Sunday, 19 August 2018

Setup Kali Linux on Raspberry Pi 3 without Display : Portable Hacking Machine

Setup Kali Linux on Raspberry Pi 3 without Display : Portable Hacking Machine by Mr. SAGE

The Raspberry Pi is a low-cost, credit-card-sized ARM computer. Despite being a good bit less powerful than a laptop or desktop PC, its affordability makes it an excellent option for a tiny Linux system and it can do far more than act as a media hub.

The Raspberry Pi provides a SD card slot for mass storage and will attempt to boot off that device when the board is powered on.


So Let's Get Started..



Things You Need :
  • Raspberry Pi 3 : Amazon
  • SD Card (16 GB) : Amazon
  • Card Reader/SD Card Adoptor : Amazon
  • PowerBank/Charger : Amazon
  • PC/Laptop : Amazon
  • Linux Operating System with Root Access : Kali Linux or ParrotSecOS
  • Brain and Patience.
Installing Kali Linux on SD-Card :

1. Download the Kali Linux Raspberry Pi image from the Offensive Security downloads area.



2. Download Etcher for You Operating System


3. Get a fast SD card with at least 16 GB capacity and Connect it with your PC/Laptop using card reader.


4. Run Etcher, choose Downloaded .img file of Kali Linux then choose SD-Card as disk then click on Flash button.




WARNING : This Process will overwrite any existing data on your SD card. If you specify the wrong device path, you could wipe out your computer’s hard disk !!!


5. This process can take a while depending on your SD card’s device speed and image size..





Configuring Kali Linux without Display : 

1. Once the flashing process complete, open a Linux Operating System As Root (you can also use a Live Linux OS) (*if you're already using Linux skip this step).

2. Open Terminal and move to Desktop by typing : cd /root/Desktop


3. Now Download Pi4Kali by typing : git clone https://github.com/thehackingsage/pi4kali.git 




4. Connect SD-Card with your PC/Laptop using card reader, don't mount the drive.


5. Open GParted Application by typing : gparted




6. Select SD Card from the Top Right Corner.


7. Select the ext4 partition.


8. Resize the partition by dragging the right edge of the partition all the way to the right (click/drag the right edge).




9. When you are satisfied with the changes, click on the green check mark, "Return" arrow, or other "apply" control to execute these changes.




10. Mount the SD-Card.


11. Open Boot Partition of SD Card. 


12. Create a simple empty file named ssh on Boot Partition of SD Card.




13. After that Goto Pi4kali > Config Files > etc > wpa_supplicant and open wpa_supplicant.conf in a text editor


14. Type Your WiFi SSID in the place of Type_SSID and WiFi Password in the place of Type_Password. and then save the file (ctrl+s).




15. Now go back to Config File folder and Copy the etc folder and Paste it into Root Partition of SD Card.. it will ask you for Marge and Replace Files or Folder, click on Yes..




16. Copy and Paste Pi4Kali folder in Root Partition of SD Card (/root/Downloads/)




17. Insert the SD card into the Raspberry Pi and power it on. it'll automatically login as root and connect to your wifi.


18. Now Download Putty and VNC Viewer and Install Them.


19. The Default Static IP of Your KaliPi is 192.168.1.155.




20. Open Putty And Type 192.168.1.155 in Host and 22 in Port and click on Open.




21. It'll ask you for log as : root and Password : toor




22. Now goto pi4kali folder by typing : cd Downloads/pi4kali/


23. Give execution permission to install.sh file by typing : chmod +x install.sh


24. now execute the file by typing : ./install.sh




25. Press Enter and Wait for Finish the Installation..




# It'll Update Your Kali Linux, Start Up The XFCE Desktop Environment, Configure Auto Root Login and Configure VNC Autorun on Startup..


# In The Middle of Installation It'll Ask You for VNC Passwordyou can type whatever password you  want, then it'll ask for Enter A View-Only Password?(y/n) : Type n and Hit Enter..




26. Once the Installation process complete. restart the raspberry pi by typing : reboot


All Done.. !!!



Power On The Portable Hacking Machine :

1. Now Just Power On Your Raspberry Pi

2. Open VNC Viewer


3. Create a New Connection (CTRL+N)


4. Type 192.168.1.155:5900 in VNC Server and KaliPi in Name and click on OK.




5. Now Double Click on Kali Pi, It'll Ask You For Password So Type Your VNC Password, Check Remember Password and Click OK.




XFCE GUI Environment is Ready To Use :




# By default, the Kali Linux Raspberry Pi image has been streamlined with the minimum tools, similar to all the other ARM images. If you wish to upgrade the installation to a standard desktop installation, you can include the extra tools by installing the kali-linux-full metapackage..


6. So Open Your Terminal and Type apt-get install kali-linux-full -y and hit Enter.




That's It.. !!!


if you face any question or any problem in this process feel free to ask.. :)


and if you like this post please like & share with your friends..

Download H4CK3R The Book (An Ethical Hacking ebook For Beginners) : 

https://www.h4ck3rthebook.blogspot.com

Twitter : https://www.twitter.com/thehackingsage

Instagram : https://www.instagram.com/thehackingsage

Github : https://www.github.com/thehackingsage

& DON'T FORGET TO SUBSCRIBE..!!!

YouTube : https://www.youtube.com/hacktronian


Happy Hacking !!!

Labels:

Thursday, 16 August 2018

Tools for Information Gathering, Web Application Testing, Infrastructure Testing, Exploit Helpers and Utils

Tools For Web Application Testing by Mr. SAGE


Information Gathering

Google Hacking : Allows you to find juicy information indexed by Google about a target website (ex. directory listing, sensitive files, error messages, login pages, etc).

Find Subdomains : Allows you to discover subdomains of a target domain and to determine the attack surface of a target organization. Find systems which are less protected and more vulnerable to attacks.

Find Virtual Hosts : Attempts to discover virtual hosts that are configured on a given IP address. This is helpful to find multiple websites hosted on the same server.

Website Recon : This tool allows you to discover the technologies used by a target web application - server-side and client-side. It can also scan multiple virtual hosts on the same IP.

Metadata Extractor : Extracts metadata from public documents such as: pdf, doc, xls, ppt, docx, pptx, xlsx. The metadata may contain: author name, username, company name, software version, document path, creation date, etc.

Subdomain Takeover : Allows you to discover subdomains of a target organization which point to external services (ex. Amazon S3, Heroku, Github, etc) and are not claimed - leaving them vulnerable to hostile takeover.

Web Application Testing

URL Fuzzer : Discover hidden files and directories (which are not linked in the HTML pages): .conf, .bak, .bkp, .zip, .xls, etc. Get easy access to hidden content hosted on your target web server.

Web Server Scan : Finds common vulnerabilities which affect web applications: SQL injection, XSS, OS Comand Injection, Directory Traversal and others. The scanner also identifies specific web server configuration issues.

WordPress Scan : This tool helps you to discover security issues and vulnerabilities in the target WordPress website using the most advanced WordPress scanner: WPScan.

SharePoint Scan : Discover various security weaknesses and vulnerabilities in web applications built on top of Microsoft SharePoint and FrontPage.

Drupal Scan : Finds Drupal version, modules, theme and their vulnerabilities. Checks for common Drupal misconfigurations and weak server settings.

Joomla Scan : Perform a Joomla security assessment by finding vulnerabilities in Joomla core, components, modules and templates.

Infrastructure Testing

Ping Sweep : Enables you to see which IPs are 'live' within a given network range. Behind a 'live' IP there is a running server or workstation.

TCP Port Scan : Allows you to discover which TCP ports are open on your target host and also to detect service information, operating system version and to do traceroute.

UDP Port Scan : Allows you to discover which UDP ports are open on your target host, identify the service versions and detect the operating system.

Network Scan OpenVAS : This is a comprehensive scanner which allows you to detect a wide range of vulnerabilities mosty related to network services and operating systems but also includes web server configuration tests.

DNS Zone Transfer : Check if the name servers of the target domain are vulnerable to DNS Zone Transfer and attempt to retrieve the full DNS Zone file.

SSL Heartbleed Scan : This tool attempts to identify servers vulnerable to the OpenSSL Heartbleed vulnerability (CVE-2014-0160). When such a server is discovered, the tool also provides a memory dump from the affected server.

SSL POODLE Scan : The SSLv3 POODLE vulnerability scanner attempts to find SSL servers vulnerable to CVE-2014-3566, also known as POODLE (Padding Oracle On Downgraded Legacy) vulnerability.

SSL DROWN Scan : The DROWN vulnerability scanner tests a range of IP addresses (or just a single host) for the DROWN vulnerability in OpenSSL.

ROBOT Attack Scan : Allows you to discover vulnerable TLS servers (Web, Email, FTP) which are affected by the ROBOT vulnerability.

Exploit Helpers

HTTP Request Logger : This is a useful pentest utility which logs all the HTTP/S requests received on a certain handler URL: source IP, User Agent, URL parameters, timestamp, etc. This allows you to easily create Proof of Concepts in order to demonstrate vulnerabilities such as XSS, data exfiltration or to do social engineering.

Utils

ICMP Ping : Check if a server is live and responds to ICMP Echo requests. This tool can also be used to find the IP address of a hostname.

Whois Lookup : This tool allows you to perform Whois lookups online and extract information about domain names and IP addresses.

That's It !!! 

if you like this post please like & share with your friends..

Download H4CK3R The Book (An Ethical Hacking ebook For Beginners) : 





& DON'T FORGET TO SUBSCRIBE..!!!


Keep Visiting... Enjoy !!! :)

Labels: , , , , , , , ,