Posted on 16 Comments

Adding new exploits to Metasploit from exploitdb

Good Evening friends. Today we will see how to add new exploits to Metasploit from the exploit database. As we all know, Metasploit is a framework to exploit systems. This howto is being done in Kali Linux which has Metasploit installed by default. You can see below that here Metasploit has total 1467 exploits.  Now let us add the recently released Microsoft Windows Media Center MCL vulnerability exploit to Metasploit framework.

Go to the website exploit-db.com and open the search option as shown below. Go to the Advanced Search option and give the below values to search for all the exploits for Metasploit.

As the below image shows, we get all the exploits authored by Metasploit. We are interested in the  Ms15-100 Microsoft Windows Media Center MCL vulnerability underlined below.

Now click on the download option as shown below. A window will open as shown below.  Select the Save option.

Now open a terminal and navigate to the Downloads folder to check your download.  In our present case it is “38195.rb”.

Now navigate to the directory where metasploit stores its exploits by typing command “cd/root/.msf4“. Go into modules directory and create a directory named “exploits” inside that directory. Now go into the exploits directory(which you just created) and create another directory named “windows”, inside the windows directory( which once again you just created) create directory “local”. If you are getting confused, all the steps are given in below image, just follow them. We are just creating a valid path for metasploit to find this exploit. Once you are in the local directory, copy the exploit you just downloaded to the local folder as shown below.

Ok, we’re almost done. Now restart the system and fire up your Metasploit. Now you can see that we have 1468 exploits as 1467 previously.

Now let us search for our exploit by typing command “search ms15_100”.  Load the exploit as shown below.  We have successfully added a new exploit  to Metasploit. Hope that was helpful.

Posted on 4 Comments

Reset nessus password in Windows

Hi Friends, this is a guide on how to reset Nessus password in Windows. Open a command line terminal with administration privileges. Navigate to the installation folder of Nessus as shown below. That would be in program files.

Once you are in that folder, type “dir” command to see the contents of the folder as shown below.

Now type command ” nessuscli.exe lsuser ” to see all the Nessus users. In my case there is only one user present. Now to reset his password, type command ” nessuscli.exe chpasswd root “. Then enter the new password twice as shown below. Congrats, you have successfully changed your Nessus password.

See how to reset nessus password in Linux. Want to learn how Black Hat hackers hack? subscribe o our Digital Magazine Now.

Posted on 1 Comment

Reset nessus password in Kali linux

Hi Friends, its common that we forget things. I have forgotten my Nessus password so many times. Today we will see how to reset Nessus password in Kali Linux in case you have forgotten it.

Nessus is the world’s most popular vulnerability assessment tool. It is an open source vulnerability scanner although there is also a commercial option. option Open a terminal, and type the command “cd /opt/nessus/sbin” to navigate to the sbin directory. Here type “ls”  to see the contents of this directory as shown below.

reset nessus password

Next type command “./nessuscli lsuser ” to see all the nessus users present. Here, we have only one.  Ok, let’s reset the password for user root. Type command ” ./nessuscli chpasswd root “. The system will prompt you to enter the new password. Enter the password two times as shown below. You have successfully reset Nessus password. Now logon with the new password.

See how to install Nessus in Kali Linux.

Want to learn how Black Hat hackers hack? Subscribe to our Digital Magazine

Posted on 2 Comments

How to create a web application pentest lab

Good Evening friends. Today we will see a step by step guide  on how to create a web application pen test lab .

For creating this lab, I am using a host machine with Windows 7 installed on it.  We also need the following software.

1. Wamp server ( Download here)

2. Vulnerawa ( Download here )

3. Vmware Workstation   or Oracle Virtualbox ( Download here )

4. Kali Linux ( Download here )

Download the above software to your system. Install Wamp server.  For this WAPT lab,  we will use Vulnerawa as a vulnerable website or target website. Extract the contents of the vulnerawa.zip folder to the root folder of the Wamp server. Now open a browser and and type localhost in the URL bar to see if you can see the victim webapp as shown below.

Click on “Create Database” to create some data which we will use in our future howto’s.

Now let’s change the permissions of the Wamp server to access it from our attacker machine. Go to Apache>httpd.conf as shown below.

You should see the httpd.conf as shown below.  Type CTRL+F and search for word “stuff”. After you find it, make changes  as shown below in the red box. Save the file by typing CTRL+S  and restart the Wamp server.

Now install Kali Linux in Vmware Workstation or Oracle Virtualbox (see how ). Set the network adapter to NAT. Now open command line in your host machine and check the IP address assigned to your host machine as shown below by typing command “ipconfig”. Since I am using Vmware Workstation my network adapter is Vmware network adapter vmnet8. The IP address assigned to my host machine is 192.168.64.1.

Now start your attacker machine( Kali Linux ), open browser and type the address 192.168.64.1 in the url bar and see if you can access the victim web application as shown below.

Your web application pentest lab is ready. Happy hacking.

Posted on 7 Comments

How to spoof your IP address in Kali Linux

Kali Linux is the most advanced penetration testing distribution with a number of tools. While using these tools a measure of anonymity is required. Today we are going to see how to spoof your IP address in Kali Linux. First, check your IP address by visiting any website which shows your IP address ( http://www.whatismyip.com ). Then go to the site www.vpnbook.com.

Download the Euro1 Server OpenVPN certificate bundle as shown below. Note down the username and password given. We will need it in later steps.

When you click on the download link, the following window opens. Since it is a zip package, system will prompt whether to open it with unzip ( the default option ). Click on “OK”.

Open the terminal and navigate to the directory where the contents of the zip archive have been unzipped. Type the command “ls” to see the unzipped files. We are going to use the vpnbook-euro1-udp53.ovpn package.

OpenVPN has been installed by default in the Kali Linux distribution. Type the command “openvpn vpnbook-euro1-udp53.ovpn” to start the process.

The installation starts.  Enter the username and password we noted above when prompted.

After a short time, the process is completed. Check your IP address again. If everything goes well, your IP address will be changed.