KEMBAR78
Linux Setup for Hackers | PDF | Booting | Computer Science
0% found this document useful (0 votes)
147 views25 pages

Linux Setup for Hackers

This document provides instructions for setting up a Linux system focused on hacking and security tools. It begins by explaining how to create a bootable Live USB of Lubuntu using Rufus. It then describes how to boot into the Live USB and install Lubuntu permanently. Next, it outlines steps to secure the host system, such as updating packages, protecting shared memory, and restricting access to the home directory. The document proceeds to provide tutorials for installing and using several security tools, including John the Ripper for password cracking, Nmap for network scanning, and Wireshark for packet analysis.

Uploaded by

Osvaldo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
147 views25 pages

Linux Setup for Hackers

This document provides instructions for setting up a Linux system focused on hacking and security tools. It begins by explaining how to create a bootable Live USB of Lubuntu using Rufus. It then describes how to boot into the Live USB and install Lubuntu permanently. Next, it outlines steps to secure the host system, such as updating packages, protecting shared memory, and restricting access to the home directory. The document proceeds to provide tutorials for installing and using several security tools, including John the Ripper for password cracking, Nmap for network scanning, and Wireshark for packet analysis.

Uploaded by

Osvaldo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 25

[Hack+OS] 1

[HACK+OS]
Setting up a hack focused Linux system

xmpp: znnk@xabber.de
email: znnk@tuta.io
www.znnk.gq
[Hack+OS] 2

INDEX
SETUP
I Making a Live USB 3
II Booting into Lubuntu 4
III Installing Lubuntu 5
IV Securing your Host 6
Software
V John the Ripper 7
VI Nmap 8
Vii CHKROOTKIT 13
VII WireShark 14
VIII AirCrack-NG 15
IX HYDRA 22
X Metasploit Framework 23
[Hack+OS] 3

Making a Live USB


You will need:
• A computer or vm running windows/MAC
• RUFUS
• a usb stick (1.5gb at least)

Before we can do anything, we need an operating system. I recommend Lubuntu, It’s


lightweight, fast and supported by bug fixes and security patches. To install Lubuntu to a
live USB, download Rufus [link] onto a Windows machine or VM aswell as either a 32-
bit or 64-bit ISO [link].

1. Open Rufus with elevated privileges, by default it’ll appear blank until you
connect a USB stick.
2. Now connect your USB to your computer, the fields in Rufus should populate
and this indicates that Rufus is ready for an ISO.
3. Select the highlighted icon as shown below and browse to the Lubuntu ISO
you downloaded earlier. If the ISO you have selected is too large for your USB
stick you will get the error “The image is too big for the selected target”.

4. If your USB has enough capacity for the ISO then Rufus will proceed to tell you
that any data or partitions on the USB will be destroyed. This is permanent.
Backup anything from the USB that you might want to keep and when you’re
ready, push OK.
Rufus may give you some additional warnings about necessary files for download, if it
does, allow Rufus to download them and it will proceed to install Lubuntu to your USB.
Once Rufus has finished and says “READY” again, you are done and your USB contains
a bootable Lubuntu operating system.
[Hack+OS] 4

Booting into Lubuntu


Now you have a bootable Lubuntu USB stick, you’ll need to boot into it to run the
installer. The steps below will show you how to do so.
1. Restart your computer or VM and wait for your motherboard logo or bootup
logo to show up (DELL, Foxconn, VAIO, etc.) and when it does, look for text like
“Press F12 to choose boot device”. Most computers have different keys for this
function but once you know which it is, push that key. If you’ve never done this
before and your computer boots quickly, this may take a few tries (Ctrl+Alt+Del
to perform a quick reboot if you miss your chance).
2. Give it a moment to proceed through the boot process and it will eventually
show you a menu. Select the “USB Memory” option (or similar).

3. Lubuntu will now boot. You’ll see a lot of text and if this is your first time seeing
a Linux system, do not panic, this is normal. Leave your computer to boot until
you are logged into the test Lubuntu account. If you’re not logged in and instead
see a black and white menu: Choose your language, ensure that “Try Lubuntu
without Installing” is selected and hit Enter.
[Hack+OS] 5

INSTALLING LUBUNTU
If you’ve had enough playing around with the USB trial of Lubuntu, you should proceed
to installing it to your HDD.
1. There is an icon on your desktop where you can start the installation. On the
first screen, select your language and hit Continue.
2. On this screen, if you choose to Download updates and Install the third party
software, your installation process will take considerably longer (depending on
your internet connection). However, you should install all updates anyway and
there is no reason why you should not do so now. Select your options and
continue.
3. On the third screen you will be presented with a few options. Please read very
carefully before proceeding as not correctly following procedure may result in
permanent loss of data.
VERY IMPORTANT: If you are going to hit Install Now while you are on the above screen, you are
going to install Lubuntu's Boot Loader (GRUB2) to the MBR of your HDD which is sda. By performing
this action, you are overwriting your MBR (sda) and all its contents. This may lead to some un-
bootable systems, other systems which are installed in your machine. If you have a machine that
has multiple disks and you want to install a bootloader to an internal disk other than sda please
select something else but be careful not to install the bootloader on you usb drive as then you will
be unable to boot once you take the usb drive out.

Please be advised that you can leave everything as it's like the above screen (install
Lubuntu's Boot Loader to the MBR of your HDD) ONLY if you want Lubuntu to take care of
the whole booting process in your machine.

4. When Prompted, click your country of residence on the map and type in the
name of your City and click Continue.
5. When Prompted, select your keyboard layout and click Continue.
6. On this page you are presented with the opportunity to create an alias for
yourself. I advise that you make one now and do not tie this alias to yourself in
any way at all. Do not post it anywhere. Do your absolute best to keep it between
yourself and fellow hackers. The purpose of an alias is to mask the identity of the
holder. It’d be redundant if you were to post it everywhere! Fill in the details on
this page, ensuring that the data is unique.
7. If you are given the chance to import accounts, don’t. Just skip to the next step.
8. Now let the slideshow run through. Even though it looks like it’s doing nothing,
Lubuntu is installing. All you have to do now is wait!
9. As soon as the sideshow closes, reboot your computer. Lubuntu should now be
installed on your HDD.
[Hack+OS] 6

Securing your Host


The majority of this section involves editing core Lubuntu configuration files and you will
need elevated privileges (root user) most of the time. Follow the steps below to tighten
the security of your system.

1. Update and Upgrade your system


Open a terminal (Ctrl + Alt + t) and execute the following commands.

sudo apt-get update


sudo apt-get upgrade

You should only need to do this if you chose not to update while installing earlier
in the guide. However, it can’t hurt to do it again.

2. Protect your shared memory space


Execute the following command:

sudoedit /etc/fstab

And add the following line to the end of the file:

None /run/shm tmpfs rw,noexec,nosuid,nodev 0 0

By default, the shared memory space (/run/shm) is mounted read/write, with the
ability to execute programs. This has been noted in the security community as
vulnerable, with many exploits available where “/run/shm” is used while attacking
running services.

3. Secure your home directory


Your home directory, by default, can be accessed by every other user on the
system. So if you have a guest account, your guest user can open your home
directory and browse through all your personal files and documents. With this
step, your home directory will be unreadable by other users. Open a terminal and
enter the following command (Note: replace “username” with your user account
name).

chmod 0700 /home/username


[Hack+OS] 7

John the ripper


John the Ripper is a fast password cracker with the primary purpose of detecting weak
Unix passwords. Besides several crypt(3) password hash types most commonly found on
various Unix systems, supported out of the box are Windows LM hashes, plus lots of
other hashes and ciphers in the community-enhanced version.

1. Installation

Installing John the Ripper on Lubuntu is very simple. Execute the following
command in a terminal.

sudo apt-get install john

2. Tutorial

Welcome to the John the Ripper basics


tutorial. You can run a test “rip” with John to
get some idea of your benchmark
capabilities by executing the following in a
terminal.

/usr/sbin/john --test

Now, let's create a text file in password format (<user>:<hash>) with a valid
hash, of course, and get John to work. You can simply copy a user from
/etc/shadow, but we recommend something simpler, because we presume you
want to see the results as fast as you can. So create a file named password.txt
somewhere inside your /home and put this in it:

myuser:AZ1.zWwxIh15Q

Save the file and feed it to John (no args):

/usr/sbin/john password.txt

Please note: Password cracking is a Long and CPU-Intensive process. So


depending on your system, this could take quite a while. Days in some cases.
[Hack+OS] 8

Nmap
Nmap ("Network Mapper") is a free and open source (license) utility for network
discovery and security auditing. Many systems and network administrators also find it
useful for tasks such as network inventory, managing service upgrade schedules, and
monitoring host or service uptime.

1. Installation

Installing nmap on Lubuntu is very simple. Execute the following command in a


terminal.

sudo apt-get install nmap

2. Basic use

First of all, you’ll want to scan your target for an operating system. To do so,
execute the following command in a terminal.

nmap -O target.host.com

Note that nmap requires root privileges to run this type of scan and may take a
minute or so. When it finishes, you’ll see something like this:

Starting Nmap 5.21 ( http://nmap.org ) at 2010-02-27 23:52 EST


Nmap scan report for 10.0.0.1
Host is up (0.0015s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
53/tcp open domain
5009/tcp open airport-admin
10000/tcp open snet-sensor-mgmt
MAC Address: 00:11:24:6B:43:E2 (Apple Computer)
Device type: WAP|printer
Running: Apple embedded, Canon embedded, Kyocera embedded, Xerox embedded
OS details: VxWorks: Apple AirPort Extreme v5.7 or AirPort Express v6.3;
Canon imageRUNNER printer (5055, C3045, C3380, or C5185); Kyocera FS-
4020DN printer; or Xerox Phaser 8860MFP printer
Network Distance: 1 hop

OS detection performed. Please report any incorrect results at


http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 10.21 seconds
[Hack+OS] 9

As you can see, Nmap provides a lot of data. Here it takes a guess at the
operating system that might be running on the system. I ran this particular scan
against an Apple Airport Extreme router. As an added bonus, Nmap tells me that
the device is one hop away, the MAC address of the device and manufacturer of
the NIC, the open ports, and how long the scan took.
Here's the result of another scan, against a desktop machine running Ubuntu
9.10:

Starting Nmap 5.21 ( http://nmap.org ) at 2010-02-28 00:00 EST


Nmap scan report for 10.0.0.6
Host is up (0.0039s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 00:17:08:2A:D6:F0 (Hewlett Packard)
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.19 - 2.6.31
Network Distance: 1 hop

OS detection performed. Please report any incorrect results at


http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 3.40 seconds

3. Multiple Hosts
If you need to scan multiple hosts you can specify a range like 10.0.0.1-6 or a
range like 10.0.0.0/24. The 10.0.0.1-6 would scan hosts 10.0.0.1, 10.0.0.2,
10.0.0.3 through 10.0.0.6. Using the /24 notation would scan the whole range of
hosts from 10.0.0.0 to 10.0.0.255. For example, to scan 10.0.0.1 through
10.0.0.42 to learn what OS they might be running I'd use:

nmap -O 10.0.0.1-42

If you have hostnames instead of IP addresses, you can separate them with a
space on the command line, like so:

nmap -O host1.target.com host2.target.com


[Hack+OS] 10

4. Checking Open Ports


If you give Nmap no options at all and just point it at a given host it will scan for
open ports and report back those that are open, and what service is running on
them. For instance, running nmap target.hostname.com might yield
something like this:

Interesting ports on target.hostname.com (10.0.0.88):


Not shown: 1711 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
3306/tcp open mysql

Here you can see that there are three ports open: 22, 80, and 3306 which run
SSH, HTTP, and MySQL respectively. Nmap recognizes six states: open, closed,
filtered, unfiltered, open|filtered, and closed|filtered. These are mostly self-
explanatory. See the Nmap docs for more on these states. If Nmap can tell what
service is running, it will report it under the SERVICE column.
If you'd like a little more information, crank it up a notch by adding one or two -v
options to the command. For example, using nmap -vv host.target.com would
produce something like this:

Initiating Ping Scan at 11:44


Scanning 10.0.0.28 [1 port]
Completed Ping Scan at 11:44, 0.00s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 11:44
Completed Parallel DNS resolution of 1 host. at 11:44, 0.00s elapsed
Initiating Connect Scan at 11:44
Scanning host.target.com (10.0.0.28) [1714 ports]
Discovered open port 22/tcp on 10.0.0.28
Discovered open port 80/tcp on 10.0.0.28
Discovered open port 3306/tcp on 10.0.0.28
Completed Connect Scan at 11:44, 0.08s elapsed (1714 total ports)
Host host.target.com (10.0.0.28) appears to be up ... good.
Interesting ports on host.target.com (10.0.0.28):
Not shown: 1711 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
3306/tcp open mysql

Read data files from: /usr/share/nmap


Nmap done: 1 IP address (1 host up) scanned in 0.104 seconds
[Hack+OS] 11

5. Service scans
If you're really curious about what services a host might be running, try the -sV
options. This will do a more aggressive scan to try to figure out what versions of
services are running on a given host, and also might help determine more
specifically what OS a host is running. For instance, I ran nmap -sV against a test
server and got this in response:

Nmap scan report for test.host.net (XX.XXX.XXX.XX)


Host is up (0.090s latency).
Not shown: 965 closed ports, 33 filtered ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu1.2 (protocol 2.0)
80/tcp open http Apache httpd 2.2.8 ((Ubuntu) PHP/5.2.4-2ubuntu5.10
with Suhosin-Patch)
Service Info: OS: Linux

Service detection performed. Please report any incorrect results at


http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 11.43 seconds

As you can see, Nmap can "fingerprint" the packets and identify the versions of
the software running on the SSH and HTTP ports. Here you can see that the
system being pinged is a Ubuntu box with Apache 2.2.8 and OpenSSH 4.7p1. This
can be useful for a number of reasons. A quick Nmap scan can identify systems
that are running unpatched systems and therefore ones that might be vulnerable
to known exploits.

6. What’s on My Network?
Not quite sure what might be running on your network? Try using nmap -sP,
which will run a ping scan on the specified network. For instance, nmap -sP
10.0.0.0/24 will scan the 256 hosts from 10.0.0.0 through 10.0.0.255 to see if
they're available, and report back. You can also use a range, such as nmap -sP
10.0.0.1-15.
[Hack+OS] 12

7. Zenmap
Finally, if all this command line fun is not your bag, Nmap has a GUI that you can
use to build and execute commands. Called Zenmap, the GUI will let you specify
targets, run scans, display the results and even save and compare them against
one another.
When you open Zenmap, you can give it a target to scan and select one of the
profile scans to get started. It includes your basic ping scan, quick scans, some
more intense scans that include UDP services, and so forth. The Zenmap GUI is a
good way to get acquainted with Nmap, but it's also a good idea to know how to
use Nmap from the command line if you're going to be working with it often.
In a future tutorial we'll take a more in-depth look at Nmap and specific tasks you
might want to do with Nmap. I hope this overview gave a good sense what Nmap
can do and helps you get started working with Nmap.
[Hack+OS] 13

CHKROOTKIT
chkrootkit is a tool to locally check for signs of a root kit. You should run it regularly.

1. Installation
Installing nmap on Lubuntu is very simple. Execute the following command in a
terminal.

sudo apt-get install chkrootkit

2. BASIC TUTORIAL
To start looking for rootkits with chkrootkit, execute the following command in a
terminal:

sudo chkrootkit

To start looking for rootkits with chkrootkit, execute the following command in a
terminal:

sudo chkrootkit -x | less

You need to specify the path for the external commands used by chkrootkit such
as awk, grep and others. Mount /mnt/safe using nfs in read-only mode and
set /mnt/safe binaries PATH as a trusted one, enter:

sudo chkrootkit -p /mnt/safe


[Hack+OS] 14

WireShark
Wireshark is the world's foremost network protocol analyzer. It lets you see what's
happening on your network at a microscopic level. It is the de facto (and often de jure)
standard across many industries and educational institutions.

1. Installation
1. Open a terminal (Ctrl + Alt + t) and add the wireshark PPA to to your keyring:

sudo add-apt-repository ppa:wireshark-dev/stable

2. Update your repository cache:

sudo apt-get update

3. Download and Install wireshark packages:

sudo apt-get install wireshark

You’ll be taken through a configuration process. The window will go blue and ask
you if super-users can capture packets. Highlight “<yes>” and push Enter.
Wireshark will now complete the installation automatically.

2. Capturing Packets

After downloading and installing Wireshark, you can launch it and click the name
of an interface under Interface List to start capturing packets on that interface.
For example, if you want to capture traffic on the wireless network, click your
wireless interface. You can configure advanced features by clicking Capture
Options, but this isn’t necessary for now.
As soon as you click the interface’s name, you’ll see the packets start to appear
in real time. Wireshark captures each packet sent to or from your system. If
you’re capturing on a wireless interface and have promiscuous mode enabled in
your capture options, you’ll also see other the other packets on the network.
Click the stop capture button near the top left corner of the window when you
want to stop capturing traffic.
[Hack+OS] 15

3. Color Coding
You’ll probably see packets highlighted in green, blue, and black. Wireshark uses
colors to help you identify the types of traffic at a glance. By default, green is TCP
traffic, dark blue is DNS traffic, light blue is UDP traffic, and black identifies TCP
packets with problems — for example, they could have been delivered out-of-
order.

4. Sample Captures
If there’s nothing interesting on your own network to inspect, Wireshark’s wiki has
you covered. The wiki contains a page of sample capture files that you can
load and inspect.
Opening a capture file is easy; just click Open on the main screen and browse for
a file. You can also save your own captures in Wireshark and open them later.

5. Filtering Packets
If you’re trying to inspect something specific, such as the traffic a program sends
when phoning home, it helps to close down all other applications using the
network so you can narrow down the traffic. Still, you’ll likely have a large amount
of packets to sift through. That’s where Wireshark’s filters come in.
The most basic way to apply a filter is by typing it into the filter box at the top of
the window and clicking Apply (or pressing Enter). For example, type “dns” and
you’ll see only DNS packets. When you start typing, Wireshark will help you auto-
complete your filter.
You can also click the Analyze menu and select Display Filters to create a new
filter.
Another interesting thing you can do is right-click a packet and select Follow TCP
Stream. You’ll see the full conversation between the client and the server. Close
the window and you’ll find a filter has been applied automatically — Wireshark is
showing you the packets that make up the conversation.
[Hack+OS] 16

6. Inspecting Packets
Click a packet to select it and you can dig down to view its details. You can also
create filters from here — just right-click one of the details and use the Apply as
Filter sub-menu to create a filter based on it.

7. Final Note
Wireshark is an extremely powerful tool, and this tutorial is just scratching the
surface of what you can do with it. Professionals use it to debug network protocol
implementations, examine security problems and inspect network protocol
internals.
[Hack+OS] 17

AIRCRACK-NG
Aircrack-ng is a network software suite consisting of a detector, packet sniffer, WEP
and WPA/WPA2-PSK cracker and analysis tool for 802.11 wireless LANs. It works with any
wireless network interface controller whose driver supports raw monitoring mode and
can sniff 802.11a, 802.11b and 802.11g traffic. The program runs under Linux, FreeBSD,
OS X, OpenBSD, and Windows; the Linux version is packaged for OpenWrt and has also
been ported to the Android, Zaurus and Maemo platforms; and a proof of concept port
has been made to the iPhone.

1. Installation
Installing aircrack-ng on Lubuntu is very simple. Execute the following command
in a terminal.

sudo apt-get install aircrack-ng

2. IWCONFIG
Before getting started, we must first ensure that your version of linux recognizes
your Wireless adapter. You can do so by executing the following command in a
terminal (Ctrl + Alt + t):

iwconfig

If your wireless adapter is recognized, you’ll be presented with it’s information. If


you’re connected to a wireless network it will also show it’s ESSID and Mac
Address.

3. airmon-ng
The first tool we will look at and need in nearly ever WiFi hack is airmon-ng,
which converts our wireless card into a promiscuous mode wireless card. Yes, that
means that our wireless card will hookup with anyone!
Well, that's almost correct. When our network card is in promiscuous mode, it
means that it can see and receive all network traffic. Generally, network cards will
only receive packets intended for them (as determined by the MAC address of the
NIC), but with airmon-ng, it will receive all wireless traffic intended for us or not.
[Hack+OS] 18

We can start this tool by typing airmon-ng, the action (start/stop), and then the
interface (replace wlan1 with the name of your wireless adapter):

Airmon-ng start wlan1

Airmon-ng responds with some key information on our wireless adapter including
the chipset and driver. Most importantly, note that it has changed the designation
for our wireless adapter from wlan1 to mon0.

4. airodump-ng
The next tool in the aircrack-ng suite that we will need is airodump-ng, which
enables us to capture packets of our specification. It's particularly useful in
password cracking.
We activate this tool by typing the airodump-ng command and the renamed
monitor interface (mon0):

Airodump-ng mon0

airodump-ng displays all of the APs (access points) within range with their BSSID
(MAC address), their power, the number of beacon frames, the number of data
packets, the channel, the speed, the encryption method, the type of cipher used,
the authentication method used, and finally, the ESSID.
For our purposes of hacking WiFi, the most important fields will be the BSSID and
the channel. Write these down somewhere.

5. aircrack-ng
Aircrack-ng is the primary application with the aircrack-ng suite, which is used
for password cracking. It's capable of using statistical techniques to crack WEP
and dictionary cracks for WPA and WPA2 after capturing the WPA handshake.
[Hack+OS] 19

6. aireplay-ng
The next tool in the aircrack-ng suite that we will need is airodump-ng, which
enables us to capture packets of our specification. It's particularly useful in
password cracking.
We activate this tool by typing the airodump-ng command and the renamed
monitor interface (mon0):

Airodump-ng mon0

Aireplay-ng is another powerful tool in our aircrack-ng arsenal, and it can be


used to generate or accelerate traffic on the AP. This can be especially useful in
attacks like a deauth attack that bumps everyone off the access point, WEP and
WPA2 password attacks, as well as ARP injection and replay attacks.
Aireplay-ng can obtain packets from two sources:
• A live stream of packets, or

• A pre-captured pcap file.

The pcap file is the standard file type associated with packet capture tools like
libpcap and winpcap. If you've ever used Wireshark, you've most likely worked
with pcap files. The following screenshots are from aireplay-ng –help.

We can see in the screenshot above of the first half of the aireplay-ng help
screen, that aireplay can filter by the BSSID of the access point, the MAC address
of either source or destination, the minimum and maximum packet length, etc.
[Hack+OS] 20

If we scroll down the help screen, we can see some of the attack options using
aireplay-ng:

These include deauth, fake deauth, interactive, arpreplay (necessary for fast WEP
cracking), chopchop (a form of statistical technique for WEP packet decrypting
without cracking the password), fragment, caffe latte (attacking the client side),
and others.
These four tools in the aircrack-ng suite are our Wi-Fi hacking work horses. We'll
use each of these in nearly every Wi-Fi hack. Some of our more hack-specific tools
include airdecap-ng, airtun-ng, airolib-ng and airbase-ng. Let's take a brief look at
each of these.

7. airDecap-ng
Airdecap-ng enables us to decrypt wireless traffic once we have cracked the key.
In other words, once we have the key on the wireless access point, not only can
we use the bandwidth on the access point, but with airdecap-ng we can decrypt
everyone's traffic on the AP and watch everything they're doing (the key is used
for both access and for encryption).
[Hack+OS] 21

8. airTun-ng
Airtun-ng is a virtual tunnel interface creator. We can use airtun-ng to set up an
IDS on the wireless traffic to detect malicious or other traffic on the wireless
access point. So, if we're looking to get an alert of a particular type of traffic (see
my tutorial on creating a PRISM-like spy tool), we can use airtun-ng to set up a
virtual tunnel that connects to an IDS like Snort to send us alerts.

9. airolib-ng
Airolib-ng stores or manages ESSID's (the name of the access point) and
password lists that will help speed up WPA/WPA2 password cracking.

10. airbase-ng
Airbase-ng enables us to turn our laptop and wireless card into an AP. This can
be especially useful when doing a rogue access point or evil twin attacks.
Basically, airbase-ng allows us to attack the clients, rather than the AP, and
encourages the clients to associate with us rather than the real AP.
[Hack+OS] 22

HYDRA
When you need to brute force crack a remote authentication service, Hydra is often the
tool of choice. It can perform rapid dictionary attacks against more than 50 protocols,
including telnet, ftp, http, https, smb, several databases, and much more.

1. Installing HYDRA 7.5

As Hydra 7.5 is in the Official Ubuntu Repository, It’s one line to install:

sudo apt-get install hydra hydra-gtk

2. Installing HYDRA 8.0

Hydra 8.0 is not in the Official Ubuntu Repository so you need to add the
Launchpad repository to your cache, and install it from there:

Sudo add-apt-repository ppa:pi-rho/security


sudo apt-get update
sudo apt-get install hydra
[Hack+OS] 23

Metasploit frame.wk
Knowing the adversary's moves helps you better prepare your defenses. Metasploit,
backed by a community of 200,000 users and contributors, gives you that insight. It's
the most impactful penetration testing solution on the planet. With it, uncover
weaknesses in your defenses, focus on the highest risks, and improve your security
outcomes.

1. Installing MetaSploit

1. Open a terminal (Ctrl + Alt + t)


2. Download the installer:
64bit

wget http://downloads.metasploit.com/data/releases/metasploit-
latest-linux-x64-installer.run

32bit

wget http://downloads.metasploit.com/data/releases/metasploit-
latest-linux-installer.run

3. Change the mode of installer to be executive:

64bit

chmod +x /path/to/metasploit-latest-linux-x64-installer.run

32bit

chmod +x /path/to/metasploit-latest-linux-installer.run
[Hack+OS] 24

4. Execute one of the following to start the installer:


64bit

sudo /path/to/metasploit-latest-linux-x64-installer.run

32bit

sudo /path/to/metasploit-latest-linux-installer.run

5. When the setup window appears, click Forward to start the installation process.
6. Accept the license agreement and click Forward.
7. Choose an installation folder and click Forward.
8. Select Yes to register Metasploit as a service (recommended). Click Forward to
continue.
9. When the Disable Anti-virus and Firewall window appears, verify that your
machine does not have anti-virus software or firewall applications running. When
done, click Forward.
10. Enter the port number that you want the Metasploit service to use. The
default port is 3790. After entering it, click Forward to continue.
11. Enter the server name that will be used to generate the SSL certificate. Also
enter the number of days that you want the SSL certificate to remain valid.
12. Click Forward to continue.
13. The Metasploit installation begins.

Once the installation is complete, a window appears and prompts you to launch
the Metasploit Web UI. Here, you should go to https://localhost:3790 to launch the
Metasploit Web UI to create a user account and to activate your Metasploit license
key.
[Hack+OS] 25

Sources
[+] Rufus [+] Lubuntu support
[+] TechRepublic [+] MakeTechEasier
[+] Linux BEginners [+] Cyberciti
[+] howtogeek [+] sourcedigit

You might also like