Posted on

Parrot OS VirtualBox installation using ISO File

Hello aspiring ethical hackers. In this article, you will see how to install Parrot Security ISO in VirtualBox. In our previous article readers have seenhow to install Parrot Security OS in VirtualBox using OVA file (VirtualBox image file). In this article, readers will see how to install Parrot Security OS in VirtualBox using ISO file. Download the Parrot security ISO file from here. Once ISO file is finished downloading, open VirtualBox, go to Machine > New or hit CTRL+N as shown below.

A new window will open as shown below.

Click on “Expert mode”.

How to install parrot os virtualbox

Fill up the details. Configure the machine folder, type of OS, version etc and allocate the RAM (RAM should be minimum 2GB). Once everything is configured, Click on “Create”.

Allocate the hard-disk size (minimum 16 GB is the minimum requirement but keep it at least 20 GB). Set the other options as shown below. Click on “Create”.

The virtual machine is created. Start the newly created virtual machine. It should start as shown below.

Browse to the ISO file we downloaded earlier and add it as shown below. Then, click on “Start”.

The interface changes as shown below. Click on “Install”.

Once you are at the OS interface, click on “Install Parrot “. The Calamares Installer opens.

Click on “Next “. Select Location and click on “Next”.

Select the keyboard mode and click on “Next”.

Set the partition. Select “Erase disk” and click on “Next”.

Create a user and set credentials to the newly created user.

Review all the settings and click on “Install”.

Click on “Install Now.”

The system starts installing as shown below.

Once the system has finished installing as shown below, click on “Done” .

This will restart the system and will take you to the Login screen. Login using credentials of the newly created user and you are good to go. Happy hacking.

Posted on

Installing MATE Desktop in Kali Linux

Hello readers. Today our readers will learn about installing mate desktop in Kali Linux. You all know the first release of Kali Linux this year, Kali Linux 2020.1 has been released in the month of January. The latest version brought many changes like not giving root user by default and some new tools. The most distinct change it brought is a single installer image for installation. Earlier we had different installation images for different desktop environments which include GNOME, KDE etc.
With 2020.1 release, there will be a single installation image for all these and users would have to select the desktop environment he/she needs while installing. The information about different desktop environments and their pros and cons can be seen here.

Today we will see a tutorial on how to install MATE Desktop environment in Kali Linux 2020.1. MATE Desktop although looks old fashioned is light and has a simple interface. Here’s how to install MATE desktop environment in Kali Linux 2020.1. We have performed this tutorial from a X11 terminal but all these commands can be run from any other desktop environment’s terminal. Power on the Kali 2020.1 virtual machine and login (since there is no root user you should login as a user you created or the default user:password i.e kali:kali).

Open a terminal and using nano open the file /etc/apt/sources.list. with sudo

Add these two lines of code to the file and save it.
deb http://kali.download/kali kali-rolling main non-free contrib
deb-src http://kali.download/kali kali-rolling main non-free contrib

To save the file hit CTRl+X and when it prompts select “Yes”.Run command sudo apt-get update

Now everything is ready to install MATE desktop. Run the command given below.
sudo apt-get install mate-core mate-desktop-environment-extra mate-desktop-environment-extras

installing mate desktop in kali

When the system prompts you for permission to install MATE and its related software, type “Y”.

The installation will take some time to finish. After the installation is finished, restart the system (the command is sudo reboot or reboot if you are doing it from terminal). Once the system reboots and takes you to the login screen, before logging in click on the “settings” icon beside the “Signin” button. There you will see all the desktop environments present on the system right now. Select MATE and then login.

Installing MATE desktop has been successfully finished with this.

Liked this article? Learn advanced ethical hacking tutorials in our Monthly Magazine. Enjoy Free for 3 months.

Posted on

Hacking ProFTPd on port 2121 and hacking the services on port 1524

In our previous article, we have seen how to exploit the rexec and remotelogin services running on ports 512 and 513 of our target Metasploitable 2 system. In this article, we will be hacking proftpd on port 2121 and the service running on port 1524 which are next in the Nmap scan report as shown below. On running a verbose scan, we can see that the service running on port 1524 is Metasploitable Root shell.

hacking proftpd

What is this Root shell? In our Metasploitable Tutorials, we have seen a number of ways to gain a shell or meterpreter session on the target system. But those shells were obtained by hacking some software present on the system. This shell is deliberately left on the system. But why would someone leave a shell deliberately on a system?
In cyber security, there is a concept called trapdoors or backdoors. As soon as hackers gain access to a system by hacking something on it, they plant an easy and quick method to once again come back into the system. This is known as trapdoor or backdoor.

The shell on port 1524 is a shell like that. Usually to prevent other hackers from gaining access to the system through their backdoor they use protection like passwords etc. Here it seems the hacker forgot to secure it. Normally backdoors like these are enabled on some common ports which evoke less suspicion from cyber security personnel. But how do we gain access to this shell? Although there are a number of ways to do this, the easiest way is telnet.
Open telnet and telnet to the port 1524 as shown below. As you can see highlighted below, we got a shell with Root access without doing much.

Try out some linux commands to verify we got a shell with some interaction.

As you can see in the above image, we have shell with ROOT privileges. We can even change the target system’s password now. Now let’s move on to hacking ProFTPd.
Verbose scan has reported that a FTP server named ProFTPd server version 1.3.1 is running on port 2121. I googled for any vulnerabilities present in the particular version but got none. If you remember, we already hacked one FTP server running on port 21.
I used banner grabbing method of telnet (we showed you in detail about this method in of our Hackercool magazine) to see if the service will reveal any more information about itself. It gave nothing except the usual one.

The usual banner grabbing was not working. But maybe we don’t require a banner.We already have it. So this time, I just tried to connect to the service using telnet (although you can also use FTP for this). When “Escape character is ‘^]’ ” message is displayed, I type command “help”. As expected, it gives me all the commands that can be used. So it seems we already have access to the target server.

To confirm this, I tried one command. It prompted me for username and password. But thanks to an excellent phase of enumeration we performed, we already have the username and password. I decided to try the username/password msfadmin/msfadmin. Voila, it worked and we have access to the system now. Typing PWD command gives me the confirmation that I am inside the system. That’s all with hacking ProFTPd.

Liked this article? Learn advanced ethical hacking tutorials in our Monthly Magazine. Enjoy Free for 3 months.

Posted on 3 Comments

Hacking Rlogin and Rexec Services

In this post, we will be hacking rlogin (remote login) , rexec and remote shell services running on ports 512, 513 and 514 of Metasploitable 2 respectively. Performing a verbose scan on the target gives me the result as shown in the image below.

Before we exploit these services, let me explain as to what these services are. Remote execution service popularly called Rexec is a service which allows users to execute non-interactive commands on another remote system. This remote system should be running a remote exec daemon or server (rexecd) as in the case of our Metasploitable 2 target here. By default, this service requires a valid user name and password for the target system.(For your information, we already have the credentials which we acquired during enumeration).
Rlogin or Remote Login service is a remote access service which allows an authorized user to login to UNIX machines (hosts). This service allows the logged user to operate the remote machine as if he is logged into the physical machine. This service is similar to other remote services like telnet and SSH. This service by default runs on port 513.
Rsh or Remote shell is a remote access service that allows users a shell on the target system. Authentication is not required for this service. By default it runs on port 514.

Although Rsh doesn’t require a password, it requires the username belonging to the remote system. As discussed above, we already have the credentials. In case we don’t have the credentials, we have to crack the passwords as explained in one of our previous posts.
Rsh daemon can be installed in the Kali Linux machine using the command apt-get install rsh-server. Once the installation is over, the below command can be used to get a shell on the target machine. I have tried this with the username root. As you can see, we successfully got a shell on the target system.

How to hack rlogin services

The next service we will target is Remote Login running on port 514. The command to get remote login is given in the image below.

As you can see, we once again got a shell on the target system. Using Rexec is also almost similar to the methods shown above. That was about hacking rlogin, rexec and remote shell services. Learn how to hack ProFtpd service.

Liked this article? Learn advanced ethical hacking tutorials in our Monthly Magazine. Enjoy Free for 3 months.

Posted on

PEframe : Analysis of portable executable files

Hi Readers today we will see a PEframe Tutorial. These days hackers are using numerous ways to get into our systems. One of them is by sending a malicious portable executable file to us or make us download the malicious executable file and execute it on our system. We have seen one such Real World Hacking Scenario in the issue of Hackercool February 2017. In this scenario we have not only seen how hackers can make malicious executable files but also how they bypass antivirus and convince the innocent users to click on those malicious files. In this howto, we will learn how to perform analysis of portable executable files.

Analysis helps us to determine what the file was intended to do once clicked. There are two types of analysis: static analysis and dynamic analysis. In static analysis the sample is analyzed without executing it whereas in dynamic analysis the sample is executed in a controlled environment. Static analysis is performed on the source code of the sample portable executable. There are various tools which help us in static analysis of portable executables. One such tool is PEframe. PEframe reveals information about suspicious files like packers, xor, digital signature, mutex, anti debug, anti virtual machine, suspicious sections and functions and much more. PEframe is open source and can be installed in Kali Linux as shown below.

Open a terminal and type the command as shown below to clone PEFrame from Github.

After PEFrame is cloned successfully, a new directory is formed with name peframe. You are automatically taken into this directory. This tool requires simplejson (a subset of JavaScript). So install it using pip command. Next, we need to run the setup.py file from the directory. Since it is a python file, we need to run the command “python setup.py” install to install PEframe.

Once the installation is finished, type command “peframe -h” to see its simple usage

Before we analyze the portable executables, let us analyze some files we created for tutorials of our magazine. The first one is msf.pdf we created using Metasploit.

As you can see in the above image, we found not only an IP address but also an url hosting some executable file. It can be assumed that as we open this pdf file, another executable will be downloaded from the IP address and executed in our system. Let us now analyze a hta file created with Metasploit next. This file is analyzed as a HTML document with IP address and it has a library called kernel32.dll. This file probably opens a payload when clicked upon. Given below is another similar file in visual basic format.

Given below is a macro file. You can see all these files have an IP address where probably a listener is running.

Now let us analyze a portable executable file. Kali Linux has some exe files already stored in its windows-binaries folder. We will analyze the plink.exe file.

Plink.exe is a command line utility file similar to UNIX ssh. It is mostly used for automated operations. As you can see in the image given above, the program is giving more detailed information to us than the other files. The plink.exe has four sections and none of them appears to be suspicious. But the file has a packer, mutex and antidbg. The packer it used is Microsoft Visual C++ which is normally used for genuine programs.

Given above is its Antidbg and Mutex information. The dynamic link libraries it imports is also given. Given below are the apis (application programming interfaces) used by the file.

The filenames found in the portable executable are given in the image below. As you can see it has a big list of filenames.

Metadata is data about the data. Metadata reveals a lot of information about a file. Given below is the metadata of our portable executable. We can see that it is a part of Putty Suite.

Even the description of the file is given. Normally malware does not contain so much information about itself like this Plink file. Only genuine files contain so much information because they have no use to hide themselves. Now let us analyze another file. This file is also present in Kali Linux and it is a keylogger. It is klogger.exe present in the same windows-binaries folder.

As you can see in the above image, the file which has five sections has two suspicious sections and the packer it uses is ASPack v2.11. Let us have a look at its suspicious sections once.

Given below in the image are its api alerts and filenames. As you have observed, this file reveals very less information than the previous analyzed file. This in itself does not mean that the file is malicious but it gives a general idea about it. That’s all about Forensics using static analyzer PEFrame. We will be back with a new tool in our next howto.

Liked this article? Learn advanced ethical hacking tutorials in our Monthly Magazine. Enjoy Free for 3 months.