Posted on 1 Comment

Install Parrot OS in Vmware

Kali Linux is the most popular and also my favorite pen testing distro. Its regular updates and stability accord it the top spot. Apart from Kali Linux, there are many other pen testing distros available. One of them is Parrot Security distro. Parrot Security sports many more tools than Kali Linux which includes software for cryptography, cloud, anonymity, digital forensics and of course programming. One of our readers has requested us to make a guide on how to install Parrot Security OS in Vmware. So be it.

Download the Parrot Security OS . Unlike the makers of Kali Linux, Parrot Security have not yet provided a Vmware image to download. So we have to download a iso image (depending on your architecture yo- u can download a 32bit or 64 bit iso file). Once the download is finished, open Vmware Workstation (Version 12 used for this article). Hit “CTRL+N”. The below window should open.

Make sure the “Typical” option is selected, and click on “Next”. That takes us to the next window. Initially, the “installer disc image file” field should be empty. Click on “browse” and browse to location of the iso file we just downloaded and select it. Now the window should look like below. Click on “Next”.

The Guest operating system should be automatically selected for you, if not select Linux as OS and version as Debian 8.x (since I am installing a 32bit, make it Debian 8.x64 if installing 64bit). Click on Next.

Choose the name of virtual machine and its location as you like. I named it Parrot. Click on “Next”.

Allocate the hard disk memory for your virtual machine. Keep the minimum as 20GB. Click on Finish.

It will show you a summary of all the selections you made. If you want to make any changes, click on Customize hardware or else click on Next.

The virtual machine is created with the name you gave it. Power on the virtual machine. It will boot and take you to the interface shown below. Choose the “Install” option. In the next window select “Standard Installer”. You can select these options using “tab” button.

Select the language in which you want to continue the installation process.

Select your country. For this article, I chose location as India.

Select the keyboard configuration you want.

It is important to set the root password (no need to tell it is Linux’s most powerful account) for the machine before we do anything. Set a complex password. Read the suggestions before you set the root password.

Re-enter the root password again to confirm it.

It is a good practice to use the system as a no -n root user. The system will prompt you to create a new user account for non-administrative activities. I am creating a user with name kalyan. I am giving the same name as username.

Create a password for the user account you just created. Make it a good password for security reasons.

Re-type the password again to confirm the password you have assigned.

The next step is partitioning the hard disk. Unless you are an expert or want to try something different, use the entire disk.

The system will warn you before partitioning. Select the disk for partitioning.

It will ask you to choose the partitioning scheme. Choose the first one. It is also recommended for users.

Next, it will show you changes you have configured before writing the changes to the disk. Select “Finish partitioning and write changes to the disk”.

Confirm for one last time that you want to writ-e changes to the disk. Select “Yes”.

The installation process will start and may take some time. You can have snacks and come back. After installation finishes, it will prompt whether you want to install GRUB boot loader.

Select Yes. Then it will ask you where to install the boot loader. Select the /dev/sda disk.

After the installation is finished, it will show you a message as shown below. It’s time to boot into your new system.

As the system boots, it will ask present you a login screen. You can login as either root or the new user you created it. Once you login, your new pen testing distro should look as below.

Posted on Leave a comment

Install OpenVM tools in Kali Linux rolling

Good Evening Friends. As of Sept 2015, VMware recommended using the distribution-specific open-vm-tools instead of the VMware Tools package for guest machines. This means that instead of Vmware tools, the users should install openVM tools specific to the guest OS. The makers of Kali Linux  have made changes to  the latest Kali rolling kernel accordingly. These openVM tools have all the needed functionality  such as file copying, clipboard copy/paste and automatic screen resizing are working perfectly. Now let us see how to install OpenVM tools in Kali Linux rolling 2016.

Open a terminal and locate the “sources.list” file. Open the “sources.list” file with any text editor. Here I opened with the Vi editor. The command is “vi /etc/apt/sources.list

When the file opens, type “i” to get into insert mode. You cannot make changes to this file unless you get into insert mode.

Now type “deb http://http.kali.org/kali kali-rolling main contrib non-free” without quotes. Hit ESC, then SHIFT+:wq to save and close the file.

Next type command apt-get update. 

Then type command apt-get install open-vm-tools-desktop fuse. When it asks if you want to continue, type Y.

After installation is over, reboot the system and you will get the screen as shown below. Happy hacking.

 

That is how we install Openvm tools in kali linux. See how to crack password hashes with kali linux.

Want to learn Ethical hacking with Real World Scenarios? Subscribe to our Digital Magazine Now.

Posted on 2 Comments

Install Matriux Krypton Ec-centric in Oracle Virtual Box

Matriux Krypton is a pen testing distribution based on Debian. It consists of almost 300 security tools for ethical hacking categorized as arsenals. It has a category for data recovery which is not prevalent in other penetration testing distros. Today we are going to see how to install Matriux Krypton Ec-Centric in Oracle Virtual box. It can be downloaded from here. Open Virtualbox and click on “New virtual machine”. On the popup window, give the name as Matriux ( in fact any name you like ). Select operating system as “Linux” and version as “Ubuntu”. Click on “Next”.

Select the appropriate memory you want to assign to the virtual machine and click on “Next”.

Select the option “create a virtual hard drive file” and click on “Create”.

Select Hard drive file type as VDI. Click on “Next”.

Choose appropriate storage option and click on “Next”.

Set your virtual hard disk size appropriately but I suggest you to keep it above 8 GB. Click on “Create”.

Select the location of the iso file and click on “Start”.

Select the option “Live”  and hit Enter.

Log into account matriux. The default password is  “toor“.

 If everything went well, your system should look like this.

 Before running the Matriux disk Installer, we need to perform some operations. Go to “System>Administration>Gparted” as shown below.

 Enter the administrative password as “toor”. Click on “OK”.

 In the gparted window, click on “Create Partition table”.

 When a warning is shown, click on “Apply”.

 Right click on the unallocated hard disk and select “New” as shown below.

 Change the file system  to ext3 and click on “Add”.

We can see our “New Partition” ready to be created. Click on the “tick mark with blue background”.

 We can see our partition created as below.

 Close the window and click on “Matriux Disk Installer” we saw above. When the window opens as below, click on “Yes”.

 Choose the partition we created( i.e /dev/sda1) and click on “OK”.

Click on “OK”.

Click on “OK”.

Create a personal account login name.

Choose the password for you personal account. Click on “OK”.

Choose the root account password. Click on “OK”.

Select the appropriate locale as en_US. Click on “OK”.

If everything goes well, we will get a window as shown below. Click on “Yes”.

 We will get the below message after successful installation.  Click on “Yes” to reboot your system and you are ready to go.

Hope this was helpful.

Posted on 3 Comments

How to enable DHCP server in VirtualBox

Good evening friends. We have seen how to create a virtual pentest lab both in Oracle VirtualBox (see here) and Vmware Workstation(see here). Although both penetration testing labs  were almost similar, there is a small difference between them . As the title of this howto already implies it is the absence of DHCP server in the pentest lab we created using Virtualbox. VirtualBox provides a DHCP server but it can’t be turned on using the GUI feature unlike Vmware Workstation. So let’s see how to enable DHCP server in Virtualbox networks. I am going to assign DHCP server to my pentest lab I created above. I will assume that  virtualbox is installed on Windows. Open CMD and navigate to the directory where  Virtualbox is installed. By default it will be “C:Program Files OracleVirtualBox”. Type the command “vboxmanage dhcpserver add –ip 10.10.10.1 –netmask 255.0.0.0 –lowerip 10.10.10.2 –upperip 10.10.10.10 –netname pentestlab”. Hit Enter.

In the above command, “vboxmanage dhcpserver  add –ip 10.10.10.1” starts a DHCP server with IP address 10.10.10.1 . The “–netmask 255.0.0.0″ assigns subnet mask for the network. The “–lowerip” and “–upperip” options assign a lower ip address and upper ip address respectively.   The “–enable” option enables the DHCP server we just created. The “–netname” option assigns a name to the network. Now we have successfully created an internal network named pentest lab with its own DHCP server. Now change the network adapter settings of the attacker machine ( Kali Linux ) to pentest lab.

Similarly change the network settings of the victim machine.

Now start the attacker machine (Kali Linux) to see if the IP address is automatically assigned. If the IP address has not been assigned, disable the adapter using command “ifdown eth0″ and re enable it by typing command “ifup eth0″. Now check if the IP address has been assigned or not by typing command “ifconfig”.

Similarly check on the victim machine.

We can see that the IP addresses have been automatically assigned successfully starting from the range of 10.10.10.2. Hope this was helpful.

Posted on 26 Comments

Create Virtual pentesting Lab in VirtualBox

Hello aspiring hackers. In this howto you will see how to create virtual pentesting lab in Virtualbox.  Sometime back, I wrote an article on how to set up a virtual penetration testing lab using Vmware Workstation. But Vmware Workstation is a commercial product.

Today I am going to show you how to create a pen test lab in VirtualBox absolutely free of cost. I hope this tutorial will be helpful for many beginners into cyber security domain.

What do we need?

1. Oracle VirtualBox. (Download)

2. Kali Linux. (Download)

3. Metasploitable 2. (Download)

Oracle VirtualBox is the virtualization software we will be using to create our lab. We will be using Kali Linux as the attacker machine and Metasploitable 2 as the victim machine. Install Kali Linux and Metasploitable 2 in VirtualBox.

See how to install Kali Linux in VirtualBox.

See how to install Metasploitable in VirtualBox.

Select Kali Linux, Go to settings > network. Enable “network adapter 1″. Set the “Attached to” option to “internal network”. Set the name of the network adapter to “intnet”. Click on “OK” to save the settings.

Do the same for Metasploitable virtual machine.

Power on the metasploitable VM. Log into the system. Default username and password are “msfadmin”.

Type the command “ifconfig” to see the IP addresses of interfaces.

The ‘lo’ interface is the loopback. Now we are going to set the IP address on the interface “eth0”. Type the command “sudo ifconfig eth0 10.10.10.2 netmask 255.0.0.0 up”. The sudo password is “msfadmin. Verify that the IP address is set by typing command “ifconfig”.

Power on Kali Linux. In the terminal, type command “ifconfig eth0 10.10.10.1 netmask 255.0.0.0 up”. Verify if the IP address is set by typing command “ifconfig”.

Test whether this system can communicate with victim system by pinging the victim machine as shown below.

The connection is successful. Our virtual pentesting lab is ready. Happy practicing.

Posted on 8 Comments

Installing Metasploitable in VirtualBox

In this howto, you will installing metasploitable in VirtualBox. What is Metasploitable? Learning penetration testing or ethical hacking requires practical knowledge and good practice needs a vulnerable target. That is where Metasploitable comes into picture. It is an intentionally vulnerable operating system made by the makers of Metasploit themselves so that aspiring ethical hackers can practice and hone their hacking skills. As its name conveys Metasploitable is loaded with vulnerabilities that can be exploited with Metasploit modules. 

This virtual machine can be used to conduct security training, test security tools, and practice common penetration testing techniques.  For this i am going to use Metasploitable 2 which can be downloaded from here. After downloading the zip archive, extract the files into a folder. The file contents look like below.

Open VirtualBox and click on “New Virtual machine wizard”. Type the name of your choice. I am using ‘Metasploitable-2‘. Choose ‘Type’ as Linux and ‘version’ as Ubuntu. Click on “Next”.

Choose the memory size appropriate to the availability of RAM on your host machine although 512MB is more than enough. Click on “Next”.

In the hard drive creation window, select option “Use an existing virtual hard drive”, browse to the folder where we have extracted our zip files and select the ‘vmdk’ file available. Click on “Create”.

Then you are automatically booted into the metasploitable OS. The default username and password are “msfadmin”.


With this we successfully finished installing Metasploitable in Virtualbox. See how to create a penetration testing lab.

Posted on 225 Comments

Install Kali in Virtualbox (Update to kali 2020.4)

The makers of Kali Linux have a released the second version (2020.2) of Kali Linux for the year 2020.  Since many versions have been released since we last wrote this article, we decided to update this article on how to install Kali in Virtualbox.

Kali Linux 2020.2 has many brand new features.  With xfce and gnome given Kali Linux feel, this release has given themes for KDE Plasma. This is like going back to its roots as Backtrack used to have this desktop environment. The login screen also has been given new graphics along with a new layout. Also now you can install Powershell by default by selecting the meta package while installing. This release also updated gnome to 3.36. The new tools included in this release include NextNet, the pivot point discovery tool and SpiderFoot  the OSINT tool.

The makers also included python2-pip once again to add support to some tools still depending on python2 although overall it upgraded to Python 3.8. This release also replaces CherryTree, the note taking application with Joplin. Now, let us see the simplest process  to install Kali in Virtualbox. For this download the virtualbox image of Kali Linux 2020.2 from here. We have performed this installation in the Oracle Virtualbox 6.

This howto is using the Kali Linux 32bit OVA . Your downloaded contents should look like below. As you can see, we have an ova file.

Now open Virtualbox and go to File Menu > Import Appliance as shown below. It can also be accessed using shortcut CTRL+ I.

A window like below will open. Browse to the OVA file we downloaded.

After selecting the OVA file, click on “Next”.  If you want to make any changes to the virtual machine settings like RAM, name etc, you can do it here. You can also leave it to default values if you want. Click on “Import”.

Click “Agree” when the software license agreement pops up as shown below. The import process starts.

After the import process is completed, Power On the virtual machine. You will see a login screen prompt. Login using the credentials kali:kali.

Here is the final look of the Kali Linux virtual machine we installed.

Posted on Leave a comment

Enable SSH on Cisco Routers and Switches

In this howto, we will see how to enable SSH on Cisco Routers and Switches. Imagine you are a network administrator in a large organization with number of switches and routers. To configure a switch or router on a far off location, there are two choices. One is to go near the switch or router to configure it. This is good but imagine how much trouble it is  to go near each and every device to configure it. The second and easy option is the remote configuration of the switch or router.

Remote configuration of a switch/router can be done using telnet or SSH protocols. But using telnet has a disadvantage. It sends data in plain text. So if you happen to type a username ad password for authentication with the switch from a remote location, it will be passed in plain text and anyone sniffing on the network can easily find out your login credentials. This is a big security risk. To overcome this problem, we should use SSH protocol for remote configuration of the switch or router.  SSH protocol is as same as telnet but it uses encryption during the communication. This makes it difficult for hackers to detect the credentials. Let’s see how to enable SSH on cisco routers and switches using IOS. Here I am using a router.

The command “conf t” enables global configuration mode of the switch or router. The “hostname R1″ command changes the default name of router to R1. The name of the router is used to generate names for the keys  by the SSH protocol. So it is necessary to change the default name of the router. The “ip domain-name shunya.com” command sets the domain name for the router. The domain name is also needed for setting name for encryption keys. ( Shunya.com is a fictional domain name I used. you can use your own domain name ).  It’s  time to set login credentials on the router. The “username admin password 123456″ command sets the username and password to admin and 123456 respectively. The “line vty 0 15″ command selects the vty lines from 0 to 15 for line configuration. The “login local” command sets the login to local router. The “exit” command takes us out of the line configuration mode to global configuration mode. it’s time to generate SSH keys.

The “crypto key generate rsa” command generates the cryptographic keys using Rivest Shamir Adlemann algorithm. You will be prompted to enter the number of bits in the modulus. Setting it too low will be too easy to crack. Setting it too high will be time consuming. I set it to 1024.

Let’s see the information about SSH protocol we enabled on the router.

The “show ip ssh” command does this. The reason for prepending this command with “do” is that the “show ip ssh”  is a privileged exec mode command and cannot be executed in global configuration mode. We can also see from the information displayed that the authentication timeout has been set to 120 secs and authentication retries are set to three. Let’s change them. The command “ip ssh time-out 60″ command changes authentication time-out  to 60 secs.  The command “ip ssh authentication-retries” command is used to change the authentication retries.

Finally we will have to set SSH as input transport protocol on vty access lines.

The “line vty 0 15″ command selects all the vty lines. The “transport input ssh” command sets SSH as a input transport protocol.  The “exit” command as already said takes us out of the line configuration mode. We have successfully enabled SSH protocol on our router.

Let’s once again see the information about the SSH we just enabled using “do show ip ssh”.

Posted on 4 Comments

Encrypt passwords on Cisco routers and switches

We have seen how to set passwords on cisco switches or routers here. Of course setting passwords does add to the security of the device but there is small problem. The password is stored in plain text.  Anyone who gets access to the switch can easily see all the passwords by typing command “show running-config or show startup-config”. Today we will see how to encrypt passwords on Cisco routers and switches.

Encrypting passwords can further enhance the security of the device. Privileged password can be encrypted by using the command “enable secret” instead of “enable password”. This command should be set from privileged global configuration mode.

Lets see what can we see  when we use the command “show running-config”.

We can see that the password we set has been encrypted. but what about other passwords. The  console, auxiliary and vty lines passwords cannot be encrypted even if we use “enable secret” command. To encrypt those passwords, we have to use another command “service password-encryption” as shown below.

This command will encrypt all the passwords stored in plain text on the device. Want to learn advanced practical hacking? Have a look at our Hacking Magazine. Just don’t trust our word. Download your FREE COPY using discount code fq47p4tq 

This is how you can encrypt passwords on Cisco routers and switches.

Posted on 2 Comments

How to configure passwords on Cisco routers and switches

Good evening friends, Today we will see how to configure passwords on Cisco routers and switches. Cisco devices have four types of passwords.

  • Console password : Used to set password for the console access.
  • Auxiliary password : It is used to set password to auxiliary port ( if the switch has one.)
  • VTY lines password : Used to set password for  for telnet and SSH access.
  • Privileged password : Used to set password for privileged access to the switch.

I am not going to show you how to set up auxiliary password here. To see how to set up console password and VTY lines password, go here.

Privileged mode of a Cisco device has some advanced IOS commands that can have disastrous consequences if used by wrong hands. So it is very important to set up a password to access privileged commands. Use the following commands

The “enable” command takes us into privileged mode. The “conf t” mode takes us into global configuration mode which pertains to the configuration settings of the whole switch. The “enable password”  sets a password for the privileged mode. ‘123456’ is the password. The “exit”  command takes us out of the privileged mode. To see if a password has been set for the privileged mode, try entering into privileged mode by typing “en” command. We can see that it prompts us for the password.