Posted on 2 Comments

How to setup Vulnerawa in wamp server

Good Evening friends.  Today we will see how to setup Vulnerawa in Wamp Server. For those newbies who don’t know what is Vulnerawa, it is a vulnerable web app coded by me to simulate a real website for practice. Read more about it here. First, download Wamp Server from here   as appropriate to your system requirements. We will use “WAMPSERVER (64 BITS & PHP 5.3.10) 2.2d″ for this howto. Install the Wamp Server. Open browser and type “localhost” in the URL bar to see if Wamp server is working as shown below.

We can see that there are no projects available. Now download Vulnerawa from here. You will find a zip file as shown below. Now we will extract the contents of this file into the root folder of Wamp server. Right click on the zip file, go to 7-zip as shown below ( or any other unzipping software )  and select “Extract files” option. Extract the files to the folder “C:\\wamp\www” which is the root folder for Wamp server.

Now lets check the root folder to see if the files are extracted. Go to wamp server’s root directory and you should see the folder named “vulnerawa1.0.2” as shown below.

Now open your browser and type “localhost” once again. Now we can see our projectVulnerawa1.0.2 listed in the Projects section as shown below.

Click on the project. If you see the below webpage, then you have successfully setup Vulnerawa. If it gives you some error go to the url and type “http://localhost/vulnerawa1.0.2” directly. Happy hacking practice.

Here’s a video version of this howto.

Posted on 8 Comments

Installing Metasploitable in VirtualBox

In this howto, you will installing metasploitable in VirtualBox. What is Metasploitable? Learning penetration testing or ethical hacking requires practical knowledge and good practice needs a vulnerable target. That is where Metasploitable comes into picture. It is an intentionally vulnerable operating system made by the makers of Metasploit themselves so that aspiring ethical hackers can practice and hone their hacking skills. As its name conveys Metasploitable is loaded with vulnerabilities that can be exploited with Metasploit modules. 

This virtual machine can be used to conduct security training, test security tools, and practice common penetration testing techniques.  For this i am going to use Metasploitable 2 which can be downloaded from here. After downloading the zip archive, extract the files into a folder. The file contents look like below.

Open VirtualBox and click on “New Virtual machine wizard”. Type the name of your choice. I am using ‘Metasploitable-2‘. Choose ‘Type’ as Linux and ‘version’ as Ubuntu. Click on “Next”.

Choose the memory size appropriate to the availability of RAM on your host machine although 512MB is more than enough. Click on “Next”.

In the hard drive creation window, select option “Use an existing virtual hard drive”, browse to the folder where we have extracted our zip files and select the ‘vmdk’ file available. Click on “Create”.

Then you are automatically booted into the metasploitable OS. The default username and password are “msfadmin”.


With this we successfully finished installing Metasploitable in Virtualbox. See how to create a penetration testing lab.

Posted on 225 Comments

Install Kali in Virtualbox (Updated to kali 2021.3)

The makers of Kali Linux have a released the second version (2020.2) of Kali Linux for the year 2020.  Since many versions have been released since we last wrote this article, we decided to update this article on how to install Kali in Virtualbox.

Kali Linux 2020.2 has many brand new features.  With xfce and gnome given Kali Linux feel, this release has given themes for KDE Plasma. This is like going back to its roots as Backtrack used to have this desktop environment. The login screen also has been given new graphics along with a new layout. Also now you can install Powershell by default by selecting the meta package while installing. This release also updated gnome to 3.36. The new tools included in this release include NextNet, the pivot point discovery tool and SpiderFoot  the OSINT tool.

The makers also included python2-pip once again to add support to some tools still depending on python2 although overall it upgraded to Python 3.8. This release also replaces CherryTree, the note taking application with Joplin. Now, let us see the simplest process  to install Kali in Virtualbox. For this download the virtualbox image of Kali Linux 2020.2 from here. We have performed this installation in the Oracle Virtualbox 6.

This howto is using the Kali Linux 32bit OVA . Your downloaded contents should look like below. As you can see, we have an ova file.

Now open Virtualbox and go to File Menu > Import Appliance as shown below. It can also be accessed using shortcut CTRL+ I.

A window like below will open. Browse to the OVA file we downloaded.

After selecting the OVA file, click on “Next”.  If you want to make any changes to the virtual machine settings like RAM, name etc, you can do it here. You can also leave it to default values if you want. Click on “Import”.

Click “Agree” when the software license agreement pops up as shown below. The import process starts.

After the import process is completed, Power On the virtual machine. You will see a login screen prompt. Login using the credentials kali:kali.

Here is the final look of the Kali Linux virtual machine we installed.

Posted on 4 Comments

How to Install Nessus in Kali linux

Nessus is a vulnerability scanner. My first disappointment  with Kali is that it excluded nessus from its vulnerability scanning tools. However it can be installed. Let us see how to install Nessus in Kali Linux. This guide works for all versions of Kali Linux. First download the nessus Debian package from the website ( here ). Go to the directory into which the package has been downloaded. It should normally be in the Downloads directory in root directory.  Open a terminal, navigate to the “Downloads” folder and type “ls“. You can see the debian package of Nessus. Then type the command “dpkg -i  package name” as shown below.

Then type command “service nessusd start” to start the service.

Open a browser and type “https://kali:8834/” to see the web interface of nessus. You will see the below warning that the connection is untrusted.  Click on “I understand the risks” option.

You will get a popup to confirm the security exception. Click on that option.

Then you will get a welcome screen of nessus as shown below. Click on “Continue”.

Its time to create our initial account. Type the username and password you want to set up for the account. Click on Continue.

Its time to enter the activation code for Nessus. You can get the activation code from here. After entering activation code, click on Continue.

After activation is completed, it will download the nessus packages required. It may take a bit long time.

Then we need to wait some more time while the program initializes.

After the initialization is over, you will see the Nessus scan page as below.

Congrats, you have successfully installed Nessus in Kali Linux.

That is how you install nessus in kali linux.

Posted on 8 Comments

Install Packet Tracer in Windows and Linux

Cisco Certified Network Associate certification has become must for anybody who wishes to start  a career in networking. This certification validates that you have the ability to install, configure and troubleshoot a network. You need  lot of practice for achieving success in this exam. Apart from the labs where you are getting trained for CCNA what if you had a chance to practice at home. Or what if you want to self learn for CCNA? Well for both of the questions above, Cisco Packet Tracer is the perfect answer. To quote from Cisco’s official website, Packet tracer is

“a powerful network simulation program that allows students to experiment with network behavior and ask “what if” questions.”

It further says,

“The simulation-based learning environment helps students develop 21st century skills such as decision making, creative and critical thinking, and problem solving. Packet Tracer complements the Networking Academy curricula, allowing instructors to easily teach and demonstrate complex technical concepts and networking systems design.”

Nothing could have defined that better. This software is available for free from Cisco’s website provided you are a registered Networking Academy student, alumni, instructor, or administrator. Even if you are not one among the above you could still get hold of this software, just google it.

Now I’m gonna show you how to install packet tracer in Windows and Linux.

1.Windows

Any installation in Windows is just clicks and mouse and the same applies to Packet tracer. Click on the exe file downloaded. The below screen appears. Select “I accept the agreement” and click on “Next”.

Setup will show the folder in which the program’s shortcuts will be created. If you want to change the folder, you can change it. Click on “Next”.

Then the program will ask whether to create a Desktop icon and create a Quick Launch icon. Make your own choice and click on “Next”.

Then the summary of the settings we selected is displayed. Click on “Install”.

The installation starts as shown below.

In seconds, installation gets completed and the below screen is shown. Click on “Finish”.

Then the below popup appears asking you to close or restart your computer. Click on “OK”.

As we selected Launch option, Packet tracer is automatically launched.

2. Linux

To install Packet Tracer in Linux, we need a .deb package of Packet tracer which can be downloaded from here. Now I am going to install it in Ubuntu Precise Pangolin (12.04). Download the above file to the desktop.

Start the terminal and see your current working directory by typing “pwd”. If the current directory is not desktop move to the Desktop directory using “cd”. After reaching the Desktop directory, type “ls” to see if the packet tracer binary is there.

Left click on the packet tracer .bin file displayed after typing “ls” above, the entire word will be selected. Then right click and select copy. Now type “chmod +x” and then hit “CTRL+SHIFT+V “to paste the text we copied above. Our command should look like this.

                       chmod +x  PacketTracer533_i386_installer-deb.bin

What chmod +x command does is that it gives all users permission to execute.

Then type “./PacketTracer533_i386_installer-deb.bin” in the terminal. This will start extracting the binary package.

Then terminal prompts us to hit Enter to read the End User License Agreement.  Enter.

After displaying a rather long EULA, terminal asks us if we accept the terms of EULA. Type “Y”.

Then system asks us for the sudo password. Type the password and hit Enter.

When the installation is finished, close the terminal, go to Dashboard, if packet tracer is not seen, type ‘pac’ in the search box. When Packet Tracer is shown, click on it.

A message box shows up saying that we are starting packet tracer for the first time and our files will be stored in a specific folder. Click on “OK”.

Another message box pops up. Click on OK”.

Packet tracer is started.