. Using Tor with Kali Linux

 . Using Tor with Kali Linux

Kali is perhaps one of the most secure operating systems in the world when it is guided by a competent security professional or knowledgeable hacker. But you don’t need to have advanced computing and I.T. systems degrees to take advantage of its vast array of security benefits. Unlike other popular operating systems like Windows platforms and Apple systems that were designed to harvest user information, Kali is incredibly secure.

The first reason it’s so darn secure is that it is an open standard. Independent third-party organizations can (and have) run audits on the operating system’s code to ensure there aren’t background processes that will steal your data. If you think it sounds like something out of a science fiction book, just remember that Windows not only has an open door policy with the NSA, but Windows 10 was found to contain gigabytes of operating system code that collect and analyze user behaviors, browsing habits, and other personal information. Furthermore, Kali Linux simply isn’t vulnerable all of the viruses and spyware that plague Windows systems.

Why Anonymity is Still a Big Concern for Linux Users

With all of the amazing security benefits of using Kali Linux, you might be wondering why you’d want to use Tor on this popular Linux system. Basically, even though Kali is incredibly secure, it really only helps protect data on your local system. Once you send data to a web server (that could be located anywhere in the world), you have no idea if hackers or governmental agencies will see your data.

In many instances, they’ll still be able to trace the origin of your data and track your IP address – unless you already use a proxy service or VPN service. That’s where Tor comes into play. Tor works by sending your data around to multiple nodes on the Tor network before sending them to the proper destination server. This serves to obfuscate your data, making it impossible for hackers and ISPs to locate the true source of the connection with a web server.

Tor Caveats and a Word of Caution

Perfect, so Tor will protect you 100% online. All you have to do is install it and start browsing the Internet and your privacy will never be infringed upon, right? Well, not exactly. While Tor remains an extremely useful tool for protecting your anonymity, it is far from perfect. Its origins are actually rooted in the United States Navy, but it has evolved and progressed to become a tool open to the entire world.

However, it has been hacked in the past and compromised a lot of personal data. The sad truth is that some people misuse Tor to hide illegal and clandestine activities. To put it bluntly, people take advantage of Tor to break the law. The vast majority of users just want the peace of mind that big brother isn’t looking over their shoulder every time they fire up a web browser. Unfortunately, the FBI has had to break the Tor network by hacking in to pursue unsavory and nefarious criminals such as child pornographers.

Even though there are a lot of security concerns with using the Tor network, it still holds tremendous value in protecting your data online. The catch is that I wouldn’t personally use Tor unless I was using it in conjunction with a VPN service to add an extra layer of security and encryption. There are a couple of methods of using Tor in conjunction with a VPN service.

Though today we are simply looking at how to use the Tor Browser with Kali Linux, note that you can first connect to a VPN server before using Tor. Alternatively, there are a few select VPN clients that allow Tor integration so that a user’s data is encrypted before, during transport, and after exiting the Tor node. Just about any competent VPN service provider will include guides on their website detailing the steps to use Tor in conjunction with a VPN tunnel.

Setting Up Tor in a Kali Environment

The very first thing you’re going to need to do is to download and install the Tor service. Use the following command from a terminal window:

• apt-get install tor

After the operation has completed, you’ll need to install the Tor bundle. Make sure you download the appropriate 32 or 64-bit version, and then switch your current working directory to your downloads folder with the following commands:

• cd `/Downloads/
• tar -xJf tor-browser-*

Make sure you use the appropriate upper and lowercase options for the command. Once your downloaded files have been extracted with the tar command, change to the correct folder and start the installation process.

• cd tor-browser*
• ./start-tor-browser.desktop

In some instances, you may actually run into issues if you are running these commands as the root user. In that case, I would advise that you create a new user account which lacks administrative root privileges and run the commands again.

You must also note that you have to use the Tor browser to use the Tor service. Essentially, the browser points to Tor nodes that are basically a special type of proxy service. If you were to browse the Internet from Firefox or another browser, you won’t be using the Tor service.

Final Thoughts

It’s pretty darn simple to install the Tor browser on Kali Linux. But I would caution you to refrain from using the Tor browser exclusively without another layer of protection such as a VPN service. The Tor service has been hacked several times in the past, and despite the Tor project’s improvements to their service, no code will ever be 100% infallible. To put it simply, they could very well be hacked again in the future, and without a VPN service, your personal information may be at risk.

Metagoofil Tutorial : Extract Information from Docs,Images

Metagoofil Tutorial : Extract Information from Docs,Images and more !!

Metagoofil is an excellent Information gathering tool that can be used for extracting tons of Information from Word Documents , PDF’s , Excel Sheets , .jpg Images and lots of other formats . Metagoofil therefore can provide a lots of fruitful information during the penetration testing just by scanning the files gathered. Lets learn how to extract information from documents, images using Metagoofil Tutorial.

This will become more clear with the following example : Not very far back , I was conducting a Penetration test for one of my company’s client that was a fortune 500 . Now they had certain files uploaded and also some presentations all present over the internet . Well , very common and shouldn’t be a problem. But on analyzing these documents we were able to get Email , mobile phone number and some more information of high level employees . These were further used to social engineer our way into the organisation.

 Metagoofil already exists in Kali Linux and is an excellent tool to use when it comes to analyzing the files for Meta Data in them . This Meta Data is just some Data about the file and used by the programs . The Meta data is neither ment to be seen by the user nor of any use for the user . Its there to be used by the program.

Metagoofil can be used to extracting the Meta Information from a variety of formats such as  word , pdf , .jpg etc including the HTML web pages.

Here is a Tutorial on the Usage of Metagoofil for Penetration Testers:

Metagoofil can be found on the menu such as picture below:

Metagoofil Tutorial on Kali Linux

Finding Metagoofil in Kali Linux 

To start using Metagoofil , Open terminal :

root@kali:~# metagoofil

This is what you should see on the terminal

 ******************************************************
*     /\/\   ___| |_ __ _  __ _  ___   ___  / _(_) | *
*    /    \ / _ \ __/ _` |/ _` |/ _ \ / _ \| |_| | | *
*   / /\/\ \  __/ || (_| | (_| | (_) | (_) |  _| | | *
*   \/    \/\___|\__\__,_|\__, |\___/ \___/|_| |_|_| *
*                         |___/                      *
* Metagoofil Ver 2.2                                 *
* Christian Martorella                               *
* Edge-Security.com                                  *
* cmartorella_at_edge-security.com                   *
******************************************************

 Usage: metagoofil options

         -d: domain to search
         -t: filetype to download (pdf,doc,xls,ppt,odp,ods,docx,xlsx,pptx)
         -l: limit of results to search (default 200)
         -h: work with documents in directory (use "yes" for local analysis)
         -n: limit of files to download
         -o: working directory (location to save downloaded files)
         -f: output file

 Examples:
  metagoofil.py -d apple.com -t doc,pdf -l 200 -n 50 -o applefiles -f results.html
  metagoofil.py -h yes -o applefiles -f results.html (local dir analysis)

Here is a screenshot of the Metagoofil .

metagoofil Usage Example 1

root@kali:~# metagoofil -d kali.org -t pdf -l 100 -n 25 -o kalipdf -f kalipdf.html

******************************************************
*     /\/\   ___| |_ __ _  __ _  ___   ___  / _(_) | *
*    /    \ / _ \ __/ _` |/ _` |/ _ \ / _ \| |_| | | *
*   / /\/\ \  __/ || (_| | (_| | (_) | (_) |  _| | | *
*   \/    \/\___|\__\__,_|\__, |\___/ \___/|_| |_|_| *
*                         |___/                      *
* Metagoofil Ver 2.2                                 *
* Christian Martorella                               *
* Edge-Security.com                                  *
* cmartorella_at_edge-security.com                   *
******************************************************
['pdf']

[-] Starting online search...

[-] Searching for pdf files, with a limit of 100
        Searching 100 results...
Results: 21 files found
Starting to download 25 of them:

metagoofil Usage Example 2

metagoofil -d example.com -t doc,pdf -l 20 -n 10 -o ddos -f example.html

This is one other way of Information Gathering using the available documents in the Domain that we specify . Hope you all have enjoyed Metagoofil Tutorial by Hackingloops.

Bettercap : MITM Framework for Penetration Testers

Man in the Middle attacks are very common while penetration testing and opens path for a variety of other network based attacks namely Password Sniffing , SSL strip and lots of more . Well we have a new framework for MITM Testing called BETTERCAP . Easy to integrate in Ubuntu or Kali (or whatever you use as your penetration testing Linux Distro) Bettercap comes with a lot of Extensible features. This is a Tutorial on the capabilities of Bettercap and How to effectively use Bettercap .

What is Bettercap?

BetterCAP is a powerful MITM Framework, open-source tool to perform various types of Man-In-The-Middle attacks against the network, manipulate HTTP and HTTPS traffic in realtime and much more. There are a lot of Extensible Features in Bettercap most important of which are listed here   :

Some of the main features include:

• Full and half duplex ARP spoofing.
• The first real ICMP DoubleDirect spoofing implementation.
• Configurable DNS spoofing.
• Realtime and completely automatized host discovery.
• Realtime credentials harvesting for protocols such as HTTP(S) POSTed data, Basic and Digest Authentications, FTP, IRC, POP, IMAP, SMTP, NTLM ( HTTP, SMB, LDAP, etc ) and more.
• Fully customizable network sniffer.
• Modular HTTP and HTTPS transparent proxies with support for user plugins + builtin plugins to inject custom HTML code, JS or CSS files and URLs.
• SSLStripping.
• Builtin HTTP server.
• MITM Framework

Why don’t I simply use ettercap instead?

• Ettercap filters do not work most of the times, are outdated and hard to implement due to the specific language they’re implemented in.
• Ettercap is freaking unstable on big networks … try to launch the host discovery on a bigger network rather than the usual /24 ;)
• Unless you’re a C/C++ developer, you can’t easily extend ettercap or make your own module.
• Ettercap’s ICMP spoofing is completely useless.
• Ettercap does not provide a builtin and modular HTTP(S) transparent proxy.
• Ettercap does not provide a smart and fully customizable credentials sniffer.

Here is the official Documentation link to Bettercap – https://bettercap.org/docs/

Installation

Before we get to installing the actual bettercap package, we’re going to want to resolve all of the dependencies using aptitude. the following dependencies are required in order to run bettercap:

• build-essential
• ruby-dev
• libpcap-dev

Code:

sudo apt-get install build-essential ruby-dev libpcap-dev

Once your dependencies have finished downloading and installing, let’s install bettercap using the ruby package manager.

Code:

sudo gem install bettercap

This is all you need to get started with the Bettercap MITM Framework toolkit .

A simple Credential stealing attack can be done using the following command :

sudo bettercap -X --custom-parser "password" -T 192.168.100.101

The -X parameter is what enables the sniffer, while the –custom-parser parameter allows the user to pass an argument to match a specific regular expression within the captured packets. this is what makes Bettercap’s sniffer so useful.

-T option is for the Target .

#Purely for educational purposes . Penetration testing without Authorization is Illegal . 

Mass Email Attack Kali Tutorial : Kali Linux SET Tutorial

Sending mass emails is not a new concept for the ethical hacking community. Certainly we need to send mass emails during phishing tests. While phishing, penetration testers often need to send bulk emails to the employees of the organization who requested the penetration test.
There are many software options available for bulk mail sending but the best tool on the market is already present in our favorite penetration testing OS : KALI Linux

In this post I will be sending mass emails using Kali Linux and SET (Social Engineering Toolkit)

To begin the mass email attack, we first need a list of email addresses, either one that we’ve compiled or one supplied to us by the organization we are conducting the penetration test for.
If you don’t have an email list, please refer to this link to view my tutorial on Email Harvesting : Click Here

For this tutorial we will be using email list file: email_list.txt

Now I will open Social Engineering Toolkit, SET:
Simply open the terminal and type:

se-toolkit

And SET opens Up

SET-Mass-mailer-compressed

Select Social Engineering Attacks, Option 1

Option 1 : Social-Engineering Attacks

SET-compressed

Now as we need to do a mass email attack, select option 5.

Option 5 : Mass Mailer Attack

For this tutorial, we’re dealing with a group of emails, rather than a single email address, so select Option 2. Option 1 might be useful for spear-phish attacks.

Option 2 : Email Attack Mass Mailer

Now you need to define the path to the email list. For us, this is email_list.txt. Just add the file-name with the path.
The easiest way is to drag and drop the email_list.txt file into the terminal.

Now select Option 1 as we will be using a Gmail account for sending the mass emails. If you have a self-email / SMTP server feel free to explore the other options.

Option 1 : Use a Gmail account for email attack

Enter the Gmail address you want the mass attack sent from. The email address and password must be correct.

Next, enter the name that you want the email recipients to see in their Inbox. This is the name that will flash first in front of your victim. Pay specific attention to this field , as this where the actual social engineering takes place.
This could be “Admin” in case of a spear-phish attack.

Now the SET will ask you to enter the password for the email account.
After entering the password, you have the option to specify this message as high priority. Sometimes this may be effective, but it could also make the victim suspicious, so we suggest using this option only when it suits your needs.
Screenshot
Now SET will ask you to enter the subject of the email .
Enter the subject of the email
Now the SET will ask you if you want the body of the message to be HTML or Plain Text .
P for plain text or H for html

Enter the body text

Enter the body of the email here . If you chose HTML message then add the HTML tags as well .
Enter Control+C to send the email .
Enter to go back to the main menu

This is how hackers perform mass email attack.

#Purely for educational purposes. Penetration testing without authorization is illegal .