Posted on 2 Comments

Beginners guide to OpenVAS

Hello, aspiring ethical hackers. In our previous blogpost, you learnt about vulnerability scanning. In this blogpost, you will learn about OpenVAS. OpenVAS or Greenbone Open Vulnerability Assessment Scanner is a fully featured vulnerability scanner. Its features include unauthenticated and authenticated testing, various high-level and low-level internet and industrial protocols, performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test. This article is a beginners guide to this tool.

It is an open source software and can be installed on Linux systems. Let’s start with installing OPENVAS on Kali Linux. Before you start the installation, update the Kali Linux system using the command shown below.

OpenVAS scanner is a part of Greenbone Vulnerability Manager (GVM) software. So, we have to install this software using command shown below.

sudo apt install gvm -y

After successfully installing it, we need to set gvm. This can be done using a simple command.

sudo gvm-setup

This simple command will take care of everything needed to setup this tool.

At the end of the setup, a password is created for the admin user of OpenVAS. It’s very important to make a note of this password. Otherwise you will not be able to login into the web interface of OpenVAS. The setup of OpenVAS is finished. It’s good to check if everything is installed correctly. Use the command below for that.

sudo gvm-check-setup

If you get a message as highlighted in the above image, it means the installation is successful without any errors. Everything’s done. Now let’s start the OpneVAS service. This can be done using command below.

sudo gvm-start

This will start OpenVAS and present you with URL of the web interface. By default, OpenVAS runs on port 9392. Click on the URL to go to its web interface. When the browser starts, you will most probably be greeted with a potential security risk. Click on “Advanced”.

As an ethical hacker, you will have to take lot of risks. This is one of the HARMLESS risks you will be taking. Click on “Accept the Risk and Continue” button.

You will be taken to the login screen of OpenVAS.

Login with the credentials. The username is “admin” and password is the password I told you to take not at the beginning of this blogpost.

You will be taken to the dashboard of OpenVAS. I don’t know about you but the first thing I want to do is change my password. To do this, go to the Admin menu and click on “My settings”.

This will take you to the “settings” page as shown below. You can see some general settings of OpenVAS.

Click on Edit tab highlighted in the above image. Next, change your password and click on “Save”.

Next to change is how you want to access the web interface of OpenVAS. By default, you can only access it from he local machine. i.e the machine on which its is installed. If you want to access the web interface from any machine on the network, it can be changed too. This configuration is stored in the “gsad.service” text file. Open it with your favorite text editor (In my case it is nano).

The line you want to change is the one that starts with ExecStart as shown below.

On that line, you can see the IP address and port on which the web interface of OpenVAS is running. By default, the IP is 127.0.0.1. Change it to 0.0.0.0. don’t forget to save the changes.

Restart the OpenVAS daemon and the gsad service.

If there ever arise a need to check logs of OpenVAS, this tool’s logs are given below.

You can stop the OpenVAS service using the command shown below.

sudo gvm-stop

Posted on 2 Comments

How to install Shellter in Kali Linux

It is a dream of every hacker to bypass the antivirus solutions of their targets. Recently we have been learning about various payload generators that can bypass antivirus. In this howto, we will see one such payload generator which is designed to bypass antivirus. It’s named Shellter. To say in the words of its makers, “By using Shellter, you automatically have an infinitely polymorphic executable template, since you can use any 32-bit ‘standalone’ native Windows executable to host your shellcode. By ‘standalone’ means an executable that is not statically linked to any proprietary DLLs, apart from those included by default in Windows. ”

Let us see how to install Shellter in Kali Linux. The version we are using here is the latest version Shellter V7.0 till date which can be downloaded from here. Go to the download page and download the zip file shown below.

Click on the link and save the file as shown below.

Once the download is finished, go to the Downloads folder. You will see the “shellter.zip” file as shown below. I copied the file to the root folder but if you want to keep the file in Downloads folder you can keep it. This step is not mandatory.

Now change the permissions of the zip file as shown below. Until you change the permission- s, you cannot unzip the files. After you change the permissions of the file, unzip the contents of the file using the “unzip” command.

Type “ls“. You will see a new directory with name “shellter”. You have successfully installed Shellter in Kali Linux. Navigate into the directory “Shellter” to see its contents as shown belo- w. We will see how to use Shellter to bypass antivirus in our next issue. Until then, happy hacking practice.

install shellter in kali linux
Posted on 1 Comment

How to setup Vulnerawa in Wamp server

Good Evening friends. Today we will see how to setup Vulnerawa in Wamp Server. For those newbies who don’t know what is Vulnerawa, it is a vulnerable web app coded by me to simulate a real website for practice. Read more about it here. First, download Wamp Server from here as appropriate to your system requirements. We will use “WAMPSERVER (64 BITS & PHP 5.3.10) 2.2d″ for this howto. Install the Wamp Server. Open browser and type “localhost” in the URL bar to see if Wamp server is working as shown below.

We can see that there are no projects available. Now download Vulnerawa from here. You will find a zip file as shown below. Now we will extract the contents of this file into the root folder of Wamp server. Right click on the zip file, go to 7-zip as shown below ( or any other unzipping software ) and select “Extract files”option. Extract the files to the folder “C:\\wamp\www” which is the root folder for Wamp server.

Now lets check the root folder to see if the files are extracted. Go to wamp server’s root directory and you should see the folder named “vulnerawa1.0.2” as shown below.

Now open your browser and type “localhost” once again. Now we can see our projectVulnerawa1.0.2 listed in the Projects section as shown below.

Click on the project. If you see the below webpage, then you have successfully setup Vulnerawa. If it gives you some error go to the url and type “http://localhost/vulnerawa1.0.2” directly. Happy hacking practice.

vulnerawa in wamp server

Here’s a video version of this howto.

https://www.youtube.com/watch?v=IJqqFFX5upc
Posted on 198 Comments

How to install Kali Linux in VirtualBox (2024)

Hello, aspiring ethical hackers. In this blogpost, you will learn how to install Kali Linux in VirtualBox. The makers of Kali Linux have a released the latest version of the popular pen testing distro. So, we decided to update this article on how to install Kali in VirtualBox.

Every latest version of Kali Linux has many brand new features. Now, let’s see the simplest process to install Kali Linux in VirtualBox. The makers of Kali Linux provide pre-built VMs for popular virtualization software like VMware, VirtualBox, QEMU and Hyper-V. Go here and download the pre-built image of VirtualBox. We have performed this installation in the Oracle VirtualBox 6. In this article, we will be installing Kali Linux 2024.2 but the process is same for any version of Kali Linux.

The pre-built image will be downloaded in the form of an zip archive. Extract the contents of the zip archive. Your downloaded contents should look like below. As you can see, there will be two files: Virtual Disk Image (VDI) file and VBOX files.

Now open VirtualBox and go to Machine > Add. You can also use shortcut “CTRL+A” to get there.

In the window that opens, browse to the directory that consists of contents of the zip archive we have extracted at the beginning of this article. A window like below will open. Browse to the OVA file we downloaded.

Only the vbox file will be displayed. Select this file. Doing this will successfully create the virtual machine on VirtualBox as shown below.

Power ON the virtual machine by double clicking on it. You should see the login screen as shown below.

Happy hacking practice.