Kali tools installation

From Luniwiki
Jump to: navigation, search

Encrypt volumes

Volumes / and swap are encrypted.

Change vi config

u505@naos:~$ vi .vimrc
u505@naos:~$ cat .vimrc
set mouse-=a
syntax on
u505@naos:~$ sudo cp .vimrc /etc/skel/
u505@naos:~$ sudo cp .vimrc /root/

Change bashrc

cp bashrc /home/u505/.bashrc
sudo cp bashrc /root/.bashrc
sudo cp bashrc /etc/skel/.bashrc

Packages

sudo apt install cifs-utils ssh xrdp
sudo apt install cifs-utils ssh xrdp ocl-icd-libopencl1 nvidia-driver virtualbox nvidia-cuda-toolkit cmake python3-pip python-pip exiftool keepass2 gobuster mutt rlwrap torbrowser-launcher html2text connect-proxy lynx ltrace strace irssi okular libreoffice snmp-mibs-downloader terminator neo4j jxplorer npm buildtorrent putty ridenum libguestfs-tools ipv6-toolkit kali-linux-everything
u505@naos:~$ sudo dpkg --add-architecture i386
u505@naos:~$ sudo apt update
u505@naos:~$ sudo apt install wine32 libc6:i386

Python modules

u505@naos:/opt/utils$ sudo pip install mechanize termcolor droopescan
u505@naos:/opt/utils$ sudo pip3 install websockets pathlib ipparser droopescan

Enable ssh and xrdp

u505@naos:~$ sudo systemctl enable ssh
Synchronizing state of ssh.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable ssh
Created symlink /etc/systemd/system/sshd.service → /lib/systemd/system/ssh.service.
Created symlink /etc/systemd/system/multi-user.target.wants/ssh.service → /lib/systemd/system/ssh.service.
u505@naos:~$ sudo systemctl enable xrdp
Synchronizing state of xrdp.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable xrdp
u505@naos:~$ cd .ssh/
u505@naos:~/.ssh$ cat authorized_keys
ssh-rsa AAAAB3...xy5w== u505@naos.oamis.net
u505@naos:~/.ssh$ chmod 600 authorized_keys
 u505@naos:~/.ssh$ cd 
u505@naos:~$ sudo vi /etc/ssh/sshd_config
[sudo] password for u505: 
u505@naos:~$ cat /etc/ssh/sshd_config | grep -v "^#" | grep -v "^$"
Include /etc/ssh/sshd_config.d/*.conf
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem       sftp    /usr/lib/openssh/sftp-server
u505@naos:~$ sudo systemctl restart ssh

Enable MIBS

u505@naos:~$ sudo vi /etc/snmp/snmp.conf
u505@naos:~$ cat /etc/snmp/snmp.conf
# As the snmp packages come without MIB files due to license reasons, loading
# of MIBs is disabled by default. If you added the MIBs you can reenable
# loading them by commenting out the following line.
#mibs :

# If you want to globally change where snmp libraries, commands and daemons # look for MIBS, change the line below. Note you can set this for individual # tools with the -M option or MIBDIRS environment variable. # # mibdirs /usr/share/snmp/mibs:/usr/share/snmp/mibs/iana:/usr/share/snmp/mibs/ietf

Setup TPM

DOES NOT COMPILE

u505@naos:~$ sudo systemctl start trousers
u505@naos:~$ sudo tpm_takeownership -z
Enter owner password:
Confirm password:
u505@naos:~$ cd /opt/
u505@naos:/opt$ sudo git clone https://github.com/Rohde-Schwarz-Cybersecurity/TrustedGRUB2
Cloning into 'TrustedGRUB2'...
remote: Enumerating objects: 82525, done.
remote: Total 82525 (delta 0), reused 0 (delta 0), pack-reused 82525
Receiving objects: 100% (82525/82525), 19.60 MiB | 20.73 MiB/s, done.
Resolving deltas: 100% (61859/61859), done.
u505@naos:/opt$ cd TrustedGRUB2/
u505@naos:/opt/TrustedGRUB2$ sudo ./autogen.sh
u505@naos:/opt/TrustedGRUB2$ sudo ./configure --prefix=`pwd` --target=i386 -with-platform=pc
u505@naos:/opt/TrustedGRUB2$ sudo make

Local repositories

u505@naos:~$ cd /opt/
u505@naos:/opt$ sudo chgrp u505 ./
u505@naos:/opt$ sudo chmod 775 ./
u505@naos:/opt$ git clone https://u505@gitserver/git/HTB.git
u505@naos:/opt$ cd HTB/
u505@naos:/opt/HTB$ git config --global user.name "Daniel Simao"
u505@naos:/opt/HTB$ git config --global user.email "daniel@simao.us"
u505@naos:/opt$ git clone https://u505@gitserver/git/Collection1.git

External utils

GDB tools

u505@naos:~$ cd /opt/
u505@naos:/opt$ mkdir utils
u505@naos:/opt$ cd utils/
u505@naos:/opt/utils$ git clone https://github.com/hugsy/gef.git
u505@naos:/opt/utils$ sudo pip install capstone keystone-engine pylint ropper unicorn
u505@naos:/opt/utils$ sudo pip3 install capstone keystone-engine pylint ropper unicorn
u505@naos:/opt/utils$ git clone https://github.com/longld/peda.git
u505@naos:/opt/utils$ git clone https://github.com/pwndbg/pwndbg
u505@naos:/opt/utils$ vi ~/.gdbinit
u505@naos:/opt/utils$ cat ~/.gdbinit
define init-peda
source /opt/utils/peda/peda.py
end
document init-peda
Initializes the PEDA (Python Exploit Development Assistant for GDB) framework
end

define init-gef source /opt/utils/gef/gef.py end document init-gef Initializes GEF (GDB Enhanced Features) end
define init-pwndbg source /opt/utils/pwndbg/gdbinit.py end document init-pwndbg Initializes PwnDBG end u505@naos:/opt/utils$ sudo cp ~/.gdbinit /root/.gdbinit u505@naos:/opt/utils$ sudo cp ~/.gdbinit /etc/skel/.gdbinit

Pwntools

u505@naos:/opt/utils$ sudo pip install pwntools
u505@naos:/opt/utils$ sudo pip3 install pwntools

One gadget

u505@naos:/opt/utils$ git clone https://github.com/david942j/one_gadget.git
u505@naos:/opt/utils$ cd one_gadget/
u505@naos:/opt/utils/one_gadget$ sudo gem install one_gadget
u505@naos:/opt/utils/one_gadget$ cd ..

Ghidra

u505@naos:/opt/utils$ wget -q https://ghidra-sre.org/ghidra_9.1.2_PUBLIC_20200212.zip
u505@naos:/opt/utils$ unzip ghidra_9.1.2_PUBLIC_20200212.zip
u505@naos:/opt/utils$ ln -s ghidra_9.1.2_PUBLIC ghidra
u505@naos:/opt/utils/ghidra$ sudo vi /usr/share/applications/Ghidra.desktop
u505@naos:/opt/utils/ghidra$ cat /usr/share/applications/Ghidra.desktop
[Desktop Entry]
Name=Ghidra
Encoding=UTF-8
Exec=sh -c "/opt/utils/ghidra/ghidraRun"
Icon=/opt/utils/ghidra_9.1.2_PUBLIC/docs/images/GHIDRA_1.png
StartupNotify=false
Terminal=false
Type=Application
Categories=07-reverseengineer;

LinEnum

u505@naos:/opt/utils$ git clone https://github.com/rebootuser/LinEnum.git

Pspy

u505@naos:/opt/utils$ mkdir pspy
u505@naos:/opt/utils$ cd pspy/
u505@naos:/opt/utils/pspy$ wget -q https://github.com/DominicBreuker/pspy/releases/download/v1.2.0/pspy32
u505@naos:/opt/utils/pspy$ wget -q https://github.com/DominicBreuker/pspy/releases/download/v1.2.0/pspy64
u505@naos:/opt/utils/pspy$ wget -q https://github.com/DominicBreuker/pspy/releases/download/v1.2.0/pspy32s
u505@naos:/opt/utils/pspy$ wget -q https://github.com/DominicBreuker/pspy/releases/download/v1.2.0/pspy64s
u505@naos:/opt/utils/pspy$ chmod +x *
u505@naos:/opt/utils/pspy$ cd ..

Nmapautomator

u505@naos:/opt/utils$ git clone https://github.com/21y4d/nmapAutomator.git
u505@naos:/opt/utils$ chmod +x nmapAutomator/nmapAutomator.sh

Dirsearch

u505@naos:/opt/utils$ git clone https://github.com/maurosoria/dirsearch.git

Jaws (Just another Windows (Enum) script)

u505@naos:/opt/utils$ git clone https://github.com/411Hall/JAWS.git

mdless (to see md files in terminal)

u505@naos:/opt/utils$ git clone https://github.com/ttscoff/mdless.git
u505@naos:/opt/utils$ cd mdless/
u505@naos:/opt/utils/mdless$ sudo gem install mdless
u505@naos:/opt/utils/mdless$ cd ..

Impacket

u505@naos:/opt/utils$ git clone https://github.com/SecureAuthCorp/impacket.git
u505@naos:/opt/utils$ cd impacket/
u505@naos:/opt/utils/impacket$ sudo python3 setup.py install
u505@naos:/opt/utils/impacket$ cd ..

Nullinux

u505@naos:/opt/utils$ git clone https://github.com/m8r0wn/nullinux.git

Decrypt mRemoteNG passwords from config files

u505@naos:/opt/utils$ git clone https://github.com/haseebT/mRemoteNG-Decrypt.git

Cisco Type 7 password decrypter

u505@naos:/opt/utils$ git clone https://github.com/theevilbit/ciscot7.git

Evil-winrm

u505@naos:/opt/utils$ sudo gem install evil-winrm

Fix deprecated message

u505@naos:/opt/utils$ sudo gem install openssl

https://github.com/mdp/gibberish/pull/27/commits/6329a149916e13b02e1337b4daaf74513785670c

u505@naos:/opt/utils$ sudo vi +39 /usr/lib/ruby/vendor_ruby/net/ntlm/client/session.rb
u505@naos:/opt/utils$ sudo vi +128 /usr/lib/ruby/vendor_ruby/net/ntlm/client/session.rb
u505@naos:/opt/utils$ sudo vi +140 /usr/lib/ruby/vendor_ruby/net/ntlm/client/session.rb
u505@naos:/opt/utils$ grep -n 'OpenSSL::Cipher::Cipher.new("rc4")' -A1 /usr/lib/ruby/vendor_ruby/net/ntlm/client/session.rb
39:          #rc4 = OpenSSL::Cipher::Cipher.new("rc4")
40-          rc4 = OpenSSL::Cipher.new("rc4")
--
129:            #rc4 = OpenSSL::Cipher::Cipher.new("rc4")
130-            rc4 = OpenSSL::Cipher.new("rc4")
--
140:            #rc4 = OpenSSL::Cipher::Cipher.new("rc4")
141-            rc4 = OpenSSL::Cipher.new("rc4")

Sysinternal tools

u505@naos:/opt/utils$ mkdir Sysinternals
u505@naos:/opt/utils$ cd Sysinternals/
u505@naos:/opt/utils/Sysinternals$ wget -q https://download.sysinternals.com/files/SysinternalsSuite.zip
u505@naos:/opt/utils/Sysinternals$ unzip SysinternalsSuite.zip
u505@naos:/opt/utils/Sysinternals$ cd ..

Php shell

u505@naos:/opt/utils$ git clone https://github.com/Dhayalanb/windows-php-reverse-shell.git
u505@naos:/opt/utils$ git clone https://github.com/WhiteWinterWolf/wwwolf-php-webshell.git
u505@naos:/opt/utils$ git clone https://github.com/b374k/b374k.git

Windows Exploit suggester

u505@naos:/opt/utils$ git clone https://github.com/bitsadmin/wesng.git
u505@naos:/opt/utils$ cd wesng/
u505@naos:/opt/utils/wesng$ sudo python3 setup.py build
u505@naos:/opt/utils/wesng$ sudo python3 setup.py install
u505@naos:/opt/utils/wesng$ cd ..

Urlencode

u505@naos:/opt/utils$ mkdir urlencode
u505@naos:/opt/utils$ cd urlencode/
u505@naos:/opt/utils/urlencode$ wget -q https://gist.githubusercontent.com/cdown/1163649/raw/356166e6a1564d93e02e174718eb59f50108a7aa/gistfile1.sh
u505@naos:/opt/utils/urlencode$ cd ..

Bloodhound

u505@naos:~$ sudo neo4j console
[sudo] password for u505:
Active database: graph.db
Directories in use:
 home:         /usr/share/neo4j
 config:       /usr/share/neo4j/conf
 logs:         /usr/share/neo4j/logs
 plugins:      /usr/share/neo4j/plugins
 import:       /usr/share/neo4j/import
 data:         /usr/share/neo4j/data
 certificates: /usr/share/neo4j/certificates
 run:          /usr/share/neo4j/run
Starting Neo4j.
WARNING: Max 1024 open files allowed, minimum of 40000 recommended. See the Neo4j manual.
2020-06-23 19:58:50.402+0000 INFO  ======== Neo4j 3.5.3 ========
2020-06-23 19:58:50.412+0000 INFO  Starting...
2020-06-23 19:58:52.587+0000 INFO  Bolt enabled on 127.0.0.1:7687.
2020-06-23 19:58:53.777+0000 INFO  Started.
2020-06-23 19:58:54.583+0000 INFO  Remote interface available at http://localhost:7474/

Neo4j 01.png

Neo4j 02.png

u505@naos:/opt/utils$ git clone https://github.com/BloodHoundAD/BloodHound.git
u505@naos:/opt/utils$ sudo npm install -g electron-packager
u505@naos:/opt/utils$ cd BloodHound/
u505@naos:/opt/utils/BloodHound$ sudo npm install
u505@naos:/opt/utils/BloodHound$ sudo npm update
u505@naos:/opt/utils/BloodHound$ sudo npm run linuxbuild
u505@naos:/opt/utils/BloodHound$ sudo chmod 4755 /opt/utils/BloodHound/BloodHound-linux-x64/chrome-sandbox
u505@naos:/opt/utils/BloodHound$ cd BloodHound-linux-x64
u505@kali:/opt/utils/BloodHound/BloodHound-linux-x64$ ./BloodHound

Bloodhound01.png

u505@kali:/opt/utils/BloodHound/BloodHound-linux-x64$ cd ..
u505@naos:/opt/utils/BloodHound$ cd ..

PowerSploit

u505@naos:/opt/utils$ git clone https://github.com/PowerShellMafia/PowerSploit.git -b dev

John the Ripper Magnum

u505@naos:/opt/utils$ git clone https://github.com/magnumripper/JohnTheRipper.git

References

Daniel Simao 14:42, 22 June 2020 (EDT)