openvas-mkcert-client -n -i“. This will create a client certificate for the Openvas manager.

Once the client certificate is successfully created as shown above, once again check the setup by typing command “openvas-check-setup“. This time it will ask you to create a user as shown below.

Type the below command to create a user. Choose your username and password as per your choice. I have chosen “root” and “toor” consecutively.

Next type command “openvas-check-setup”. It will ask you to rebuild as shown below.

Before rebuilding, start the openvas scanner as shown below by typing command “/etc/init.d/openvas-scanner start“.

Then type command “openvas –rebuild” to update the database.

Next type command “openvas-check-setup”. 

Type command “openvas-scapdata-sync”. This will take a bit long time.

Once the above process is finished, type command “openvas-check-setup” once again.

Type command “openvas-certdata-sync“.  The process will run as shown below.

Next, type command “openvas-check-setup” for one last time, hopefully. You will get a message that your OpenVAS installation is OK as shown below.

Restart the system and start openvas by typing command “openvas-start“.

Open your browser and point it to port number 9392 as shown below. You should get a warning as shown below. Click on “I understand the risks”.

This will prompt you with a login screen. Login with the credentials we created above.( Hope you have not forgotten them).

Once you login you should see the screen as shown below. Hurrah, you have successfully configured Openvas in Kali Linux. Happy hacking.

Posted on 2 Comments

How to install Shellter in Kali Linux

It is a dream of every hacker to bypass the antivirus solutions of their targets. Recently we have been learning about various payload generators that can bypass antivirus. In this howto, we will see one such payload generator which is designed to bypass antivirus. It’s named Shellter. To say in the words of its makers, “By using Shellter, you automatically have an infinitely polymorphic executable template, since you can use any 32-bit ‘standalone’ native Windows executable to host your shellcode. By ‘standalone’ means an executable that is not statically linked to any proprietary DLLs, apart from those included by default in Windows. ”

Let us see how to install Shellter in Kali Linux. The version we are using here is the latest version Shellter V7.0 till date which can be downloaded from here. Go to the download page and download the zip file shown below.

Click on the link and save the file as shown below.

Once the download is finished, go to the Downloads folder. You will see the “shellter.zip” file as shown below. I copied the file to the root folder but if you want to keep the file in Downloads folder you can keep it. This step is not mandatory.

Now change the permissions of the zip file as shown below. Until you change the permission- s, you cannot unzip the files. After you change the permissions of the file, unzip the contents of the file using the “unzip” command.

Type “ls“. You will see a new directory with name “shellter”. You have successfully installed Shellter in Kali Linux. Navigate into the directory “Shellter” to see its contents as shown belo- w. We will see how to use Shellter to bypass antivirus in our next issue. Until then, happy hacking practice.

ere’s a video version of this howto