This post shows how to install Parrot OS in Virtualbox. Kali Linux may be the most popular penetration testing distro but if there is any other operating system that can give Kali competition, that would be Parrot Security OS. It also has regular updates just like Kali Linux.
Parrot Security also sports many more tools than Kali Linux which includes software for cryptography, cloud, anonymity, digital forensics and of course programming. One of our readers has requested us to make a guide on how to install Parrot Security OS in Virtualbox.
Recently the latest version of Parrot Security OS (4.9.1) has been release. In this version, they made many changes like upgrading to new linux kernel (5.5), updates to many tools and removal of some redundant launchers.
Just like Kali Linux, the makers of Parrot Security OS are also releasing a OVA format of its OS for virtual machines. This makes installation all the simple without the clutter of virtual box guest additions not working or other related problems. Download the OVA file of Parrot Security OS.
We will install Parrot OS in the recent version of Virtual box. Once the download is successfully finished, open Virtualbox and go to the “File” Menu.
Select the option “Import Appliance”. Alternatively, the import option can also be accessed using command “CTRL+I”. The window opens as shown below.
Load the OVA file as shown in the above image and click on “Next”. The “Appliance settings” menu opens. Make changes as necessary or as you like. Here we have changed the name of the virtual machine and is allocated RAM. After the changes are done, click on “Import”.
In the Popup that comes next, Click on “Agree”.
The importing process starts as shown below. Let it go on without interruption.
After the importing process is done, you will see the virtual machine we just created in the list of virtual machines as shown below.
Start the virtual machine. The virtual machine boots as shown below.
After booting, the login screen opens as shown below. The default credentials are user : toor.
In this post, we will target the rexec, remote login and remote shell services running on ports 512, 513 and 514 respectively. Performing a verbose scan on the target gives me the result as shown in the image below.
Before we exploit these services, let me explain as to what these services are. Remote execution service popularly called Rexec is a service which allows users to execute non-interactive commands on another remote system. This remote system should be running a remote exec daemon or server (rexecd) as in the case of our Metasploitable 2 target here. By default, this service requires a valid user name and password for the target system.(For your information, we already have the credentials which we acquired during enumeration). Rlogin or Remote Login service is a remote access service which allows an authorized user to login to UNIX machines (hosts). This service allows the logged user to operate the remote machine as if he is logged into the physical machine. This service is similar to other remote services like telnet and SSH. This service by default runs on port 513. Rsh or Remote shell is a remote access service that allows users a shell on the target system. Authentication is not required for this service. By default it runs on port 514.
Although Rsh doesn’t require a password, it requires the username belonging to the remote system. As discussed above, we already have the credentials. In case we don’t have the credentials, we have to crack the passwords as explained in one of our previous posts. Rsh daemon can be installed in the Kali Linux machine using the command apt-get install rsh-server. Once the installation is over, the below command can be used to get a shell on the target machine. I have tried this with the username root. As you can see, we successfully got a shell on the target system.
The next service we will target is Remote Login running on port 514. The command to get remote login is given in the image below.
As you can see, we once again got a shell on the target system. Using Rexec is also almost similar to the methods shown above.
ClearOS is an UTM. For those beginners, who do not know what an UTM is, it is an Unified Threat Management software. Still no idea. It is a software with all security features bundled into one. It is based on CentOS and Red Hat and is used by many enterprises as a gateway. Its features include Stateful firewall (iptables), Intrusion detection and prevention system, virtual private networking, Web proxy with content filtering and antivirus, E-mail services, Database and web server, File and print services, Flexshares and MultiWAN. As a penetration tester, it is very important to study about UTMs. So this installation guide. Download the open source version of ClearOS UTM from here. That would be community version. Once the iso file has finished downloading, Open Vmware Workstation (Version 12 used for this article). Hit “CTRL+N”. The below window should open.
Make sure the “Typical” option is selected, and click on “Next”. That takes us to the next window. Click on “Browse” and browse to location of the iso file we just downloaded and select it.
Now the window should look like the one shown above. Click on “Next”. The Guest operating system should be automatically selected for you, if not select Linux as OS and version as Centos. Click on “Next”. Even if you leave the default options, the installation continues.
Give a name to the virtual machine. Choose the name of virtual machine and its location as you like. I named it ClearOS. Click on “Next”.
Allocate the hard disk memory for your virtual machine. Keep the minimum as 15GB. Click on Finish.
It will show you a summary of all the selections you made. If you want to make any changes, click on Customize hardware or else click on “Finish”.
The virtual machine is created with the name you gave it. Before powering on the virtual machine, we need to add another network adapter to the virtual machine. Any gateway needs two network adapters. For reasons that will be explained later, I am adding two host only network adapters. Go to the settings of the virtual machine as shown below and click on “add” button as shown below. You can see that the default network adapter assigned is NAT. On the right side, we can change it to Host-Only network as shown below. Vmware automatically creates one Host-only network adapter by default. We need to create the second Host-Only adapter manually Vmware Virtual Network Adapter. To add another adapter, click on “add” button as shown below.
A new sub-window will open showing you all the types of hardware which can be added. Click on the “network adapter” as we want to add a network adapter. Click on “Next”.
In the next window,select “custom” as your type of network adapter and in the dropdown box you will find our newly created Host-only Network. For me it is Vmnet3.
As you can see below, our ClearOS virtual machine now has two network adapters. Click on OK to close the settings window.
Now Power ON the machine. After a small delay, the virtual machine will Power ON.The machine will power ON and take you to the screen as shown below. Use the option “Install ClearOS ……” using arrow keys on your keyboard. Hit on Enter. Even if you don’t hit Enter, the option you highlighted will be automatically selected after some time.
The system will prompt you to hit Enter to start the installation process. Press the “Enter” key.
Select the language in which you want to run the installation process and click on “Continue”.
Next, we will be shown the Installation summary. We can change any settings of the virtual machine from here. Let’s change the Network settings from here. Click on the highlighted area.
The “Network and Hostname” window will open. By default, both the adapters will be turned OFF. We need turn it ON by toggling the switch as shown in the image below.
In ON position, it will look like below. Do this for both the adapters. Once turned ON, click on “Done” to the top left.
This will take us back to the Installation Summary page as shown below. Configure other settings if you want.
Once all the settings are configured, click on “Begin Installation”. This will start the installation process. Don’t worry if you forgot any configuration. The system will prompt you if it needs anything to be set as shown below. In this case, I forgot to set the ROOT password.
So I click on that message and set a Root password as shown below. Once the password is set, click on “Done”.
Now it shows the message “Root password is set” as shown below.
The installation process will continue and once it is finished, you will be prompted to reboot the system. Reboot the system. It will ask for credentials. Enter them and you will be greeted with a screen as shown below.
That’s it. You have successfully installed ClearOS in Vmware. Now launch into the Graphics mode console by choosing the highlighted option. You will see something like below. You will be shown the IP address of the virtual machine we just created and also how to access it from a remote machine. That’s all for now.
WARNING : This knowledge is only for ethical purposes. Misuse this info at your own risk.
Good morning ethical hackers. Polycom HDX devices are popular worldwide for video conferencing. They are fit for meeting rooms and conference halls of various sizes as they support 1 to 3 displays. The login component of the Polycom Command Shell on Polycom HDX video endpoints, running software versions 3.0.5 and earlier, is vulnerable to an authorization bypass when simultaneous connections are made to the service, allowing remote network attackers to gain access to a sandboxed telnet prompt without authentication.
So when all the conventional methods to get access to a network, this can work as an entry point of course if they are using this product. Let us see how this can be used in our pen test. Start Metasploit and load the exploit as shown below.
Set the target and check if it’s vulnerable as shown below using “check” command.
You can use the default payload or choose the required payload. I am using the below payload. After setting payload, type command “run” to run the exploit. The exploit works as shown below.
NOTE: This howto is part of a series “Metasploitable tutorials”.
Good morning friends. In the previous part of the tutorial, we performed a vulnerability scan on our target Metasploitable and got some high ranking vulnerabilities. Before we take the plunge and exploit those vulnerabilities, let’s do some enumeration first.
Enumeration is the process of collecting information about user names, network resources, other machine names, shares and services running on the network. Although little bit boring, it can be very helpful for the success of the hack in real time. In our previous parts, we have performed scanning and banner grabbing. So we already know what services are running on the target machine. They include FTP,telnet, SMTP and SMB etc. We can perform enumeration on all these services.
SMB stands for Server Message Block. Its mainly used for providing shared access to files, printers and miscellaneous communications between nodes on a network. It also provides an authenticated inter-process communication mechanism. It is a predecessor of Common Internet File system (CIFS). To know more about SMB please go here.
SMB enumeration can provide a treasure trove of information about our target. So for today’s tutorial let’s see how to perform SMB enumeration with Kali Linux. I will use three tools inbuilt in Kali Linux : enum4linux, acccheck and SMBMap.
The first tool we will use is enum4linux. As the name suggests, it is a tool used for enumeration of Linux. To see all the options of this tool, just type “enum4linux -h“. Using this tool, first let us see the users of the SMB service. Open terminal and type command “enum4linux -U 192.168.25.129” as shown below.
Of all the usernames the tool got us, I am assuming only three usernames are useful to us: user,root and msfadmin since others seem more like processes but we will keep our fingers crossed.
Before we check for validity of these credentials, let us perform a full enumeration with enum4linux. In the terminal type command “enum4linux 22.214.171.124” i.e without any options. As you can see below, it lists us Nbtstat information of what services are active on the target.
It also provides us with the OS information.
And crucial info about Shares, i.e which user has what rights on the target.
It provides us password policy info, in case we don’t get the credentials and want to crack them.
Groups present on the system.
It will also display users based on RID cycling.
It seems there are no printers connected to the target.
Ok, now we know the users. Let’s try to find out the passwords for the usernames we seem to have got. We will use a tool called acccheck for this purpose. It is a password dictionary attack tool that targets windows authentication via the SMB protocol. We will see more about password cracking later. First I will try it with the user “user”. In Kali Linux, most of the password dictionaries are present in “usr/share/dirb” directory. So I specify a dictionary which consists of most common passwords used.
Here, I am just guessing that the user may be using a common password. After specifying all the options, Hit Enter. The cracking process starts as shown below.
Once the tool gets the correct password, it stops the scan and displays a success message as shown below. Voila … the password of the user “user” is “user” only.
Seeing this result, I get a new idea. There might be a possibility that all the users may be using their username as password. To find out this, I create a new file called user.txt with all the usernames we got with enum4linux and specify the file for both username and password as shown below.
We got succces with three users; user, msfadmin and a blank user with password “games”. Since we successfully got some credentials, it’s time to see the share drives on our target system. For this, we will use another tool called SMBMap.
SMBMap allows users to enumerate samba share drives across an entire domain. List share drives, drive permissions, share contents, upload/download functionality, file name auto-download pattern matching, and even execute remote commands.
First let us check the rights of each user we got as shown below.
We can see that users user and msfadmin have READ,WRITE permissions on tmp directory only and the Blank user doesn’t have much. Next let us try to list all the drives on the target system with user “msfadmin”. We can see we don’t have enough privileges to execute a command.
Since we have READ privileges, let us read the drive on the target system as shown below. Well that’s all for SMB enumeration guys.
RESULT: We got some usernames which may be useful to us while exploiting the system in future.
NOTE: This howto is a part of a series of Metasploitable Tutorials but can also be read separately.
Good morning friends. In one of our previous howto’s, we saw how to install OpenVAS in Kali Linux. Today we will see how to perform a vulnerability assessment with OpenVAS. The target on which I have performed this vulnerability assessment is Metasploitable. Start Kali Linux ( The system on which we have installed OpenVAS,,, obviously). Open a terminal and type the following commands as underlined below.
Then open a browser and direct the browser to port no 9392 as shown below. You should get the following interface.
We will perform a quick scan. In the blank given, enter the IP address of our target as shown below and click on “Start Scan” as shown below.
The scan will run as shown below. It will take quite a bit of a long time. So I would suggest you go and eat some pani puri and come back.
Once you are back, the scan should be finished and will look as shown below. Click on the link shown below.
You should get a general summary of the scan.
Now let us see the scan report. Go to “Scan Management” tab and click on Reports as shown below. It will show you a list of scans we performed. In our case, there is only one scan.
Now click on the scan as shown below.
This is our entire scan report with all the vulnerabilities existing in our target classified from high to low.
In our next howtos, we will see how to exploit all these ( which means most of them ) vulnerabilities. Until then, Good bye.