CINXE.COM

<!DOCTYPE html> <html class='v2' dir='ltr' xmlns='http://www.w3.org/1999/xhtml' xmlns:b='http://www.google.com/2005/gml/b' xmlns:data='http://www.google.com/2005/gml/data' xmlns:expr='http://www.google.com/2005/gml/expr' xmlns:og='http://ogp.me/ns#'> <head> <link href='https://www.blogger.com/static/v1/widgets/3566091532-css_bundle_v2.css' rel='stylesheet' type='text/css'/> <script async='async' crossorigin='anonymous' src='https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3637532869445404'></script> <script> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','https://www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-51924648-1', 'auto'); ga('send', 'pageview'); </script> <meta content='width=device-width,initial-scale=1,minimum-scale=1,maximum-scale=1' name='viewport'/> <meta content='text/html;charset=UTF-8' http-equiv='Content-Type'/> <meta content='IE=edge,chrome=1' http-equiv='X-UA-Compatible'/> <meta content='text/html; charset=UTF-8' http-equiv='Content-Type'/> <meta content='blogger' name='generator'/> <link href='https://www.kalitutorials.net/favicon.ico' rel='icon' type='image/x-icon'/> <link href='https://www.kalitutorials.net/' rel='canonical'/> <link rel="alternate" type="application/atom+xml" title="Kali Linux Hacking Tutorials - Atom" href="https://www.kalitutorials.net/feeds/posts/default" /> <link rel="alternate" type="application/rss+xml" title="Kali Linux Hacking Tutorials - RSS" href="https://www.kalitutorials.net/feeds/posts/default?alt=rss" /> <link rel="service.post" type="application/atom+xml" title="Kali Linux Hacking Tutorials - Atom" href="https://www.blogger.com/feeds/1987100455892845792/posts/default" /> <link rel="me" href="https://www.blogger.com/profile/13202927467352106867" />  <meta content='https://www.kalitutorials.net/' property='og:url'/> <meta content='Kali Linux Hacking Tutorials' property='og:title'/> <meta content='Kali Linux Hacking Tutorials on Wireless, Penetration Testing, Facebook, Social Engineering, Denial of Service, SQL Injection and Windows hacking.' property='og:description'/> <title> Kali Linux Hacking Tutorials </title> <meta content='Kali Linux Hacking Tutorials' property='og:site_name'/> <meta content='https://www.kalitutorials.net/' name='twitter:domain'/> <meta content='' name='twitter:title'/> <meta content='summary' name='twitter:card'/> <meta content='' name='twitter:title'/>  <meta content='Facebook App ID here' property='fb:app_id'/> <meta content='Facebook Admin ID here' property='fb:admins'/> <meta content='@username' name='twitter:site'/> <meta content='@username' name='twitter:creator'/> <script src='//ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js'></script> <style id='page-skin-1' type='text/css'></style> <style id='template-skin-1' type='text/css'></style> <script type='text/javascript'> //<![CDATA[ //Post Thumbnail Setting var soratemplatesSummary = { displayimages: false, imagePosition: 'left', Widthimg: 0, Heightimg: 0, noThumb: 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEieLONgFDNHK8yvnSrVQGUVW1lVqqMYo-ku8lSxuK758Lq3zXOBQLkPyHT0cu_hXUHmyQ859RpJCu-P6bFLIlxXFGopSsYI531X3Sxd4v0qBo9FPEytZzcg_FVM7YKpqBuxYHlCwiw4tvM/s1600/no-thumb.jpg', SummaryWords: 35, wordsNoImg: 35, skipper: 0, DisplayHome: true, DisplayLabel: true }; //]]> </script> <script type='text/javascript'> //<![CDATA[ function summary(a){summary.count=summary.count||0,summary.count++;var m=-1==location.href.indexOf("/search/label/")&&-1==location.href.indexOf("/search?"),e=-1!=location.href.indexOf("/search/label/");if(!(summary.count<=soratemplatesSummary.skipper)&&(!m||soratemplatesSummary.DisplayHome)&&(!e||soratemplatesSummary.DisplayLabel)){var t=document.getElementById(a),r=t.getElementsByTagName("img");if(soratemplatesSummary.displayimages){var s='<img width="'+soratemplatesSummary.Widthimg+'" height="'+soratemplatesSummary.Heightimg+'"';if("no"!=soratemplatesSummary.imagePosition){var i="left"==soratemplatesSummary.imagePosition?' style="float:left;\n padding:0 5px 5px 0"':' style="float:right;\n padding:0 0 5px 5px"';s+=i}s+=' src="'+(r.length>0?r[0].src:soratemplatesSummary.noThumb)+'" /><div class="contentos">';var o=summary.strip(t.innerHTML,soratemplatesSummary.SummaryWords)}else var s="",o=summary.strip(t.innerHTML,soratemplatesSummary.wordsNoImg);t.innerHTML="<div id='mcontent'>"+s+o+"</div>"}}summary.strip=function(a,m){return a.replace(/<.*?>/gi,"").split(/\s+/).slice(0,m-1).join(" ")}; //]]> </script> <script type='text/javascript'> //<![CDATA[ $(document).ready(function(){ $('.overlay img, .label_thumb, #carousel ul li img, .related_img').each(function(){ var srcUrl = $(this).attr('src'); $(this).attr('src', srcUrl.replace('default', 'maxresdefault')); }); }); //]]> </script> <script type='text/javascript'> //<![CDATA[ var relatedTitles = new Array(); var relatedTitlesNum = 0; var relatedUrls = new Array(); var thumburl = new Array(); function related_results_labels_thumbs(json) { for (var i = 0; i < json.feed.entry.length; i++) { var entry = json.feed.entry[i]; relatedTitles[relatedTitlesNum] = entry.title.$t; try { thumburl[relatedTitlesNum] = entry.media$thumbnail.url; } catch (error) { s = entry.content.$t; a = s.indexOf("<img"); b = s.indexOf("src=\"", a); c = s.indexOf("\"", b + 5); d = s.substr(b + 5, c - b - 5); if ((a != -1) && (b != -1) && (c != -1) && (d != "")) { thumburl[relatedTitlesNum] = d } else thumburl[relatedTitlesNum] = 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSW3MyJnbT_5NB0t1dKPxtfuTmkoDTBWIKSP_TpnE0GFXR51vOrtXGDr96n32dRIAhveBW0EEKzKk_2vA29xXAju54rt-Qsmi0duKTdEekq9apROyZBYe4qbajubSkno_Yh0oQ7HDqb3M/s1600/picture_not_available.png' } if (relatedTitles[relatedTitlesNum].length > 35) relatedTitles[relatedTitlesNum] = relatedTitles[relatedTitlesNum].substring(0, 35) + "..."; for (var k = 0; k < entry.link.length; k++) { if (entry.link[k].rel == 'alternate') { relatedUrls[relatedTitlesNum] = entry.link[k].href; relatedTitlesNum++ } } } } function removeRelatedDuplicates_thumbs() { var tmp = new Array(0); var tmp2 = new Array(0); var tmp3 = new Array(0); for (var i = 0; i < relatedUrls.length; i++) { if (!contains_thumbs(tmp, relatedUrls[i])) { tmp.length += 1; tmp[tmp.length - 1] = relatedUrls[i]; tmp2.length += 1; tmp3.length += 1; tmp2[tmp2.length - 1] = relatedTitles[i]; tmp3[tmp3.length - 1] = thumburl[i] } } relatedTitles = tmp2; relatedUrls = tmp; thumburl = tmp3 } function contains_thumbs(a, e) { for (var j = 0; j < a.length; j++) if (a[j] == e) return true; return false } function printRelatedLabels_thumbs() { for (var i = 0; i < relatedUrls.length; i++) { if ((relatedUrls[i] == currentposturl) || (!(relatedTitles[i]))) { relatedUrls.splice(i, 1); relatedTitles.splice(i, 1); thumburl.splice(i, 1); i-- } } var r = Math.floor((relatedTitles.length - 1) * Math.random()); var i = 0; if (relatedTitles.length > 0) document.write('<h1>' + relatedpoststitle + '</h1>'); document.write('<div style="clear: both;"/>'); while (i < relatedTitles.length && i < 20 && i < maxresults) { document.write('<a '); if (i != 0) document.write(''); else document.write('"'); document.write(' href="' + relatedUrls[r] + '"><img class="related_img" src="' + thumburl[r].replace('/s72-c/', '/s600/') + '"/><br/><div id="r-title"><h8>' + relatedTitles[r] + '<h8></div></a>'); if (r < relatedTitles.length - 1) { r++ } else { r = 0 } i++ } document.write('</div>'); relatedUrls.splice(0, relatedUrls.length); thumburl.splice(0, thumburl.length); relatedTitles.splice(0, relatedTitles.length) } //]]> </script> <script type='text/javascript'> /*<![CDATA[*/ $(document).ready(function(){ $('.recent-thumb').each(function(){ var srcUrl = $(this).attr('src'); $(this).attr('src', srcUrl.replace('default', 'maxresdefault')); }); $( ".main-wrapper-feature1 ul, .main-wrapper-feature2 ul" ).removeClass( "label_with_thumbs owl-carousel owl-theme" ).addClass( "main-feature-wrap" ); $(".main-feature-wrap .owl-item, .main-feature-wrap .item, .main-feature-wrap .owl-wrapper, .main-feature-wrap li.clearfix").unwrap(); $( ".main-feature-wrap li .slider-con" ).removeClass( "slider-con" ).addClass( "main-feature-con" ); $( ".main-feature-wrap .owl-controls, .main-feature-wrap .thumb-hover" ).remove(); $( ".main-wrapper-feature-tab ul" ).removeClass( "label_with_thumbs owl-carousel owl-theme" ).addClass( "main-feature-wrap-tab" ); $(".main-feature-wrap-tab .owl-item, .main-feature-wrap-tab .item, .main-feature-wrap-tab .owl-wrapper, .main-feature-wrap-tab li.clearfix").unwrap(); $( ".main-feature-wrap-tab li .slider-con" ).removeClass( "slider-con" ).addClass( "main-feature-con-tab" ); $( ".main-feature-wrap-tab .owl-controls, .main-feature-wrap-tab .thumb-hover" ).remove(); }); /*]]>*/ </script> <script type='text/javascript'> //<![CDATA[ //]]> </script> <script type='text/javascript'> //<![CDATA[ /* * Lazy Load - jQuery plugin for lazy loading images * * Copyright (c) 2007-2009 Mika Tuupola * * Licensed under the MIT license: * http://www.opensource.org/licenses/mit-license.php * * Project home: * http://www.appelsiini.net/projects/lazyload * * Version: 1.5.0 * */ (function($) { /* Convenience methods in jQuery namespace. */ /* Use as $.belowthefold(element, {threshold : 100, container : window}) */ $.belowthefold = function(element, settings) { if (settings.container === undefined || settings.container === window) { var fold = $(window).height() + $(window).scrollTop(); } else { var fold = $(settings.container).offset().top + $(settings.container).height(); } return fold <= $(element).offset().top - settings.threshold; }; $.rightoffold = function(element, settings) { if (settings.container === undefined || settings.container === window) { var fold = $(window).width() + $(window).scrollLeft(); } else { var fold = $(settings.container).offset().left + $(settings.container).width(); } return fold <= $(element).offset().left - settings.threshold; }; $.abovethetop = function(element, settings) { if (settings.container === undefined || settings.container === window) { var fold = $(window).scrollTop(); } else { var fold = $(settings.container).offset().top; } return fold >= $(element).offset().top + settings.threshold + $(element).height(); }; $.leftofbegin = function(element, settings) { if (settings.container === undefined || settings.container === window) { var fold = $(window).scrollLeft(); } else { var fold = $(settings.container).offset().left; } return fold >= $(element).offset().left + settings.threshold + $(element).width(); }; /* Custom selectors for your convenience. */ /* Use as $("img:below-the-fold").something() */ $.extend($.expr[':'], { "below-the-fold" : "$.belowthefold(a, {threshold : 0, container: window})", "above-the-fold" : "!$.belowthefold(a, {threshold : 0, container: window})", "right-of-fold" : "$.rightoffold(a, {threshold : 0, container: window})", "left-of-fold" : "!$.rightoffold(a, {threshold : 0, container: window})" }); })(jQuery); //]]> </script> <script async="async" src="//thisiswaldo.com/ad_delivery?site_id=336" type="text/javascript"></script> <link href='https://www.blogger.com/dyn-css/authorization.css?targetBlogID=1987100455892845792&zx=1d0f0e13-ed05-4525-81a3-e35e2b2fc2b3' media='none' onload='if(media!='all')media='all'' rel='stylesheet'/><noscript><link href='https://www.blogger.com/dyn-css/authorization.css?targetBlogID=1987100455892845792&zx=1d0f0e13-ed05-4525-81a3-e35e2b2fc2b3' rel='stylesheet'/></noscript> <meta name='google-adsense-platform-account' content='ca-host-pub-1556223355139109'/> <meta name='google-adsense-platform-domain' content='blogspot.com'/> <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3637532869445404&host=ca-host-pub-1556223355139109" crossorigin="anonymous"></script>  </head>  <script async='async' src='https://www.googletagmanager.com/gtag/js?id=UA-119013127-1'></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'UA-119013127-1'); </script> <body class='index'> <div class='navbar no-items section' id='navbar'> </div> <div id='header-wrapper'> <div id='header-wrappers'> <div class='headerleft' id='logo' itemscope='' itemtype='http://schema.org/WPHeader'> <div class='headerleft section' id='headerleft'><div class='widget Header' data-version='1' id='Header1'> <div id='header-inner'> <a href='https://www.kalitutorials.net/' itemprop='url' style='display: block'><h1 style='display:none;'></h1> <img alt='Kali Linux Hacking Tutorials' height='63px; ' id='Header1_headerimg' src='https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuR699bWkVMdIIp-zLZKvZMHTxsKsb4igBJhhws0AWQGUURpoNNviTeLmmeroQ0kd2L3MYvPL4XVqlzp3n8ltVRx0G3KRSugrHq8tTKOF15Uiw4q4M3Nznv-9-US_gzobpflZSZ7hFbFY/s1600/kalitutorials.png' style='display: block' width='337px; '/> </a> </div> </div></div> </div> <div class='headerright'> <div class='headerright no-items section' id='headerright'></div> </div> </div> </div> <div style='clear: both;'></div> <nav class='row' id='header-navigation'> <div class='nav-wrapper'> <div class='nav-menu'> <div class='header-menu'> <div class='menuBackground'> <ul class='dropDownMenu' id='nav'> <li class='home-child' style=' padding-bottom: 24px !important;'><a href='http://www.kalitutorials.net/'>Home</a></li> <li><a href='#' style='margin-left: -2px;'>Install Kali</a> <ul> <li><a href='http://www.kalitutorials.net/2013/08/kali-linux.html' rel='nofollow'>Really Nice Guide: Must read</a></li> <li><a href='#'>Okayish guides: May not read xD</a> <ul> <li><a href='http://www.kalitutorials.net/2014/02/complete-detailed-guide-on-installing.html' rel='nofollow'>Install Kali in VMWare</a></li> <li><a href='http://www.kalitutorials.net/2013/11/installing-kali-on-hard-disk-using-usb.html' rel='nofollow'>USB Install (Kali Installation is not our speciality, read up multiple website and watch youtube videos for installation. Come back here for hacking tutorials though, because we are good at those)</a></li> <li><a href='http://www.kalitutorials.net/2013/11/installing-kali-dual-booting-kali-with.html' rel='nofollow'>Dual Boot (Kali Installation is not our speciality, and you should refer to many sources to avoid doing a bad install and losing data on your primary OS)</a></li> <li><a href='http://www.kalitutorials.net/2014/02/kali-official-website.html' rel='nofollow'>Kali Resources</a></li> </ul> </li> </ul> </li> <li><a href='#'>Hack With Kali</a> <ul> <li><a href='#'>Wifi Hacking</a> <ul> <li><a href='http://www.kalitutorials.net/2016/08/things-you-should-know-wireless-hacking.html' rel='nofollow'>Wireless Hacking Basics - Nice theory post you can read whenever you like, posts below should be read in top to bottom order though</a></li> <li><a href='http://www.kalitutorials.net/2013/08/wifi-hacking-wep.html' rel='nofollow'>Hack Your Easy First Wifi -Hack WEP : Naive method</a></li> <li><a href='http://www.kalitutorials.net/2014/03/speeding-up-wep-hacking.html' rel='nofollow'>Hack Your Easy First Wifi Again - Hack WEP : Faster, smarter and more complicated method (ARP replay)</a></li> <li><a href='http://www.kalitutorials.net/2014/04/hack-wpawpa2-wps-reaver-kali-linux.html' rel='nofollow'>Hack Your Tough Second Wifi - Use reaver : Hack WPA 'with WPS'</a></li> <li><a href='http://www.kalitutorials.net/2014/04/wifite-hacking-wifi-easy-way-kali-linux.html' rel='nofollow'>Hack your first two wifis again - Using Wifite : Wireless hacking automation tool</a></li> <li><a href='http://www.kalitutorials.net/2014/06/hack-wpa-2-psk-capturing-handshake.html' rel='nofollow'>Start Hacking Your really really tough third wifi - Capture WPA/WPA2 handshake</a></li> <li><a href='http://www.kalitutorials.net/2015/10/wpawpa-2-cracking-using-dictionary.html' rel='nofollow'>Finish Hacking your really really tough third wifi - Crack WPA/WPA2 with Dictionary Attack</a></li> <li><a href='http://www.kalitutorials.net/2014/07/evil-twin-tutorial.html' rel='nofollow'>Kick users out of their own network and make them connect to your fake one : Evil Twin Attack</a></li> <li><a href='http://www.kalitutorials.net/2016/08/hacking-wpawpa-2-without.html' rel='nofollow'>Cheating your way into hacking that third wifi again - Fluxion : A mix of Evil Twin + Phishing</a></li> </ul> </li> <li><a href='#'>Website Hacking</a> <ul> <li><a href='http://www.kalitutorials.net/2014/03/sql-injection-how-it-works.html' rel='nofollow'>SQL Injection Basics - Quite a short post, would be helpful for the below one - Posts below should be read in top to bottom order</a></li> <li><a href='http://www.kalitutorials.net/2014/03/hacking-websites-using-sql-injection.html' rel='nofollow'>Hacking Your First Easy Website - Manual SQL Injection (Kali Linux not required, just a browser)</a></li> <li><a href='http://www.kalitutorials.net/2014/03/hacking-website-with-sqlmap-in-kali.html' rel='nofollow'>Hacking Your First Easy Website Again - This time using SqlMap tool (Kali required)</a></li> <li><a href='http://www.kalitutorials.net/2015/02/sql-injection-intermediate-level.html' rel='nofollow'>Blind SQLi (just below) is a bit complicated, so this post has some boring but useful theory</a></li> <li><a href='http://www.kalitutorials.net/2015/02/blind-sql-injection.html' rel='nofollow'>Hacking Your tough second website : Blind SQL Injection (attack is as dope as it's name)</a></li> <li><a href='http://www.kalitutorials.net/2016/09/sqlmap-with-tor-for-anonymity.html '>Bonus : Use TOR to obscure your identity while using SQLMap</a></li> <li><a href='http://www.kalitutorials.net/2014/03/denial-of-service-attacks-explained-for.html' rel='nofollow'>A very nice and useful tutorial with no hacking but amazing explanation about DOS attacks</a></li> <li><a href='http://www.kalitutorials.net/2014/04/denial-of-service-methods-icmp-syn.html' rel='nofollow'>A nice (but not very nice) tutorial about some specifics of DOS attacks</a></li> </ul> </li> <li><a href='#'>Penetration Testing</a> <ul> <li><a href='http://www.kalitutorials.net/2014/02/penetration-testing-hacking-xp.html' rel='nofollow'>Hacking Your First Easy OS - Unpatched Windows XP</a></li> <li><a href='http://www.kalitutorials.net/2014/02/penetration-testing-hacking-windows-with-metasploit.html' rel='nofollow'>Having fun after hacking your first easy OS - Lot of stuff one can do once they are in, some things covered in the tutorial</a></li> <li><a href='http://www.kalitutorials.net/2014/04/penetration-testing-crash-windows-7.html' rel='nofollow'>Crashing (not hacking) Your Not-so-easy Second OS - Windows 7</a></li> <li><a href='http://www.kalitutorials.net/2014/04/hacking-windows-totally-own-it.html' rel='nofollow'>Hacking your first easy OS again : Hollywood Style Hack this time</a></li> <li><a href='http://www.kalitutorials.net/2014/06/add-new-exploits-to-metasploit-from.html' rel='nofollow'>A little detour from the script kiddie route: Let's get ourselves some new exploits from Exploit-DB:) </a></li> <li><a href='http://www.kalitutorials.net/2016/01/metasploit-for-future-hackers-msfvenom.html' rel='nofollow'>Hacking Your third OS - Android (also, meet a new friend, msfvenon)</a></li> <li><a href='http://www.kalitutorials.net/2014/05/java-signed-applet-hack-windows-8-java.html' rel='nofollow'>Hacking (or at least trying to hack) Your fourth OS - Windows 8 : Using vulnerability present in Java</a></li> <li><a href='http://www.kalitutorials.net/2014/05/metasploitable-2-linux-most-vulnerable.html' rel='nofollow'>Intro to your fifth OS - Metasploitable 2 : This was literally made to be hacked</a></li> <li><a href='http://www.kalitutorials.net/2014/05/metasploitable-2-vulnerability.html' rel='nofollow'>Hacking Your fifth OS - Metasploitable 2 : I cover a few vulnerabilites in the OS, after that you should explore further yourself</a></li> <li><a href='http://www.kalitutorials.net/2016/02/antivirus-evasion-bypassing-av-with-veil.html' rel='nofollow'>Encrypting Your Payloads so that antiviruses don't raise hell - Bypassing AV detection using Veil Evasion</a></li> </ul> </li> <li><a href='#'>Bonus</a> <ul> <li><a href='http://www.kalitutorials.net/2014/05/hack-facebook-account-stuff-you-should.html' rel='nofollow'>How not to hack Facebook - This post would help you realize that 'actually hacking' Facebook is basically impossible</a></li> <li><a href='http://www.kalitutorials.net/2014/05/social-engineering-toolkit-kali.html' rel='nofollow'>How to hack Facebook accounts over LAN: While we can't hack FB, we can do phishing using credentials harvestor (SET) on Kali</a></li> <li><a href='http://www.kalitutorials.net/2014/05/credential-harvestor-port-forwarding.html' rel='nofollow'>How to hack Facebook accounts over the internet : Extend the above method to work over the internet using port-forwarding</a></li> </ul> </li> </ul> </li> </ul> </div> </div> </div> </div> </nav> <div style='clear: both;'></div> <div style='clear: both;'></div> <div id='content-wrapper'> <div id='main-wrapper'> <div style='clear: both;'></div> <div class='main-post-wrap'> <script> $(document).ready(function(){ $("#flip").click(function(){ $("#hideandseek").slideToggle("slow"); }); }); </script> <div id='flip' style='background-color: #e5eecc; border: solid 1px #c3c3c3;'>Click to Show/Hide Starters Guide</div> <div id='hideandseek' style='color: #2e2e2e;font-size: 14px;line-height: 21px;letter-spacing: 1px;text-align: justify;padding:10px; display: none;background-color: #e5eecc; border: solid 1px #c3c3c3;'> Welcome to Kali Tutorials!<br/> There are just 3 things you need to know- <ol> <li> On the top there's the navigation bar with neatly grouped tutorials which are easiest first (sorted by difficulty that is) </li> <li> Below there's recent tutorials, as I write new posts they show up here, like a news feed</li> <li> On the right there are popular tutorials. They are popular because they are good, so if you are clueless, take a look at any of them</li> Advice : Go to wifi hacking and follow the posts in sequence. Wifi hacking is the easiest to get started. </ol> </div> <div class='recent-post-title'><h5 class='lates-post-title'>Recent Posts</h5></div> <div class='main section' id='main'><div class='widget Blog' data-version='1' id='Blog1'> <div class='blog-posts hfeed'> <div class="date-outer"> <h2 class='date-header'><span>Thursday, December 6, 2018</span></h2> <div class="date-posts"> <div class='post-outer'> <div class='post hentry'> <script type='text/javascript'> //<![CDATA[ function bp_thumbnail_resize(image_url,post_title) { var image_size=270; var width_size=270; var height_size=250; var show_default_thumbnail=true; var default_thumbnail="http://2.bp.blogspot.com/-erTXCq61ULM/TmHYAQBZ0GI/AAAAAAAACCs/6cBX54Dn6Gs/s72-c/default.png"; if(show_default_thumbnail == true && image_url == "") image_url= default_thumbnail; image_tag='<div class="overlay animated"><img src="'+image_url.replace('/s72-c/','/s'+image_size+'-c/')+'" class="postthumb" alt="'+post_title+'" width="'+width_size+'" height="'+height_size+'"/></div>'; if(image_url!="") return image_tag; else return ""; } //]]> </script> <div class='entrybody'> <a href='https://www.kalitutorials.net/2018/12/bypassing-website-blockingcensorship.html'><script type='text/javascript'> document.write(bp_thumbnail_resize("https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoy7vnQmVGSy_mOg5C6fP67uB-C4WImaooERoW6gHRTzFYNIet8_zQ_bD8_Ar-ASfif0wqeg_Cf-at4l5eZWBr4fXY_bPZdksPufNDjivuJw1LYUVrg0hYTl9hC1KbTe-rVePfQIVq2DE/s72-c/tls-1.3-1024x512.png","Bypassing website blocking/censorship with Secure DNS and Encrypted SNI (cloudflare only)")); </script></a></div> <meta content='https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoy7vnQmVGSy_mOg5C6fP67uB-C4WImaooERoW6gHRTzFYNIet8_zQ_bD8_Ar-ASfif0wqeg_Cf-at4l5eZWBr4fXY_bPZdksPufNDjivuJw1LYUVrg0hYTl9hC1KbTe-rVePfQIVq2DE/s320/tls-1.3-1024x512.png' itemprop='image_url'/> <meta content='1987100455892845792' itemprop='blogId'/> <meta content='1982363067491599145' itemprop='postId'/> <a name='1982363067491599145'></a> <h2 class='post-title entry-title'> <a href='https://www.kalitutorials.net/2018/12/bypassing-website-blockingcensorship.html'>Bypassing website blocking/censorship with Secure DNS and Encrypted SNI (cloudflare only)</a> </h2> <div class='postmeta-primary'> <span class='meta_author'>By <i class='fa fa-user'></i> <a href='https://www.blogger.com/profile/13202927467352106867'> Shashwat</a></span> <span class='meta_date'><i class='fa fa-clock-o'></i> December 06, 2018</span> <span class='meta_labels'><i class='fa fa-folder-open-o'></i> <a href='https://www.kalitutorials.net/search/label/blocking' rel='tag'>blocking</a>, <a href='https://www.kalitutorials.net/search/label/bypassing' rel='tag'>bypassing</a>, <a href='https://www.kalitutorials.net/search/label/censorship' rel='tag'>censorship</a>, <a href='https://www.kalitutorials.net/search/label/cloudflare' rel='tag'>cloudflare</a>, <a href='https://www.kalitutorials.net/search/label/esni' rel='tag'>esni</a>, <a href='https://www.kalitutorials.net/search/label/firefox' rel='tag'>firefox</a>, <a href='https://www.kalitutorials.net/search/label/nightly' rel='tag'>nightly</a>, <a href='https://www.kalitutorials.net/search/label/tls' rel='tag'>tls</a>, <a href='https://www.kalitutorials.net/search/label/tls1.3' rel='tag'>tls1.3</a></span> <span><br/><ul><li><a href='http://www.kalitutorials.net/p/disclaimer.html' rel='nofollow'>Disclaimer </a> - TLDR; some stuff here can be used to carry out illegal activity, our intention is, however, to educate</li></ul></span> </div> <div class='post-header-line-1'></div> <div class='post-body entry-content'> <span id='1982363067491599145'><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoy7vnQmVGSy_mOg5C6fP67uB-C4WImaooERoW6gHRTzFYNIet8_zQ_bD8_Ar-ASfif0wqeg_Cf-at4l5eZWBr4fXY_bPZdksPufNDjivuJw1LYUVrg0hYTl9hC1KbTe-rVePfQIVq2DE/s1024/tls-1.3-1024x512.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="512" data-original-width="1024" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoy7vnQmVGSy_mOg5C6fP67uB-C4WImaooERoW6gHRTzFYNIet8_zQ_bD8_Ar-ASfif0wqeg_Cf-at4l5eZWBr4fXY_bPZdksPufNDjivuJw1LYUVrg0hYTl9hC1KbTe-rVePfQIVq2DE/s320/tls-1.3-1024x512.png" width="320" /></a></div><br />I haven't posted in a while, but today I have something interesting to share. Recently, multiple service providers that I use have started blocking some websites using deep packet inspection firewalls. Earlier, these firewalls would only block traffic by examining hostname in GET requests (which is easy to bypass by just using the https version of the target website), but now they employ some more techniques. Specifically, they block based on the SNI field of the TLS client hello, and sometimes also block on the basis of DNS queries. I was looking for ways to bypass these using custom extensions on my browser, but found out that it'll be a very non-trivial problem. Then I looked around and found that-<br /> <br /> <br /> <ol> <li>Latest firefox Nightly builds (and maybe even mainline firefox) have support for DNS over HTTPS (so no DNS based blocking)</li> <li>Firefox has implemented the ESNI feature discussed in the drafts of TLS 1.3 (again, only available in Nightly build so far)</li> <li>Cloudflare has enabled ESNI.</li> </ol> <div> I won't retell the whole tale, here are quick links-</div> <div> Firefox - <a href="https://blog.mozilla.org/security/2018/10/18/encrypted-sni-comes-to-firefox-nightly/">https://blog.mozilla.org/security/2018/10/18/encrypted-sni-comes-to-firefox-nightly/</a></div> <div> Cloudflare - <a href="https://blog.cloudflare.com/encrypted-sni">https://blog.cloudflare.com/encrypted-sni</a></div> <div> <br /></div> <div> The first link also has detailed steps on how to enable these features (plus explanation of what's actually happening). I'll surmise them quickly-<br /> <br /></div> <div> 0. Get firefox nightly<br /> 1. Type <b>about:config </b>on the url bar.</div> <div> 2. Search for network.trr, change network.trr.mode to 2</div> <div> 3. Search for network.security.esni.enabled and set it to true</div> <div> <br /></div> <div> In all likelihood, your ISP/institution/etc will now not be able to block any website on cloudflare (a LOT of websites use cloudflare), as long as you use firefox nightly. With increased adoption of ESNI, more websites will be able to evade blocking.<br /> <br /> (These steps won't work if you are in a workplace and the employer has installed his own certificate on the machines and uses a ssl proxy in conjunction with the firewall)</div> </span> <script type='text/javascript'>summary("1982363067491599145")</script> <div class='readmore'> <a href='https://www.kalitutorials.net/2018/12/bypassing-website-blockingcensorship.html'><i class='fa fa-arrow-circle-right'></i> Read More</a> </div> <div style='clear: both;'></div> </div> <div class='post-footer'> <div class='post-footer-line post-footer-line-1'> <div style='clear: both;'></div> <div id='related-posts'> <script type='text/javascript'> var currentposturl="https://www.kalitutorials.net/2018/12/bypassing-website-blockingcensorship.html"; var maxresults=3; var relatedpoststitle="<b></b>"; removeRelatedDuplicates_thumbs(); printRelatedLabels_thumbs(); </script> </div> <div style='clear: both;'></div> <div style='clear: both;'></div> <span class='post-author vcard'> Posted by <span class='fn' itemprop='author' itemscope='itemscope' itemtype='http://schema.org/Person'> <meta content='https://www.blogger.com/profile/13202927467352106867' itemprop='url'/> <a class='g-profile' href='https://www.blogger.com/profile/13202927467352106867' rel='author' title='author profile'> <span itemprop='name'>Shashwat</span> </a> </span> </span> <span class='post-timestamp'> at <meta content='https://www.kalitutorials.net/2018/12/bypassing-website-blockingcensorship.html' itemprop='url'/> <a class='timestamp-link' href='https://www.kalitutorials.net/2018/12/bypassing-website-blockingcensorship.html' rel='bookmark' title='permanent link'><abbr class='published' itemprop='datePublished' title='2018-12-06T09:55:00-08:00'>December 06, 2018</abbr></a> </span> <span class='reaction-buttons'> </span> <span class='post-comment-link'> <a class='comment-link' href='https://www.kalitutorials.net/2018/12/bypassing-website-blockingcensorship.html#comment-form' onclick=''> 235 comments: </a> </span> <span class='post-backlinks post-comment-link'> </span> <span class='post-icons'> <span class='item-control blog-admin pid-212260443'> <a href='https://www.blogger.com/post-edit.g?blogID=1987100455892845792&postID=1982363067491599145&from=pencil' title='Edit Post'> <img alt='' class='icon-action' height='18' src='//img2.blogblog.com/img/icon18_edit_allbkg.gif' width='18'/> </a> </span> </span> <div class='post-share-buttons goog-inline-block'> </div> </div> <div class='post-footer-line post-footer-line-2'> <span class='post-labels'> Labels: <a href='https://www.kalitutorials.net/search/label/blocking' rel='tag'>blocking</a>, <a href='https://www.kalitutorials.net/search/label/bypassing' rel='tag'>bypassing</a>, <a href='https://www.kalitutorials.net/search/label/censorship' rel='tag'>censorship</a>, <a href='https://www.kalitutorials.net/search/label/cloudflare' rel='tag'>cloudflare</a>, <a href='https://www.kalitutorials.net/search/label/esni' rel='tag'>esni</a>, <a href='https://www.kalitutorials.net/search/label/firefox' rel='tag'>firefox</a>, <a href='https://www.kalitutorials.net/search/label/nightly' rel='tag'>nightly</a>, <a href='https://www.kalitutorials.net/search/label/tls' rel='tag'>tls</a>, <a href='https://www.kalitutorials.net/search/label/tls1.3' rel='tag'>tls1.3</a> </span> </div> <div class='post-footer-line post-footer-line-3'> <span class='post-location'> </span> </div> </div> </div> </div> </div></div> <div class="date-outer"> <h2 class='date-header'><span>Thursday, November 30, 2017</span></h2> <div class="date-posts"> <div class='post-outer'> <div class='post hentry'> <div class='entrybody'> <a href='https://www.kalitutorials.net/2017/11/macos-high-sierra-login-bug.html'><script type='text/javascript'> document.write(bp_thumbnail_resize("https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiEjMaQ1kNjIuNG_7TT4Nm0LXyzUXZJrBN382Ty-ko7Xj_btPcB4HmXDnbsgf5udwxttrFXhRucR2W3LfVX42w0LnADclQqSuCklKP9-FKujGQVT2bKzhLdSDVoOC37Rph0rXBO_WOl-Qs/s72-c/Users+and+Groups.png","MacOS High Sierra login bug")); </script></a></div> <meta content='https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiEjMaQ1kNjIuNG_7TT4Nm0LXyzUXZJrBN382Ty-ko7Xj_btPcB4HmXDnbsgf5udwxttrFXhRucR2W3LfVX42w0LnADclQqSuCklKP9-FKujGQVT2bKzhLdSDVoOC37Rph0rXBO_WOl-Qs/s320/Users+and+Groups.png' itemprop='image_url'/> <meta content='1987100455892845792' itemprop='blogId'/> <meta content='7697540380300669643' itemprop='postId'/> <a name='7697540380300669643'></a> <h2 class='post-title entry-title'> <a href='https://www.kalitutorials.net/2017/11/macos-high-sierra-login-bug.html'>MacOS High Sierra login bug</a> </h2> <div class='postmeta-primary'> <span class='meta_author'>By <i class='fa fa-user'></i> <a href='https://www.blogger.com/profile/13202927467352106867'> Shashwat</a></span> <span class='meta_date'><i class='fa fa-clock-o'></i> November 30, 2017</span> <span class='meta_labels'><i class='fa fa-folder-open-o'></i> </span> <span><br/><ul><li><a href='http://www.kalitutorials.net/p/disclaimer.html' rel='nofollow'>Disclaimer </a> - TLDR; some stuff here can be used to carry out illegal activity, our intention is, however, to educate</li></ul></span> </div> <div class='post-header-line-1'></div> <div class='post-body entry-content'> <span id='7697540380300669643'><h2> Intro</h2> If you've been following security news, you'd know that Mac OS High Sierra has a security bug. Most of the articles have done a fine job explaining all the fluff, so I'll get straight to the point.<br /> <br /> If you have no password for the root account (as is the case for most users, since they haven't explicitly set up a root account and password on their system), then Mac will accept a blank password for logging into root.<br /> <br /> A demo is better than a 1000 words, and I'll show you one real quick-<br /> <br /> <h2> Demo</h2> Step 1 : Go to a place requiring admin privilege authentication. For example, Users and Groups in System Preferences.<br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiEjMaQ1kNjIuNG_7TT4Nm0LXyzUXZJrBN382Ty-ko7Xj_btPcB4HmXDnbsgf5udwxttrFXhRucR2W3LfVX42w0LnADclQqSuCklKP9-FKujGQVT2bKzhLdSDVoOC37Rph0rXBO_WOl-Qs/s1600/Users+and+Groups.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="964" data-original-width="1336" height="230" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiEjMaQ1kNjIuNG_7TT4Nm0LXyzUXZJrBN382Ty-ko7Xj_btPcB4HmXDnbsgf5udwxttrFXhRucR2W3LfVX42w0LnADclQqSuCklKP9-FKujGQVT2bKzhLdSDVoOC37Rph0rXBO_WOl-Qs/s320/Users+and+Groups.png" width="320" /></a></div> Step 2 : Click on the lock, and you'd be prompted to login.<br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhjySX0UJ0pTHu_5xF-9Om0rOptf71tTFUxvw9zABdWRfkBdi9XmVAjgHC3ZkIoOWeEH79FecxMiSBWchzmo6wnJkvK21AoZLeKCdMb52nnTH713jyOoB2DyYlTX2QoaXRNAg_can-dvYQ/s1600/Login.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="963" data-original-width="1334" height="230" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhjySX0UJ0pTHu_5xF-9Om0rOptf71tTFUxvw9zABdWRfkBdi9XmVAjgHC3ZkIoOWeEH79FecxMiSBWchzmo6wnJkvK21AoZLeKCdMb52nnTH713jyOoB2DyYlTX2QoaXRNAg_can-dvYQ/s320/Login.png" width="320" /></a></div> Step 3 : Change username to root, leave the password field blank (After changing username to root, press tab to move to the password field, then tab again to go back to username field, and then click unlock, otherwise this won't work).<br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <iframe width="320" height="266" class="YOUTUBE-iframe-video" data-thumbnail-src="https://i.ytimg.com/vi/B4fC1DM_0xw/0.jpg" src="https://www.youtube.com/embed/B4fC1DM_0xw?feature=player_embedded" frameborder="0" allowfullscreen></iframe></div> <br /> That's it. You can get creative regarding what all you can accomplish with this. I haven't tried it, but I've heard that this attack (bug :p) works remotely!<br /> <br /> <h2> Fix</h2> <div> Seeing as how this bug puts your system at risk, I'm sure you are curious as to how to fix it. One way is to give your root account a password. </div> <div> <br /></div> <div> However, on 29th Nov apple released a security update for this bug. We'll simply use that. Here's the update - <a href="https://support.apple.com/en-us/HT208315">https://support.apple.com/en-us/HT208315</a> (the section below uses info from the linked page)</div> <div> <br /></div> <div> Let's first check if the update is installed. </div> <div> <br /></div> <div> For that, type this on your terminal and hit enter-</div> <blockquote class="tr_bq"> what /usr/libexec/opendirectoryd</blockquote> If your output is something like this, then you have an old version of the update installed-<br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhluF9s4KcNWAzk8d7h2hQ3Zz7bo_w5azP6iC2UG_hUm94hl4lcp_0C3n1OdbPYYSlioyASSNLzVDHnc4jWpNBtxQ6mKecY_E7pTFiXodTg7YuZAipkHkMYqQHfdhSZI5bHS-rcKQOgM2U/s1600/Old+version.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="98" data-original-width="944" height="65" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhluF9s4KcNWAzk8d7h2hQ3Zz7bo_w5azP6iC2UG_hUm94hl4lcp_0C3n1OdbPYYSlioyASSNLzVDHnc4jWpNBtxQ6mKecY_E7pTFiXodTg7YuZAipkHkMYqQHfdhSZI5bHS-rcKQOgM2U/s640/Old+version.png" width="640" /></a></div> <br /> If it's one of these two, or a more recent version (higher numbers), then you're good<br /> <br /> <span style="background-color: white; color: #333333; font-family: "SF Pro Text", "SF Pro Icons", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 17px; letter-spacing: -0.021em;">opendirectoryd-483.1.5 on macOS High Sierra 10.13</span><br /> <span style="background-color: white; color: #333333; font-family: "SF Pro Text", "SF Pro Icons", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 17px; letter-spacing: -0.021em;">opendirectoryd-483.20.7 on macOS High Sierra 10.13.1</span><br /> <span style="background-color: white; color: #333333; font-family: "SF Pro Text", "SF Pro Icons", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 17px; letter-spacing: -0.021em;"><br /></span> So, if you have and old version like me, let's head to the app store and install the update.<br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcTCL5k7j7Q_-iUXNAF6z-hodYFswfz5i8lEBvsLn4oFHzAcO7GCEJyW3YhF5mPOxYwHDQ9bKU2fBvC-mk-MlGtPGQnqYZznaFaUPwY8cGgOMlGON8qzP5nKXIkX4_t_N5D5ngLi2LX-c/s1600/Update.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="223" data-original-width="1600" height="88" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcTCL5k7j7Q_-iUXNAF6z-hodYFswfz5i8lEBvsLn4oFHzAcO7GCEJyW3YhF5mPOxYwHDQ9bKU2fBvC-mk-MlGtPGQnqYZznaFaUPwY8cGgOMlGON8qzP5nKXIkX4_t_N5D5ngLi2LX-c/s640/Update.png" width="640" /></a></div> Sure enough, here's the update we need. It'll take a bit to get installed.<br /> <br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgT6YqM5MEuXysgkjA1L6hhQvT3W90ofhfIOAksXQxS2pzGyftSyrgT7oq0WoZAkolE_daCi9tsX_BP-Lc8-UbQCb20YK4L0vnfpwetsgNbD8b6q-ZnLN-IPyUBZd1gtlU75tAVgiEEI-4/s1600/Installing.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="226" data-original-width="1600" height="90" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgT6YqM5MEuXysgkjA1L6hhQvT3W90ofhfIOAksXQxS2pzGyftSyrgT7oq0WoZAkolE_daCi9tsX_BP-Lc8-UbQCb20YK4L0vnfpwetsgNbD8b6q-ZnLN-IPyUBZd1gtlU75tAVgiEEI-4/s640/Installing.png" width="640" /></a></div> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <div class="separator" style="clear: both; text-align: left;"> Once that's done, let's just run the same command again and verify that the version number increased to our liking. Now we're all good. </div> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTOSBGfHvx2spFMZ8_xBCyJ86hwC0nYEVu9VloDQeFLn68cN20U6qwfkBAD3Zj9SE3S4mvi-LHNb4FgrV6qLDRR-JZT9VwMBW3K9SEDJ2xQEY__nxgj1n5nMURWvzuI4ir2Dfk1vrBXtE/s1600/Changed.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="102" data-original-width="916" height="70" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTOSBGfHvx2spFMZ8_xBCyJ86hwC0nYEVu9VloDQeFLn68cN20U6qwfkBAD3Zj9SE3S4mvi-LHNb4FgrV6qLDRR-JZT9VwMBW3K9SEDJ2xQEY__nxgj1n5nMURWvzuI4ir2Dfk1vrBXtE/s640/Changed.png" width="640" /></a></div> <br /> <br /> Verify-<br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <iframe width="320" height="266" class="YOUTUBE-iframe-video" data-thumbnail-src="https://i.ytimg.com/vi/iYXX8KYQhx0/0.jpg" src="https://www.youtube.com/embed/iYXX8KYQhx0?feature=player_embedded" frameborder="0" allowfullscreen></iframe></div> <br /> Bug seems fixed. That's it for the post.</span> <script type='text/javascript'>summary("7697540380300669643")</script> <div class='readmore'> <a href='https://www.kalitutorials.net/2017/11/macos-high-sierra-login-bug.html'><i class='fa fa-arrow-circle-right'></i> Read More</a> </div> <div style='clear: both;'></div> </div> <div class='post-footer'> <div class='post-footer-line post-footer-line-1'> <div style='clear: both;'></div> <div id='related-posts'> <script type='text/javascript'> var currentposturl="https://www.kalitutorials.net/2017/11/macos-high-sierra-login-bug.html"; var maxresults=3; var relatedpoststitle="<b></b>"; removeRelatedDuplicates_thumbs(); printRelatedLabels_thumbs(); </script> </div> <div style='clear: both;'></div> <div style='clear: both;'></div> <span class='post-author vcard'> Posted by <span class='fn' itemprop='author' itemscope='itemscope' itemtype='http://schema.org/Person'> <meta content='https://www.blogger.com/profile/13202927467352106867' itemprop='url'/> <a class='g-profile' href='https://www.blogger.com/profile/13202927467352106867' rel='author' title='author profile'> <span itemprop='name'>Shashwat</span> </a> </span> </span> <span class='post-timestamp'> at <meta content='https://www.kalitutorials.net/2017/11/macos-high-sierra-login-bug.html' itemprop='url'/> <a class='timestamp-link' href='https://www.kalitutorials.net/2017/11/macos-high-sierra-login-bug.html' rel='bookmark' title='permanent link'><abbr class='published' itemprop='datePublished' title='2017-11-30T05:19:00-08:00'>November 30, 2017</abbr></a> </span> <span class='reaction-buttons'> </span> <span class='post-comment-link'> <a class='comment-link' href='https://www.kalitutorials.net/2017/11/macos-high-sierra-login-bug.html#comment-form' onclick=''> 243 comments: </a> </span> <span class='post-backlinks post-comment-link'> </span> <span class='post-icons'> <span class='item-control blog-admin pid-212260443'> <a href='https://www.blogger.com/post-edit.g?blogID=1987100455892845792&postID=7697540380300669643&from=pencil' title='Edit Post'> <img alt='' class='icon-action' height='18' src='//img2.blogblog.com/img/icon18_edit_allbkg.gif' width='18'/> </a> </span> </span> <div class='post-share-buttons goog-inline-block'> </div> </div> <div class='post-footer-line post-footer-line-2'> <span class='post-labels'> </span> </div> <div class='post-footer-line post-footer-line-3'> <span class='post-location'> </span> </div> </div> </div> </div> </div></div> <div class="date-outer"> <h2 class='date-header'><span>Tuesday, May 16, 2017</span></h2> <div class="date-posts"> <div class='post-outer'> <div class='post hentry'> <div class='entrybody'> <a href='https://www.kalitutorials.net/2017/05/trojans-wannacry-ransomware-explained.html'><script type='text/javascript'> document.write(bp_thumbnail_resize("https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWmba_QOFpNsymZnv-WPaS9qFFJFckaNgX38ORaSWII0EV7r7tHjkgylLNp2NJxepGbuGCxPeIKyaWpeSp0poPGdoX2tHeepdY86-w933PJKPVkSgjFDiMnbRHrbxYt5DhMXJhZh8tOFU/s72-c/2cry.png","Trojans and RansomWare explained in light of WannaCry RansomWare")); </script></a></div> <meta content='https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWmba_QOFpNsymZnv-WPaS9qFFJFckaNgX38ORaSWII0EV7r7tHjkgylLNp2NJxepGbuGCxPeIKyaWpeSp0poPGdoX2tHeepdY86-w933PJKPVkSgjFDiMnbRHrbxYt5DhMXJhZh8tOFU/s320/2cry.png' itemprop='image_url'/> <meta content='1987100455892845792' itemprop='blogId'/> <meta content='1567047907466049191' itemprop='postId'/> <a name='1567047907466049191'></a> <h2 class='post-title entry-title'> <a href='https://www.kalitutorials.net/2017/05/trojans-wannacry-ransomware-explained.html'>Trojans and RansomWare explained in light of WannaCry RansomWare</a> </h2> <div class='postmeta-primary'> <span class='meta_author'>By <i class='fa fa-user'></i> <a href='https://www.blogger.com/profile/13202927467352106867'> Shashwat</a></span> <span class='meta_date'><i class='fa fa-clock-o'></i> May 16, 2017</span> <span class='meta_labels'><i class='fa fa-folder-open-o'></i> </span> <span><br/><ul><li><a href='http://www.kalitutorials.net/p/disclaimer.html' rel='nofollow'>Disclaimer </a> - TLDR; some stuff here can be used to carry out illegal activity, our intention is, however, to educate</li></ul></span> </div> <div class='post-header-line-1'></div> <div class='post-body entry-content'> <span id='1567047907466049191'><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWmba_QOFpNsymZnv-WPaS9qFFJFckaNgX38ORaSWII0EV7r7tHjkgylLNp2NJxepGbuGCxPeIKyaWpeSp0poPGdoX2tHeepdY86-w933PJKPVkSgjFDiMnbRHrbxYt5DhMXJhZh8tOFU/s1600/2cry.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="188" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWmba_QOFpNsymZnv-WPaS9qFFJFckaNgX38ORaSWII0EV7r7tHjkgylLNp2NJxepGbuGCxPeIKyaWpeSp0poPGdoX2tHeepdY86-w933PJKPVkSgjFDiMnbRHrbxYt5DhMXJhZh8tOFU/s320/2cry.png" width="320" /></a>Over the past week, around 200,000 systems are believed to have been hacked by wannacry ransomware. Let's start with some background first, and then move into the details-<br /> <br /> <h2> Trojans</h2> <div> Before you know what Ransomeware is, it's important to know what trojans are. We can broadly classify malicious computer programs into 2 categories-</div> <div> <ol> <li>Spread wildly and attack destructively</li> <li>Spread surgically and attack covertly</li> </ol> <div> The first category comprises the typical viruses that infect your computers, get inside your USB, copy themselves to every avenue they can. They slow down your computer, limit it's functionality, and in general, make a lot of changes that make them easy to detect. These, in general, serve no particular useful purpose for the writer of the malicious code, other than perhaps giving them the lulz or maybe some sense of accomplishment. Also, once spread, there is very limited amount (or none at all) amount of control that the writer of the malicious code has on it's actions.</div> </div> <div> <br /></div> <div> The second ones are the precisely crafted viruses called trojans. These hide behind legitimate files, spread only through very few avenues as seen fit by their programmer. Let me make this point a bit clearer-</div> <div> <ol> <li>Most viruses would copy themselves to all devices attached to the infected system, try to spread via the network, internet etc. from the infected system.</li> <li>Trojans will not automatically copy themselves. They will stay hidden and inactive.</li> </ol> <div> As with everything else, the means of spread of trojan is also precise. The malicious code writer will hide them behind a legitimate file, and then spread this file using social networks, spam mails, etc. This way, only those computers will get infected that the attacker wants to infect.</div> </div> <div> <br /></div> <div> What are some examples of trojans-</div> <div> <ol> <li>Remote Administration Tools (RATs) - These are trojans which, when installed on the system, silently position themselves in such a way that they allow the attacker to control the system remotely. This means that the attacker can browser all your files, read all your data, see what you're typing (hence get all your accounts and passwords), get a live feed of your screen, and access your webcam. As you can clearly see, as opposed to other viruses, trojans have specific use for the malicious author. He now controls the infected computer.</li> <li>Botnet - This is a special use of a freely spreading trojan whose purpose is to infect as many computers as possible with a RAT like functionality but less control on who gets infected. This reduced control and increase rate of spreading is important because of the purpose of a botnet. Botnet is basically a large network of infected computers which the attacker uses to do his bidding. They are often used to carry out DDOS attacks. Suppose the trojan spread to 1000 computers (a very small number, there are HUGE botnets out there). The attacker can then use these 1000 computers to simultaneously attack websites and take them down. Another use for botnets is bitcoin mining.</li> </ol> <div> Recently, a new use for trojans has been seen-</div> </div> <div> <br /></div> <h2> Ransomware</h2> <div> If you have been paying attention so far, you'll notice that once infected by a trojan, a computer's files are under control of the attacker. That means he can easily say- "Give me money or I'll delete all your files". Unfortunately for the attacker, once the victim sees this message, the trojan is no longer covert. The victim may install an antivirus, backup his important data to the cloud/ external storage media/ USB, etc. </div> <div> <br /></div> <div> So, the attacker needs to do something which is equivalent to deleting, but reversible. Also, the reverse procedure should require the consent of the attacker. There is one solution - Encryption. If you know what encryption is, then you should see by now what's up. Otherwise, here's a simpler explanation (though not entirely accurate)-</div> <div> <br /></div> <div> What the attacker can do is similar to what happens when you find a compressed archive with a password. If you know the password, you can uncompress the archive, otherwise not. So, the attacker will take all files except the System files (without which your computer won't work), put them into a compressed archive with a secure password, and then delete the uncompressed files. </div> <div> <br /></div> <div> Once he's done with compressing (encrypting really) everything, he'll inform you about what just happened, and tell you to pay him a certain amount in bitcoins in exchange for the password of the compressed archive (i.e. the decryption key). If you don't pay up, he will delete the compressed archive and your data will be lost forever. Even if you manage to remove the ransomware after it announces it's presence, it's a bit too late. You avert the possibility of data deletion but that doesn't mean that you can now get your data back. You still don't know the decryption key, and unless there's a cryptographic flaw/weakness in the encryption scheme used by the attacker (basically weak password is used), it's almost impossible to find the key and decrypt the data.</div> <div> <br /></div> <h2> What's special about WannaCry?</h2> <div> So while there have been ransomware around for quite some time, this one has spread to epic proportions. Why?</div> <div> <br /></div> <h3> NSA, Shadow Brokers and EternalBlue</h3> <div> The credit for this goes to NSA for discovering the EternalBlue exploit and Shadow Brokers for releasing it to the public. I won't delve into further details of this, but EternalBlue exploit can hack any Windows machine which didn't have the patch for it. What does that mean?<br /> <br /> <blockquote class="tr_bq"> <span style="background-color: white; color: #222222; font-family: sans-serif; font-size: 14px;">The standard Windows security update on 14 March 2017 resolved the issue via security update MS17-010, for all currently supported Windows versions.</span></blockquote> "The issue" referring to the vulnerability. However, many systems have automatic updates disabled and didn't have the patch. All these machines were vulnerable to this attack. Considering how often people end up disabling automatic updates (because they're annoying), you can imagine the scale of the EternalBlue exploit. This is the reason why this particular ransomware was able to spread so quickly.<br /> <br /> <h2> WannaCry</h2> At this point, you already have enough background necessary to understand what WannaCry is, on your own. You know it's a ransomware, and you know it uses EternalBlue to infect computers. The details can be seen n the pic below-<br /> <br /> <ol> <li>Files have been encrypted</li> <li>You need to pay $300 via bitcoin</li> <li>If you don't pay within 3 days, you need to pay $600</li> <li>If you don't pay in a week, all files will be deleted permanently.</li> </ol> <br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6y4fpT0mRkHUnqZ2T-lQAb7We2fBMKg9jhz-RiLekaY2h1Yanfi30_oWyZMukQr9MkqWTBtiojpYCRdmBG6_QBy32uoTZr3bngZBURF2cVscClN0ID2zNOYdgfi2zmp5b7Bvgsb9glXA/s1600/wcry.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6y4fpT0mRkHUnqZ2T-lQAb7We2fBMKg9jhz-RiLekaY2h1Yanfi30_oWyZMukQr9MkqWTBtiojpYCRdmBG6_QBy32uoTZr3bngZBURF2cVscClN0ID2zNOYdgfi2zmp5b7Bvgsb9glXA/s1600/wcry.jpg" /></a></div> <br /> This is it for this article.<br /> Suggested reading : <a href="https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html">https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html</a> - This guy slowed down the spread of the ransomware by registering a domain which he felt was suspiciously present in the source code. His diligence saved people a lot of money and hassle. (Oversimplified summary, please read post for more accurate analysis)</div> </span> <script type='text/javascript'>summary("1567047907466049191")</script> <div class='readmore'> <a href='https://www.kalitutorials.net/2017/05/trojans-wannacry-ransomware-explained.html'><i class='fa fa-arrow-circle-right'></i> Read More</a> </div> <div style='clear: both;'></div> </div> <div class='post-footer'> <div class='post-footer-line post-footer-line-1'> <div style='clear: both;'></div> <div id='related-posts'> <script type='text/javascript'> var currentposturl="https://www.kalitutorials.net/2017/05/trojans-wannacry-ransomware-explained.html"; var maxresults=3; var relatedpoststitle="<b></b>"; removeRelatedDuplicates_thumbs(); printRelatedLabels_thumbs(); </script> </div> <div style='clear: both;'></div> <div style='clear: both;'></div> <span class='post-author vcard'> Posted by <span class='fn' itemprop='author' itemscope='itemscope' itemtype='http://schema.org/Person'> <meta content='https://www.blogger.com/profile/13202927467352106867' itemprop='url'/> <a class='g-profile' href='https://www.blogger.com/profile/13202927467352106867' rel='author' title='author profile'> <span itemprop='name'>Shashwat</span> </a> </span> </span> <span class='post-timestamp'> at <meta content='https://www.kalitutorials.net/2017/05/trojans-wannacry-ransomware-explained.html' itemprop='url'/> <a class='timestamp-link' href='https://www.kalitutorials.net/2017/05/trojans-wannacry-ransomware-explained.html' rel='bookmark' title='permanent link'><abbr class='published' itemprop='datePublished' title='2017-05-16T01:07:00-07:00'>May 16, 2017</abbr></a> </span> <span class='reaction-buttons'> </span> <span class='post-comment-link'> <a class='comment-link' href='https://www.kalitutorials.net/2017/05/trojans-wannacry-ransomware-explained.html#comment-form' onclick=''> 128 comments: </a> </span> <span class='post-backlinks post-comment-link'> </span> <span class='post-icons'> <span class='item-control blog-admin pid-212260443'> <a href='https://www.blogger.com/post-edit.g?blogID=1987100455892845792&postID=1567047907466049191&from=pencil' title='Edit Post'> <img alt='' class='icon-action' height='18' src='//img2.blogblog.com/img/icon18_edit_allbkg.gif' width='18'/> </a> </span> </span> <div class='post-share-buttons goog-inline-block'> </div> </div> <div class='post-footer-line post-footer-line-2'> <span class='post-labels'> </span> </div> <div class='post-footer-line post-footer-line-3'> <span class='post-location'> </span> </div> </div> </div> </div> </div></div> <div class="date-outer"> <h2 class='date-header'><span>Tuesday, April 4, 2017</span></h2> <div class="date-posts"> <div class='post-outer'> <div class='post hentry'> <div class='entrybody'> <a href='https://www.kalitutorials.net/2017/04/configure-your-web-application.html'><script type='text/javascript'> document.write(bp_thumbnail_resize("https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiFxJfYDX8qXkKp3nY7Xd5zJHLtr8lY6hJawT1tRtcA-q0a5XzU_ujJEMHI4XBfARHBZaOVuE5FhfVGn2z_L9qkIs2BluVpZM6CL7hDC5eL-te38mnUlRGdyqHlIeQLM154MC7GqQNpo_0/s72-c/DVWA+damn+vulnerable+web+app.jpeg","Configure your web application pentesting lab")); </script></a></div> <meta content='https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiFxJfYDX8qXkKp3nY7Xd5zJHLtr8lY6hJawT1tRtcA-q0a5XzU_ujJEMHI4XBfARHBZaOVuE5FhfVGn2z_L9qkIs2BluVpZM6CL7hDC5eL-te38mnUlRGdyqHlIeQLM154MC7GqQNpo_0/s320/DVWA+damn+vulnerable+web+app.jpeg' itemprop='image_url'/> <meta content='1987100455892845792' itemprop='blogId'/> <meta content='5894302721920428736' itemprop='postId'/> <a name='5894302721920428736'></a> <h2 class='post-title entry-title'> <a href='https://www.kalitutorials.net/2017/04/configure-your-web-application.html'>Configure your web application pentesting lab</a> </h2> <div class='postmeta-primary'> <span class='meta_author'>By <i class='fa fa-user'></i> <a href='https://www.blogger.com/profile/13202927467352106867'> Shashwat</a></span> <span class='meta_date'><i class='fa fa-clock-o'></i> April 04, 2017</span> <span class='meta_labels'><i class='fa fa-folder-open-o'></i> </span> <span><br/><ul><li><a href='http://www.kalitutorials.net/p/disclaimer.html' rel='nofollow'>Disclaimer </a> - TLDR; some stuff here can be used to carry out illegal activity, our intention is, however, to educate</li></ul></span> </div> <div class='post-header-line-1'></div> <div class='post-body entry-content'> <span id='5894302721920428736'>In the previous tutorial, we set up our web application pentesting lab. However, it's far from ready, and we need to make some changes to get it working as per our needs. Here's the link to the previous post if you didn't follow that-<br /> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiFxJfYDX8qXkKp3nY7Xd5zJHLtr8lY6hJawT1tRtcA-q0a5XzU_ujJEMHI4XBfARHBZaOVuE5FhfVGn2z_L9qkIs2BluVpZM6CL7hDC5eL-te38mnUlRGdyqHlIeQLM154MC7GqQNpo_0/s1600/DVWA+damn+vulnerable+web+app.jpeg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="201" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiFxJfYDX8qXkKp3nY7Xd5zJHLtr8lY6hJawT1tRtcA-q0a5XzU_ujJEMHI4XBfARHBZaOVuE5FhfVGn2z_L9qkIs2BluVpZM6CL7hDC5eL-te38mnUlRGdyqHlIeQLM154MC7GqQNpo_0/s320/DVWA+damn+vulnerable+web+app.jpeg" width="320" /></a><br /> <a href="http://www.kalitutorials.net/2017/04/set-up-your-own-web-application.html" target="_blank">Set up your web app pentesting lab</a><br /> <br /> <h2> Contents</h2> <div> <ol> <li>Fixing the problems</li> <li>Changing credentials</li> <li>Adding recaptcha key</li> <li>Enabling disabled stuff</li> <li>Installing missing stuff</li> <li>Giving write privileges</li> </ol> <div> <br /></div> </div> <h2> Fixing <span style="color: red;">problems</span></h2> <div> If you remember from previous post, we reached this point-</div> <div> <br /></div> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCuxqU3JBm3Yk8cNEw0c56MrWr5_I1j9YlWbS1Q83LWqMKk7BP04HWB7EcRuSSUfcooUzDp2Nu9ENbtssR67bFQXjSlAuBhyZ9YAs-56kau0VaFwumTXlkh3rbexTz6PLQefpF9QPEWSM/s1600/Fix+the+stuff+in+red.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="209" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCuxqU3JBm3Yk8cNEw0c56MrWr5_I1j9YlWbS1Q83LWqMKk7BP04HWB7EcRuSSUfcooUzDp2Nu9ENbtssR67bFQXjSlAuBhyZ9YAs-56kau0VaFwumTXlkh3rbexTz6PLQefpF9QPEWSM/s320/Fix+the+stuff+in+red.png" width="320" /></a></td></tr> <tr><td class="tr-caption" style="text-align: center;">There's some stuff in red color</td></tr> </tbody></table> <div> All the stuff in red needs fixing. If you are lucky, we have the same set of issues which need fixing. Otherwise, you'll have to do some googling to find out how to fix problems which you are facing and I am not.<br /> <br /> <h2> Changing mysql username and <span style="color: red;">password</span></h2> <div> The default credentials are 'root' and 'p@ssw0rd' in the config.inc.php file. We change it to the correct mysql login credentials, 'root' and '', in my case. You can change depending on your mysql credentials. This gets rid of our biggest worry - Unable to connect to database!</div> <br /> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpRrboippIGn70XgBp0XrkyQAcg0BNJBWIDBulM78bps7ck2eGW8g3hFWlYO7C5sw07enku4PiRdB57B9c8HmHQE1nyHqdsxeKigWE2rTOQMAzmNCFVkG3Nd2HzjUImSRR1X2NvLvI0i4/s1600/Before+fixing.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="130" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpRrboippIGn70XgBp0XrkyQAcg0BNJBWIDBulM78bps7ck2eGW8g3hFWlYO7C5sw07enku4PiRdB57B9c8HmHQE1nyHqdsxeKigWE2rTOQMAzmNCFVkG3Nd2HzjUImSRR1X2NvLvI0i4/s320/Before+fixing.png" width="320" /></a></td></tr> <tr><td class="tr-caption" style="text-align: center;">This is the biggest problem. Solving this means we can create our database, some modules may not work<br /> perfectly, but DVWA will run. Without fixing this, we won't even be able to start.<br />To fix this, open /opt/lamp/htdocs/DVWA-master/config/config.inc.php file in your favorite text editor.</td></tr> </tbody></table> <br /> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzr9g59m3bgbdr6zIXuWJB-GtH0xMHN6cYxauRQzDi4QXYgYfJrVqnEl1pbywxwWQ2Jjm4V3ulR1L4ZF9qe3T2mepkOSx3m_LBTC0z4_J3ZjehLAILNQA_4SMZoGHsIWYTPzTTuBT1QY8/s1600/After+fixing.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"></a><br /> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibuH3tu1WYJwHoxs9qQLMnZI2ryA89eHjwkHhkJVhpncsNYJP9gh8Yf6rQFraNmOO48zpOHFhaFKNZl2n-5AKEshPvzn1B-t9Uo1CkmqEr3KCaYgvr27SFTrejU8SmchNb8_61cCjM7AA/s1600/Before+changing.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="178" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibuH3tu1WYJwHoxs9qQLMnZI2ryA89eHjwkHhkJVhpncsNYJP9gh8Yf6rQFraNmOO48zpOHFhaFKNZl2n-5AKEshPvzn1B-t9Uo1CkmqEr3KCaYgvr27SFTrejU8SmchNb8_61cCjM7AA/s320/Before+changing.png" width="320" /></a></td></tr> <tr><td class="tr-caption" style="text-align: center;">This password isn't the password of our mysql database. In my case, password is nothing, i.e. two single quotes (i.e. ''). <br /> Update the value here. In case your mysql password is something else, use that. Change<br /> the username too is need be.</td></tr> </tbody></table> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td style="text-align: center;"><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxSUpCdu8Io5QyFwjN9RO9FLqHKn-bfvCP0rrQBbPjwegcWat9gSU092wh_DdTT4va2mP1AhQS4Cx7JU9XSyKfT5cMU9COv-dGUW9XgBswuEqj6NO3m2n5TN9s1xMmi6dOmKq-MHKhHv8/s1600/After+changing.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="176" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxSUpCdu8Io5QyFwjN9RO9FLqHKn-bfvCP0rrQBbPjwegcWat9gSU092wh_DdTT4va2mP1AhQS4Cx7JU9XSyKfT5cMU9COv-dGUW9XgBswuEqj6NO3m2n5TN9s1xMmi6dOmKq-MHKhHv8/s320/After+changing.png" width="320" /></a></td></tr> <tr><td class="tr-caption" style="font-size: 12.8px;">This is the corrected password value in my case. After this, refresh the page and click "Create/Reset database"</td></tr> </tbody></table> <br /> <img border="0" height="211" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzr9g59m3bgbdr6zIXuWJB-GtH0xMHN6cYxauRQzDi4QXYgYfJrVqnEl1pbywxwWQ2Jjm4V3ulR1L4ZF9qe3T2mepkOSx3m_LBTC0z4_J3ZjehLAILNQA_4SMZoGHsIWYTPzTTuBT1QY8/s320/After+fixing.png" style="margin-left: auto; margin-right: auto;" width="320" /></td></tr> <tr><td class="tr-caption" style="text-align: center;">Now everything works fine after you click Create/Reset database.</td></tr> </tbody></table> <br /> Now we'll fix the other remaining issues.<br /> <br /> <h2> Fixing <span style="color: red;">missing</span> recaptcha key</h2> <br /> Firstly, we need to solve the recaptcha key missing problem. Go to this <a href="https://www.google.com/recaptcha/admin" target="_blank">URL</a>-<br /> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgy_ysSomtrTPQye6FynuCgWwMDnPqmVXJc2wmAh3i2L-LX5QIhWQZCLWVqQ-8tY6UjqdkVlUq0sZyLDRIxT_4Z9l-Wg2tBIJwkSO3rcwy7eY7pB2IfKT7BndQeHkdXrtbbDk92HM25EEc/s1600/Recaptcha+site.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="220" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgy_ysSomtrTPQye6FynuCgWwMDnPqmVXJc2wmAh3i2L-LX5QIhWQZCLWVqQ-8tY6UjqdkVlUq0sZyLDRIxT_4Z9l-Wg2tBIJwkSO3rcwy7eY7pB2IfKT7BndQeHkdXrtbbDk92HM25EEc/s320/Recaptcha+site.png" width="320" /></a></td></tr> <tr><td class="tr-caption" style="text-align: center;">Go to the URL, you'll see a form like this</td></tr> </tbody></table> <br /> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoxluRWv2dgflxxZa_wvX5RblpykTgxfncQlX-CwOKFqfkLWkUORNjsVeNFQMHEtwBIZ-lsenbCdy1-s2gk-TxCH0q_cenm26hkLspV0-upCuoKkom1evcGNawQTvgQbA3zTNgl2zGo_M/s1600/Filled+details.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="267" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoxluRWv2dgflxxZa_wvX5RblpykTgxfncQlX-CwOKFqfkLWkUORNjsVeNFQMHEtwBIZ-lsenbCdy1-s2gk-TxCH0q_cenm26hkLspV0-upCuoKkom1evcGNawQTvgQbA3zTNgl2zGo_M/s320/Filled+details.png" width="320" /></a></td></tr> <tr><td class="tr-caption" style="text-align: center;">Fill form, values don't matter much</td></tr> </tbody></table> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIAHcrZJ-1zmRiaQ1HLeN_oLJuE6YN-e2Pe0lmu3z93i_LLKM-R-4ziDV_IgzCJQ8pzIZWyI7i0eKsMFbd2Hw8jyox1Sa42779gqOcvz3YHt4cKTgTE2giDkT4Mr9yRyLAqvIsQ1TFev8/s1600/Public+and+private+keys+for+recaptcha.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="69" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIAHcrZJ-1zmRiaQ1HLeN_oLJuE6YN-e2Pe0lmu3z93i_LLKM-R-4ziDV_IgzCJQ8pzIZWyI7i0eKsMFbd2Hw8jyox1Sa42779gqOcvz3YHt4cKTgTE2giDkT4Mr9yRyLAqvIsQ1TFev8/s320/Public+and+private+keys+for+recaptcha.png" width="320" /></a></td></tr> <tr><td class="tr-caption" style="text-align: center;">You obtain site key and secret key. Site key = Private key, secret key = private key</td></tr> </tbody></table> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg1dyenBEgrauhKi5tzoQzePzY2ZsR3EmFkfwTrhlx6U0sM2IquSRQoypo-IVX1EqjOZ8cpKwlkF8eE7mP1xyaBWN-3S8cDe76AfoRIibHt25PcfTkkGoxWmg7YMhv4THZSFC9z74wiUaM/s1600/Open+in+your+favorite+text+editor.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="22" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg1dyenBEgrauhKi5tzoQzePzY2ZsR3EmFkfwTrhlx6U0sM2IquSRQoypo-IVX1EqjOZ8cpKwlkF8eE7mP1xyaBWN-3S8cDe76AfoRIibHt25PcfTkkGoxWmg7YMhv4THZSFC9z74wiUaM/s320/Open+in+your+favorite+text+editor.png" width="320" /></a></td></tr> <tr><td class="tr-caption" style="text-align: center;">Open the config.ini.php file in your favourite text editor</td></tr> </tbody></table> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCiffFPpQscc9sBn-gdL1_a2y5SjlYeGQOnEWqp1dCGMki6ILub2t0wIfaerIRNNpwgPy-TQrvlk1KvQRNsXYeWVpdwkJwwWWexrWuNMQjJlC8j5PS5edxGg8zEki9FWN1TyoY4fQORIs/s1600/Entering+the+required+values.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="36" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCiffFPpQscc9sBn-gdL1_a2y5SjlYeGQOnEWqp1dCGMki6ILub2t0wIfaerIRNNpwgPy-TQrvlk1KvQRNsXYeWVpdwkJwwWWexrWuNMQjJlC8j5PS5edxGg8zEki9FWN1TyoY4fQORIs/s320/Entering+the+required+values.png" width="320" /></a></td></tr> <tr><td class="tr-caption" style="text-align: center;">Edit the recaptcha public key and private key fields. Here is what I did.</td></tr> </tbody></table> <br /> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcL8NZnXkNBiymmJi45bBYl0WK7ERxyTg8Es_FJdDnjznWHympawAxj6VF9uXiur1jyIuEgrj4FtE8I2BsZYU9K-oPfjLwJ7DHfcwlRLxYHeisDH57AoeOIOulzb6HVMWAPlITfWo4uyM/s1600/Success.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="196" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcL8NZnXkNBiymmJi45bBYl0WK7ERxyTg8Es_FJdDnjznWHympawAxj6VF9uXiur1jyIuEgrj4FtE8I2BsZYU9K-oPfjLwJ7DHfcwlRLxYHeisDH57AoeOIOulzb6HVMWAPlITfWo4uyM/s320/Success.png" width="320" /></a></td></tr> <tr><td class="tr-caption" style="text-align: center;">Now we have a a recaptcha key. One red down, 3 to go.</td></tr> </tbody></table> <br /> <h2> Fixing <span style="color: red;">disabled</span> allow_url_include </h2> <div> We simply have to locate the configuration file and edit the value of the parameter from Off to On.</div> <div> <br /></div> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqCDp5yltLfKtIprpA0soQIYcBMJtR08mFvJiSbvl33JHFLvUmizV-Gx9lKgO8DKGnVIt3E1rDSIs0VYfxmbWCXflJsdGBBt25uf9ISdtmIUUFgRWYCw0_TPCqnI14rGHimShZ2CsaiVw/s1600/Edit+in+favorite+text+editor+as+root.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="60" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqCDp5yltLfKtIprpA0soQIYcBMJtR08mFvJiSbvl33JHFLvUmizV-Gx9lKgO8DKGnVIt3E1rDSIs0VYfxmbWCXflJsdGBBt25uf9ISdtmIUUFgRWYCw0_TPCqnI14rGHimShZ2CsaiVw/s320/Edit+in+favorite+text+editor+as+root.png" width="320" /></a></td></tr> <tr><td class="tr-caption" style="text-align: center;">The php configuration file is located at /opt/lampp/etc/php.ini<br /> Edit it with your favourite text editor, you'll need root privileges (sudo)</td></tr> </tbody></table> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjrbS8BN8yTT5XQgVenZcS0zQMlI4S6RHNC9mhyphenhyphenZ-Uv_AkdRUw7dfj86h3xgb50mmqqZSitt0LIfWWyal9roMb-lAaz0x1SHoZMKHZtBQ7vLXmSYdlAWTAWIc1wQSN59XYIr5KNuTtr_2M/s1600/The+value+is+off.png" imageanchor="1" style="clear: right; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" height="153" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjrbS8BN8yTT5XQgVenZcS0zQMlI4S6RHNC9mhyphenhyphenZ-Uv_AkdRUw7dfj86h3xgb50mmqqZSitt0LIfWWyal9roMb-lAaz0x1SHoZMKHZtBQ7vLXmSYdlAWTAWIc1wQSN59XYIr5KNuTtr_2M/s320/The+value+is+off.png" width="320" /></a></td></tr> <tr><td class="tr-caption" style="text-align: center;">Locate the allow_url_include line by using search feature of your text editor</td></tr> </tbody></table> <div style="text-align: center;"> <br /></div> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiae0yqUpSaWfF3WM1LbFfJkfneSpPLY6jHy9THyjqbMdVr_Eh0N7ehxHkr-Zugafy7bemP1E5HH7fNE_sQEgL2tT8sE8uFqd07slBik7Bc7tcTHlBb3kizsb8nbRI1EFHMalx1dn3dv3E/s1600/Edit+it+to+ON.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="187" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiae0yqUpSaWfF3WM1LbFfJkfneSpPLY6jHy9THyjqbMdVr_Eh0N7ehxHkr-Zugafy7bemP1E5HH7fNE_sQEgL2tT8sE8uFqd07slBik7Bc7tcTHlBb3kizsb8nbRI1EFHMalx1dn3dv3E/s320/Edit+it+to+ON.png" width="320" /></a></td></tr> <tr><td class="tr-caption" style="text-align: center;">Change Off to On </td></tr> </tbody></table> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td style="text-align: center;"><img border="0" height="128" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEix39DFrZDf18AVypccpvPv5-k4CjnXJC5gwSt0QNqPv95TihaLAfQZiFeXoqkuoxNMb2Llhg9kFh6PkKov_ymq9EQK_Y1CRByAkKHYBD-tVh1SP9AqdZrtzzwmJCQKOR6OyKtBSH7QBcg/s320/Restart+XAMPP.png" style="margin-left: auto; margin-right: auto;" width="320" /></td></tr> <tr><td class="tr-caption" style="text-align: center;">Restart the lampp service</td></tr> </tbody></table> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEix39DFrZDf18AVypccpvPv5-k4CjnXJC5gwSt0QNqPv95TihaLAfQZiFeXoqkuoxNMb2Llhg9kFh6PkKov_ymq9EQK_Y1CRByAkKHYBD-tVh1SP9AqdZrtzzwmJCQKOR6OyKtBSH7QBcg/s1600/Restart+XAMPP.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"></a><br /></div> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEix39DFrZDf18AVypccpvPv5-k4CjnXJC5gwSt0QNqPv95TihaLAfQZiFeXoqkuoxNMb2Llhg9kFh6PkKov_ymq9EQK_Y1CRByAkKHYBD-tVh1SP9AqdZrtzzwmJCQKOR6OyKtBSH7QBcg/s1600/Restart+XAMPP.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"></a><br /> <br /> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhuM8o_9Vi3MNpbfeUg5x6bbC_9JUK7K_zRPzCX8UZHsp8rjaByNtTn7tTdjBVhe4PWb9aH7JEmilFZjdPtFpLhkEcfNxoP9Pq4RYTxkkYz2hGF6fYIghmpCnxR_Pb2URD-qNkC-CxH2f0/s1600/Success.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="171" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhuM8o_9Vi3MNpbfeUg5x6bbC_9JUK7K_zRPzCX8UZHsp8rjaByNtTn7tTdjBVhe4PWb9aH7JEmilFZjdPtFpLhkEcfNxoP9Pq4RYTxkkYz2hGF6fYIghmpCnxR_Pb2URD-qNkC-CxH2f0/s320/Success.png" width="320" /></a></td></tr> <tr><td class="tr-caption" style="text-align: center;">Reload page, you'll see that the issue is fixed</td></tr> </tbody></table> <br /> <div> Note: Any other function which is disabled can be enabled in a similar manner. All settings are in the php.ini file. You just need to search for the corresponding line and edit it.</div> <br /> <br /> <br /> <h2> Fixing <span style="color: red;">missing</span> modules</h2> </div> <div> If a module is shown as missing<span style="color: red;"> </span>, then we need to install it. In my case, everything is installed. Most likely, since you are also using XAMPP, everything would be installed. However, if that is not the case, then you have to figure out how to install the modules. If you aren't using XAMPP and did everything manually, then apt-get would be the way to go. Otherwise look at XAMPP's (or whichever bundle you are using) documentation.</div> <div> <br /></div> <div> <h2> Fixing File <span style="color: red;">Ownership</span></h2> We need to give www-data user <b style="text-align: center;">write</b><span style="text-align: center;"> access to two directories. We'll can use chgrp and chmod commands in unison to give only the privileges that are needed, or we could go the lazy way and use chmod 777 (full read, write and execute privileges to everyone). I'm feeling lazy and I'm just gonna go the chmod way. Run the command below-</span></div> <div> <br /> chmod 777 <directory><br /> <br /> Replace directory with the correct directory.<br /> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5TzGdHprHz9lq_wblgxzAn-95kI5_Dzqw2R2i_UPyHvEp0YCb-C2COWzrVj5mojyA04jUAkTV2WCl3zP0MqRDjPWR2lPq4mopg4IRvLOrG7xq0yYP7cGLaK4abTLteND2m915URN80is/s1600/Commands.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="34" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5TzGdHprHz9lq_wblgxzAn-95kI5_Dzqw2R2i_UPyHvEp0YCb-C2COWzrVj5mojyA04jUAkTV2WCl3zP0MqRDjPWR2lPq4mopg4IRvLOrG7xq0yYP7cGLaK4abTLteND2m915URN80is/s320/Commands.png" width="320" /></a></td></tr> <tr><td class="tr-caption" style="text-align: center;">This is the last thing that needs to be done</td></tr> </tbody></table> <br /> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiZmkzLvBfC5vmuZVQKkzuAKeiqMWBH2amI2XxmBI8skBnJtTy0OqC4xvOB5XP8YFcF4uCa8fj9WUdA04gVisipV31Fr-0qJqhFz4c85SU4cHWPg-ZRm14bHUq-q6Scwk97anmnE4W7jA/s1600/Everything+is+green.png" imageanchor="1" style="margin-left: auto; margin-right: auto; text-align: center;"><img border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiZmkzLvBfC5vmuZVQKkzuAKeiqMWBH2amI2XxmBI8skBnJtTy0OqC4xvOB5XP8YFcF4uCa8fj9WUdA04gVisipV31Fr-0qJqhFz4c85SU4cHWPg-ZRm14bHUq-q6Scwk97anmnE4W7jA/s320/Everything+is+green.png" width="320" /></a></td></tr> <tr><td class="tr-caption" style="text-align: center;">Everything is green finally! Also, notice the credentials, we'll need it later.<br /> "admin // password"</td></tr> </tbody></table> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEVn1vP_RXTREkZchGTXlK9yoaOx5seXjvxWUMcbl_tscZL0sx2PFQ2bUGZrFWIgRj-P5PdMYZGYXBbfiPcTa1aglTMOUReQx-SNPBmVxl9esTm0uBINcLOgUvca8P0QQCjYLnpAeXojM/s1600/Successfully+created+tables.png" imageanchor="1" style="margin-left: auto; margin-right: auto; text-align: center;"><img border="0" height="282" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEVn1vP_RXTREkZchGTXlK9yoaOx5seXjvxWUMcbl_tscZL0sx2PFQ2bUGZrFWIgRj-P5PdMYZGYXBbfiPcTa1aglTMOUReQx-SNPBmVxl9esTm0uBINcLOgUvca8P0QQCjYLnpAeXojM/s320/Successfully+created+tables.png" width="320" /></a></td></tr> <tr><td class="tr-caption" style="text-align: center;">Database created. Populated with tables. </td></tr> </tbody></table> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbqDs1nSkljZmhHNgoDi3KLkOERecXW0AnZBdwqt5wc6iUIFVU9TtqdEClJ7auQnFXcWJAkAfq-mgNAQDxluyYfNfdAd2EWHyhgqnruUWrE87mwgN129ZNA-PHLvohhJhm2mfYynqUia4/s1600/Login+screen%252C+finally.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="244" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbqDs1nSkljZmhHNgoDi3KLkOERecXW0AnZBdwqt5wc6iUIFVU9TtqdEClJ7auQnFXcWJAkAfq-mgNAQDxluyYfNfdAd2EWHyhgqnruUWrE87mwgN129ZNA-PHLvohhJhm2mfYynqUia4/s320/Login+screen%252C+finally.png" width="320" /></a></td></tr> <tr><td class="tr-caption" style="font-size: 12.8px;">Finally the damn vulnerable application is running.</td></tr> </tbody></table> The username = "admin" and password is "password" ("admin // password" that we saw three pics ago).</div> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2D1hewrCrql8KbWdA5I-AxieFpJZVCBFXJnvSZgNuVUqN98UqR80BRFuJSVgxToJgFWWYHRfTuiDGlB6un47W0WSnPiUlaE4ASfcP7gyb-23_12Ak2GmOMzUnf2_K3Zb19_peR0Gnftc/s1600/Everything+is+running+perfectly+now.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="202" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2D1hewrCrql8KbWdA5I-AxieFpJZVCBFXJnvSZgNuVUqN98UqR80BRFuJSVgxToJgFWWYHRfTuiDGlB6un47W0WSnPiUlaE4ASfcP7gyb-23_12Ak2GmOMzUnf2_K3Zb19_peR0Gnftc/s320/Everything+is+running+perfectly+now.png" width="320" /></a></td></tr> <tr><td class="tr-caption" style="text-align: center;">Everything is running perfectly. This is the page you should see after successful login.</td></tr> </tbody></table> <div> <br /></div> <div> I'll leave you at the welcome page of DVWA. In the next tutorial, we'll begin proper exploitation of the intentional vulnerabilities, moving from trivial stuff to the really hard stuff. The first two tutorials complete the installation and configuration parts.</div> </span> <script type='text/javascript'>summary("5894302721920428736")</script> <div class='readmore'> <a href='https://www.kalitutorials.net/2017/04/configure-your-web-application.html'><i class='fa fa-arrow-circle-right'></i> Read More</a> </div> <div style='clear: both;'></div> </div> <div class='post-footer'> <div class='post-footer-line post-footer-line-1'> <div style='clear: both;'></div> <div id='related-posts'> <script type='text/javascript'> var currentposturl="https://www.kalitutorials.net/2017/04/configure-your-web-application.html"; var maxresults=3; var relatedpoststitle="<b></b>"; removeRelatedDuplicates_thumbs(); printRelatedLabels_thumbs(); </script> </div> <div style='clear: both;'></div> <div style='clear: both;'></div> <span class='post-author vcard'> Posted by <span class='fn' itemprop='author' itemscope='itemscope' itemtype='http://schema.org/Person'> <meta content='https://www.blogger.com/profile/13202927467352106867' itemprop='url'/> <a class='g-profile' href='https://www.blogger.com/profile/13202927467352106867' rel='author' title='author profile'> <span itemprop='name'>Shashwat</span> </a> </span> </span> <span class='post-timestamp'> at <meta content='https://www.kalitutorials.net/2017/04/configure-your-web-application.html' itemprop='url'/> <a class='timestamp-link' href='https://www.kalitutorials.net/2017/04/configure-your-web-application.html' rel='bookmark' title='permanent link'><abbr class='published' itemprop='datePublished' title='2017-04-04T11:22:00-07:00'>April 04, 2017</abbr></a> </span> <span class='reaction-buttons'> </span> <span class='post-comment-link'> <a class='comment-link' href='https://www.kalitutorials.net/2017/04/configure-your-web-application.html#comment-form' onclick=''> 113 comments: </a> </span> <span class='post-backlinks post-comment-link'> </span> <span class='post-icons'> <span class='item-control blog-admin pid-212260443'> <a href='https://www.blogger.com/post-edit.g?blogID=1987100455892845792&postID=5894302721920428736&from=pencil' title='Edit Post'> <img alt='' class='icon-action' height='18' src='//img2.blogblog.com/img/icon18_edit_allbkg.gif' width='18'/> </a> </span> </span> <div class='post-share-buttons goog-inline-block'> </div> </div> <div class='post-footer-line post-footer-line-2'> <span class='post-labels'> </span> </div> <div class='post-footer-line post-footer-line-3'> <span class='post-location'> </span> </div> </div> </div> </div> <div class='post-outer'> <div class='post hentry'> <div class='entrybody'> <a href='https://www.kalitutorials.net/2017/04/set-up-your-own-web-application.html'><script type='text/javascript'> document.write(bp_thumbnail_resize("https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKFa8m4PNC5dqmRvXOigvteBJqDWDF4RCtIwUn6bo4wywTA3aGgxFBYtpmtd4cvvojsVjeYAK34HbYSS0xFbySOR2RMqAZF4-Z5uxkPBtDOGMk1Tiecoe4QyEm4L0vh0uijdpUCP31VHU/s72-c/DVWA+damn+vulnerable+web+app.jpeg","Set up your own web application pentesting lab")); </script></a></div> <meta content='https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKFa8m4PNC5dqmRvXOigvteBJqDWDF4RCtIwUn6bo4wywTA3aGgxFBYtpmtd4cvvojsVjeYAK34HbYSS0xFbySOR2RMqAZF4-Z5uxkPBtDOGMk1Tiecoe4QyEm4L0vh0uijdpUCP31VHU/s320/DVWA+damn+vulnerable+web+app.jpeg' itemprop='image_url'/> <meta content='1987100455892845792' itemprop='blogId'/> <meta content='6876752670636861744' itemprop='postId'/> <a name='6876752670636861744'></a> <h2 class='post-title entry-title'> <a href='https://www.kalitutorials.net/2017/04/set-up-your-own-web-application.html'>Set up your own web application pentesting lab</a> </h2> <div class='postmeta-primary'> <span class='meta_author'>By <i class='fa fa-user'></i> <a href='https://www.blogger.com/profile/13202927467352106867'> Shashwat</a></span> <span class='meta_date'><i class='fa fa-clock-o'></i> April 04, 2017</span> <span class='meta_labels'><i class='fa fa-folder-open-o'></i> </span> <span><br/><ul><li><a href='http://www.kalitutorials.net/p/disclaimer.html' rel='nofollow'>Disclaimer </a> - TLDR; some stuff here can be used to carry out illegal activity, our intention is, however, to educate</li></ul></span> </div> <div class='post-header-line-1'></div> <div class='post-body entry-content'> <span id='6876752670636861744'><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKFa8m4PNC5dqmRvXOigvteBJqDWDF4RCtIwUn6bo4wywTA3aGgxFBYtpmtd4cvvojsVjeYAK34HbYSS0xFbySOR2RMqAZF4-Z5uxkPBtDOGMk1Tiecoe4QyEm4L0vh0uijdpUCP31VHU/s1600/DVWA+damn+vulnerable+web+app.jpeg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="201" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKFa8m4PNC5dqmRvXOigvteBJqDWDF4RCtIwUn6bo4wywTA3aGgxFBYtpmtd4cvvojsVjeYAK34HbYSS0xFbySOR2RMqAZF4-Z5uxkPBtDOGMk1Tiecoe4QyEm4L0vh0uijdpUCP31VHU/s320/DVWA+damn+vulnerable+web+app.jpeg" width="320" /></a>Without any preface, let me get straight to the point. In this tutorial, we will be installing <a href="http://dvwa.co.uk/" target="_blank">Damn Vulnerable Web Application (DVWA)</a> on a Ubuntu virtual machine. Our attacker machine would be Kali Linux, which is also installed as a virtual machine (or virtual box). The host can be any OS, and doesn't matter since we won't be using it at all. An alternate configuration is when your host is either Kali or Ubuntu, in which case you need only one VM, to install their the other OS. Alternatively, you could just use a single Kali machine both as attacker as well as victim (running the vulnerable application). However, that makes things less realistic.<br /> <br /> <h2> Contents</h2> <div> <ol> <li>Pre-requisites</li> <li>Installing DVWA</li> </ol> Disclaimer : No cool stuff in this tutorial, just straightforward installation.<br /> <br /> <h2> Pre-requisites</h2> </div> <div> You need to have Kali Linux (rolling release) and Ubuntu (I'm using 16.04) up and running. If you aren't familiar with virtual machines and stuff, then take a break of a few days, get familiar with them, install and run a few Linux (any flavour) VMs, drink some coffee, etc. Once you're comfortable with virtual machines (and have Kali & Ubuntu up nd running), proceed onward.</div> <div> <br /></div> <div> You also need some minimal knowledge of linux, networking, and web applications. As an exercise, you could try getting some free web host (a pathetic one will suffice, since you are only doing this for learning and won't need anyone to use your website), and deploy a wordpress site. Tinker around the website, install themes and stuff to get a feel for it. Then, go one step further and deploy a wordpress instance on your linux virtual machine. This time, don't use the wordpress UI to do things, but instead try and figure out stuff manually. Install themes, modules, etc. on your own by placing them in the correct directory. Just tinker away, in short, till you have some level of familiarity with web applications.<br /> <br /> Now, you are familiar with web apps, virtual machines, and linux (not networking though). The task above were pretty simple but for now you can move ahead with the tutorial with the given amount of expertise. Also, the pre-reqs listed above are for the entire web pentesting series, and <b>most probably you'll be able to follow this tutorial without completing some of them, since this is the first and very basic installation tutorial.</b></div> <br /> <div> Important: Make sure you use the same version of stuff as me. This will avoid scenarios where our systems behave differently (in which case you'll have to use google-fu to figure our how to deal with unexpected stuff happening).<br /> <br /> Ubuntu Version - 16.04.1 LTS<br /> XAMPP Version - 7.1.1 (you'll install this later in the tut)</div> <div> <br /></div> <h2> Installing DVWA</h2> <div> This is a fairly simple procedure.  Below are screenshots with explanation. At the end of the tutorial, I have listed commands that you need to type to get all this done (you can simply copy paste the commands). The unnecessary steps are not present in list of commands (in screenshots they are there to enhance your understanding oh what's going on).<br /> <br /> Overview-<br /> <br /> <ol> <li>First we will download DVWA.</li> <li>Then we read it's doc and find out what to do.</li> <li>After reading doc, we realize we need to install XAMPP, we do that.</li> <li>After installing XAMPP, we test if it works by starting it and opening localhost on our machine.</li> <li>Once we're sure that XAMPP works, we will proceed and copy DVWA files to htdocs folder of XAMPP.</li> <li>Now we check if localhost/DVWA-master leads us to the vulnerable app. If it does, then we did everything right.</li> </ol> </div> <div> <br /></div> <div> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiaykIKdq5TRskrm6KIIjXdFtp62fH97esG2oPojOZkSZwxwy5wPkYbZbQRxC2vxXdR84xUIB80Gf_4j_KsIU6593GKNjYmZgR07GBG-wfDNKJ94yvHU71y6MbGwDqs4saUHz3X-xVTHgQ/s1600/Open+dvwa+website+on+browser.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="214" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiaykIKdq5TRskrm6KIIjXdFtp62fH97esG2oPojOZkSZwxwy5wPkYbZbQRxC2vxXdR84xUIB80Gf_4j_KsIU6593GKNjYmZgR07GBG-wfDNKJ94yvHU71y6MbGwDqs4saUHz3X-xVTHgQ/s320/Open+dvwa+website+on+browser.png" width="320" /></a></td></tr> <tr><td class="tr-caption" style="text-align: center;">Open <a href="http://dvwa.co.uk/" target="_blank">Damn Vulnerable Web App website</a> in your browser. Click on download. You'll get an archive, extract it.</td></tr> </tbody></table> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhjqZPDpO4JiLZcJpyQssGKR4jVT3ObuPtm0HK4pACeYENKDKRtVp688s-3T_WLP6D6UfEKfr58PEbuAHt2OjB90_fL0kjngVQxRiw_ZsO3XCfmUrqw6VeQsaCLHgaVTAIXS7AJd3l12iE/s1600/Get+a+lay+of+the+land.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="88" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhjqZPDpO4JiLZcJpyQssGKR4jVT3ObuPtm0HK4pACeYENKDKRtVp688s-3T_WLP6D6UfEKfr58PEbuAHt2OjB90_fL0kjngVQxRiw_ZsO3XCfmUrqw6VeQsaCLHgaVTAIXS7AJd3l12iE/s320/Get+a+lay+of+the+land.png" width="320" /></a></td></tr> <tr><td class="tr-caption" style="text-align: center;">Navigate to the extracted archive. Get a lay of the land. You'll find that there is documentation available in docs folder.</td></tr> </tbody></table> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEir_9Ry6P9vdPKnjAyUGd6-ng9F_U8gDYaN5C5kBvcrWMmh4NrIGScTMiGhR6sbVnTfje9c5QrU6aWkRVXHV6EZxMKMvTrMFv6AqSFV1DcsGW3MxdeG2JbaBRUYqFbbK1PaWoq1Ep_HxyY/s1600/Read+the+instructions.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="205" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEir_9Ry6P9vdPKnjAyUGd6-ng9F_U8gDYaN5C5kBvcrWMmh4NrIGScTMiGhR6sbVnTfje9c5QrU6aWkRVXHV6EZxMKMvTrMFv6AqSFV1DcsGW3MxdeG2JbaBRUYqFbbK1PaWoq1Ep_HxyY/s320/Read+the+instructions.png" width="320" /></a></td></tr> <tr><td class="tr-caption" style="text-align: center;">Here is the relevant section of the documentation. We need to install XAMPP. You can get it to work<br /> with any other equivalent software bundle, but for ease, let's stick to the recommended way.</td></tr> </tbody></table> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhugWUkryqFHk45xhWj9eSjLba-6hWoqXs05tpP7y_5c5R3T8rwlitjpVXk0TumjnsnjyCyjWcjDH-VHz53KJXfKL9YdVQIXHdSRBmi_LU4_gRob-ioG9q3_1oNZ2inxPfcOhtteZ1kMCo/s1600/Download+XAMPP.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="207" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhugWUkryqFHk45xhWj9eSjLba-6hWoqXs05tpP7y_5c5R3T8rwlitjpVXk0TumjnsnjyCyjWcjDH-VHz53KJXfKL9YdVQIXHdSRBmi_LU4_gRob-ioG9q3_1oNZ2inxPfcOhtteZ1kMCo/s320/Download+XAMPP.png" width="320" /></a></td></tr> <tr><td class="tr-caption" style="text-align: center;">Proceed to <a href="https://www.apachefriends.org/download.html" target="_blank">download the XAMPP bundle</a>. I went with the latest version (going with latest version<br /> poses a slight problem for us, while DVWA is flawed, our PHP version is perfectly patched. For now, let's<br /> ignore this. If this cause hinderance at a later stage, then we'll deal with it)</td></tr> </tbody></table> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQCzJVrNybLImwNFJzWXamgWDO6d9ahRmm5Y1q3Z_KX2ImIr_SbkXLN7Gs27jpmsUzEG7q174_DekwqGHFHoWle9jMcS41q2Ujl8I0TjddODvP85G1QxigHrikYGQq062PI8N3iLHdw94/s1600/Run+installer.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="41" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQCzJVrNybLImwNFJzWXamgWDO6d9ahRmm5Y1q3Z_KX2ImIr_SbkXLN7Gs27jpmsUzEG7q174_DekwqGHFHoWle9jMcS41q2Ujl8I0TjddODvP85G1QxigHrikYGQq062PI8N3iLHdw94/s320/Run+installer.png" width="320" /></a></td></tr> <tr><td class="tr-caption" style="text-align: center;">Navigate to downloads directory and run the installer for XAMPP</td></tr> </tbody></table> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjVgTbwo_G8xBVsfS2Z_8P2DoPYEY6d24fHchbINyfB721Hf_cVaK71JaQwHlxpslZGGn38fezj_XwIas2ghenzbciA1T1h8CLsewNUtLC_QN56PEuaDxXJKbuNiH_-7F6XZP6OjyAR1fA/s1600/Encounter+error.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="126" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjVgTbwo_G8xBVsfS2Z_8P2DoPYEY6d24fHchbINyfB721Hf_cVaK71JaQwHlxpslZGGn38fezj_XwIas2ghenzbciA1T1h8CLsewNUtLC_QN56PEuaDxXJKbuNiH_-7F6XZP6OjyAR1fA/s320/Encounter+error.png" width="320" /></a></td></tr> <tr><td class="tr-caption" style="text-align: center;">Realise that you forgot to run the installer as root! (kudos if you ran as root and didn't make the<br /> same mistake as me)</td></tr> </tbody></table> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-3wTT0XEnxZtkVlML7-aeEm0-hvjNhFufS6pgDhdXHlOyzNEhHW-4zw3vbxGzOSJ5M74mPoHPF2YayLbIhBAVvFtcXYg4bJCEmYggRCgsqhCA-HZK3EVvksK6uuQ-N6eu_9xt6KvMZlc/s1600/Run+installer+again%252C+as+root.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="22" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-3wTT0XEnxZtkVlML7-aeEm0-hvjNhFufS6pgDhdXHlOyzNEhHW-4zw3vbxGzOSJ5M74mPoHPF2YayLbIhBAVvFtcXYg4bJCEmYggRCgsqhCA-HZK3EVvksK6uuQ-N6eu_9xt6KvMZlc/s320/Run+installer+again%252C+as+root.png" width="320" /></a></td></tr> <tr><td class="tr-caption" style="text-align: center;">Run installer as root</td></tr> </tbody></table> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBFzQlXG1OpPKtNCLAgMuC_1EhLcb71QXt2NV-sfdeask6p3RIuZAQak_uaQteIvUSq3eiLo0E2vee_VR7JMIkMLxgdddBlcebJKWstFIdt-uHssu3yCjTO4qxnN8NrRdm0gTGlPyj384/s1600/Complete+simple+wizard.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="270" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBFzQlXG1OpPKtNCLAgMuC_1EhLcb71QXt2NV-sfdeask6p3RIuZAQak_uaQteIvUSq3eiLo0E2vee_VR7JMIkMLxgdddBlcebJKWstFIdt-uHssu3yCjTO4qxnN8NrRdm0gTGlPyj384/s320/Complete+simple+wizard.png" width="320" /></a></td></tr> <tr><td class="tr-caption" style="text-align: center;">It's a simple installer. You'd know what to do.</td></tr> </tbody></table> <br /> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEsMlZz_hvHj9MbWcF2dZuquiZBJFYmlWg-Xp4_kl-G-TDikTAVGZfWG3eg-m9GWbRjnpt7XYJmCr_iG49CEqdBKphNVWbbFwayR8L-J4ck4MjTzDwiGwfM5Ly1oVne3sLdFYR_mVZQCk/s1600/Wait+for+it+to+finish.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="270" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEsMlZz_hvHj9MbWcF2dZuquiZBJFYmlWg-Xp4_kl-G-TDikTAVGZfWG3eg-m9GWbRjnpt7XYJmCr_iG49CEqdBKphNVWbbFwayR8L-J4ck4MjTzDwiGwfM5Ly1oVne3sLdFYR_mVZQCk/s320/Wait+for+it+to+finish.png" width="320" /></a></td></tr> <tr><td class="tr-caption" style="text-align: center;">Wait for it to finish.</td></tr> </tbody></table> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTcnAG6pZVwHKdCIs2UEhwuC6KkEfJMzS5A4V5Xm2UvuSau0HcCW5sPQSWvkk5YfUnSfq7NY2E5LC8BvpEiU2CGje_6WDy6SO05NvlwkE4O0tYyqSopBzDkJF2OGpPEEmr37nSvo9BhgA/s1600/Start+XAMPP+server.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="79" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTcnAG6pZVwHKdCIs2UEhwuC6KkEfJMzS5A4V5Xm2UvuSau0HcCW5sPQSWvkk5YfUnSfq7NY2E5LC8BvpEiU2CGje_6WDy6SO05NvlwkE4O0tYyqSopBzDkJF2OGpPEEmr37nSvo9BhgA/s320/Start+XAMPP+server.png" width="320" /></a></td></tr> <tr><td class="tr-caption" style="text-align: center;">Start the XAMPP server (note that the directory is lampp in linux systems)</td></tr> </tbody></table> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWS-rHORkIOOuewg3TRYcZiF71KKyECHaB6h4mfAjbeOwAh9BwIsXu0YgFWGRxE2SSbGUTNMh3cDyhlp4eDI7VIIH_XXB6X5oMfMfsTdmcAwJeAEsON2OJEWNVLgezR5qDfqKsPcFsEp4/s1600/Check+server.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="222" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWS-rHORkIOOuewg3TRYcZiF71KKyECHaB6h4mfAjbeOwAh9BwIsXu0YgFWGRxE2SSbGUTNMh3cDyhlp4eDI7VIIH_XXB6X5oMfMfsTdmcAwJeAEsON2OJEWNVLgezR5qDfqKsPcFsEp4/s320/Check+server.png" width="320" /></a></td></tr> <tr><td class="tr-caption" style="text-align: center;">Check if your server is running by typing 127.0.0.1 or localhost on your browser. XAMPP is now up<br /> and running properly. Let's run our vulnerable app on XAMPP now.</td></tr> </tbody></table> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEik-N3gyM5YMQJJOG4nwcLcKIWXURMhxzOPM0MXYMgYbJeuy4N6BoQxv8jHE2_qJd_HigCD3dUO9bIbaTtKxBo5y7-QYmqTD8jHQFT7Qz_FMzahirzUeyukEuOOD52WUiGFZuk5h5I_mpY/s1600/Move+the+contents+to+correct+directory.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="51" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEik-N3gyM5YMQJJOG4nwcLcKIWXURMhxzOPM0MXYMgYbJeuy4N6BoQxv8jHE2_qJd_HigCD3dUO9bIbaTtKxBo5y7-QYmqTD8jHQFT7Qz_FMzahirzUeyukEuOOD52WUiGFZuk5h5I_mpY/s320/Move+the+contents+to+correct+directory.png" width="320" /></a></td></tr> <tr><td class="tr-caption" style="text-align: center;">As suggested by the documentation, we simply move our folder into the htdocs directory.</td></tr> </tbody></table> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody> <tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJ9IX8ybgXTuxJs3RxntyMxa9VM_gaAwh03LpwsQDNRnTW5ybmvnun3Mg2oSzqbPkMMAD_fHFavEZV0uo0Kvnp9UQ7o-gjWUyV-Pv4LBNWwwfxMMmT7cNFRvDTTtd4fdszj7J-xclnRPM/s1600/DVWA+works+fine.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="234" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJ9IX8ybgXTuxJs3RxntyMxa9VM_gaAwh03LpwsQDNRnTW5ybmvnun3Mg2oSzqbPkMMAD_fHFavEZV0uo0Kvnp9UQ7o-gjWUyV-Pv4LBNWwwfxMMmT7cNFRvDTTtd4fdszj7J-xclnRPM/s320/DVWA+works+fine.png" width="320" /></a></td></tr> <tr><td class="tr-caption" style="text-align: center;">Open the localhost/DVWA-master URL and you'll see that everything works as expected. Our initial<br /> setup is successfully done.</td></tr> </tbody></table> There is still further configuration to be done, but I don't want to extend the tutorial any further. After the next section, there is link to part 2 of this series.<br /> <br /> <h3> Commands</h3> For below commands to work, ensure the following-<br /> <br /> <ul> <li>xampp-linux-x64-<span style="color: #666666;">VERSION</span>-installer.run - this file downloaded and is located in Downloads folder</li> <li>DWVA-master directory is located in home folder (the archive to be downloaded and extracted to obtain this directory).</li> <li>Replace <span style="color: #666666;">VERSION</span> with the version you have downloaded (7.1.1.0 in my case)</li> </ul> <div> Here are the commands-</div> <br /> <br /> <ol> <li>cd ~/Downloads</li> <li>chmod a+x xampp-linux-x64-<span style="color: #666666;">VERSION</span>-installer.run</li> <li>cd ~</li> <li>sudo ./xampp-linux-x64-<span style="color: #666666;">VERSION</span>-installer.run</li> <li>sudo mv ~/DWVA-master/ /opt/lampp/htdocs/</li> </ol> <br /> Part 2 : fixing the problems and finishing the configuration. Here's the link -<br /> <h2> <a href="http://www.kalitutorials.net/2017/04/configure-your-web-application.html" target="_blank">Configuring DVWA</a></h2> <br /> <h3> Extras</h3> <br /> <ol> <li>Read about localhost (what does this URL signify - 127.0.0.1)</li> <li>Commands used - ls, cd, mv, sudo. Use man pages to find out what these mean (eg. type <b>man mv</b> into the terminal)</li> </ol> <br /> <br /></div> </span> <script type='text/javascript'>summary("6876752670636861744")</script> <div class='readmore'> <a href='https://www.kalitutorials.net/2017/04/set-up-your-own-web-application.html'><i class='fa fa-arrow-circle-right'></i> Read More</a> </div> <div style='clear: both;'></div> </div> <div class='post-footer'> <div class='post-footer-line post-footer-line-1'> <div style='clear: both;'></div> <div id='related-posts'> <script type='text/javascript'> var currentposturl="https://www.kalitutorials.net/2017/04/set-up-your-own-web-application.html"; var maxresults=3; var relatedpoststitle="<b></b>"; removeRelatedDuplicates_thumbs(); printRelatedLabels_thumbs(); </script> </div> <div style='clear: both;'></div> <div style='clear: both;'></div> <span class='post-author vcard'> Posted by <span class='fn' itemprop='author' itemscope='itemscope' itemtype='http://schema.org/Person'> <meta content='https://www.blogger.com/profile/13202927467352106867' itemprop='url'/> <a class='g-profile' href='https://www.blogger.com/profile/13202927467352106867' rel='author' title='author profile'> <span itemprop='name'>Shashwat</span> </a> </span> </span> <span class='post-timestamp'> at <meta content='https://www.kalitutorials.net/2017/04/set-up-your-own-web-application.html' itemprop='url'/> <a class='timestamp-link' href='https://www.kalitutorials.net/2017/04/set-up-your-own-web-application.html' rel='bookmark' title='permanent link'><abbr class='published' itemprop='datePublished' title='2017-04-04T06:18:00-07:00'>April 04, 2017</abbr></a> </span> <span class='reaction-buttons'> </span> <span class='post-comment-link'> <a class='comment-link' href='https://www.kalitutorials.net/2017/04/set-up-your-own-web-application.html#comment-form' onclick=''> 89 comments: </a> </span> <span class='post-backlinks post-comment-link'> </span> <span class='post-icons'> <span class='item-control blog-admin pid-212260443'> <a href='https://www.blogger.com/post-edit.g?blogID=1987100455892845792&postID=6876752670636861744&from=pencil' title='Edit Post'> <img alt='' class='icon-action' height='18' src='//img2.blogblog.com/img/icon18_edit_allbkg.gif' width='18'/> </a> </span> </span> <div class='post-share-buttons goog-inline-block'> </div> </div> <div class='post-footer-line post-footer-line-2'> <span class='post-labels'> </span> </div> <div class='post-footer-line post-footer-line-3'> <span class='post-location'> </span> </div> </div> </div> </div> </div></div> <div class="date-outer"> <h2 class='date-header'><span>Sunday, March 19, 2017</span></h2> <div class="date-posts"> <div class='post-outer'> <div class='post hentry'> <div class='entrybody'> <a href='https://www.kalitutorials.net/2017/03/stay-anonymous-while-hacking-online.html'><script type='text/javascript'> document.write(bp_thumbnail_resize("https://3.bp.blogspot.com/-Fkj35MJcYu4/WM7VYqskUpI/AAAAAAAAFTU/xVHGTw-RYCgexj3iP9EqFtJ8Spw4AekjQCLcB/s72-c/artsfon.com-8358.jpg","Stay anonymous while hacking online using TOR and Proxychains")); </script></a></div> <meta content='https://3.bp.blogspot.com/-Fkj35MJcYu4/WM7VYqskUpI/AAAAAAAAFTU/xVHGTw-RYCgexj3iP9EqFtJ8Spw4AekjQCLcB/s320/artsfon.com-8358.jpg' itemprop='image_url'/> <meta content='1987100455892845792' itemprop='blogId'/> <meta content='7274341584167589407' itemprop='postId'/> <a name='7274341584167589407'></a> <h2 class='post-title entry-title'> <a href='https://www.kalitutorials.net/2017/03/stay-anonymous-while-hacking-online.html'>Stay anonymous while hacking online using TOR and Proxychains</a> </h2> <div class='postmeta-primary'> <span class='meta_author'>By <i class='fa fa-user'></i> <a href=''> Anonymous</a></span> <span class='meta_date'><i class='fa fa-clock-o'></i> March 19, 2017</span> <span class='meta_labels'><i class='fa fa-folder-open-o'></i> <a href='https://www.kalitutorials.net/search/label/anonymity' rel='tag'>anonymity</a>, <a href='https://www.kalitutorials.net/search/label/anonymous' rel='tag'>anonymous</a>, <a href='https://www.kalitutorials.net/search/label/hacking%20with%20kali%20linux' rel='tag'>hacking with kali linux</a>, <a href='https://www.kalitutorials.net/search/label/hide%20your%20ip' rel='tag'>hide your ip</a>, <a href='https://www.kalitutorials.net/search/label/Kali%202.0' rel='tag'>Kali 2.0</a>, <a href='https://www.kalitutorials.net/search/label/Kali%20Basics%20Tutorials' rel='tag'>Kali Basics Tutorials</a>, <a href='https://www.kalitutorials.net/search/label/kali%20linux' rel='tag'>kali linux</a>, <a href='https://www.kalitutorials.net/search/label/kali%20tutorials' rel='tag'>kali tutorials</a>, <a href='https://www.kalitutorials.net/search/label/proxychains' rel='tag'>proxychains</a>, <a href='https://www.kalitutorials.net/search/label/tor' rel='tag'>tor</a></span> <span><br/><ul><li><a href='http://www.kalitutorials.net/p/disclaimer.html' rel='nofollow'>Disclaimer </a> - TLDR; some stuff here can be used to carry out illegal activity, our intention is, however, to educate</li></ul></span> </div> <div class='post-header-line-1'></div> <div class='post-body entry-content'> <span id='7274341584167589407'><div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> <a href="https://3.bp.blogspot.com/-Fkj35MJcYu4/WM7VYqskUpI/AAAAAAAAFTU/xVHGTw-RYCgexj3iP9EqFtJ8Spw4AekjQCLcB/s1600/artsfon.com-8358.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="180" src="https://3.bp.blogspot.com/-Fkj35MJcYu4/WM7VYqskUpI/AAAAAAAAFTU/xVHGTw-RYCgexj3iP9EqFtJ8Spw4AekjQCLcB/s320/artsfon.com-8358.jpg" width="320" /></a></div> <br /> In this tutorial we will guide you how to stay anonymous while hacking online using TOR and Proxychains. Hiding your ass while hacking is easy just require some configuration which we will gonna see in this tutorial. Just follow this as shown.<br /> <br /> <br /> <br /> <br /> <br /> <h3 style="text-align: left;"> First thing First!!!!</h3> <h2 style="text-align: left;"> TOR</h2> <div> Tor is software and an open network that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy. It gives you access to the dark web.</div> <div> <br /></div> <div> Dark web is nothing but the encrypted network that exists between tor servers and their clients.</div> <div> <br /></div> <div> For more detail : https://www.torproject.org/</div> <div> <br /></div> <h2 style="text-align: left;"> PROXYCHAINS</h2> <div> <div> A tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy. </div> <div> <br /></div> <div> Supported auth-types: "user/pass" for SOCKS4/5, "basic" for HTTP.</div> </div> <div> <br /></div> <h3 style="text-align: left;"> Lets start!</h3> <div> <br /></div> <div style="height: 0; padding-bottom: 56.25%; position: relative;"> <iframe allowfullscreen="" frameborder="0" height="295" src="https://www.youtube.com/embed/0NmeRddCBqg?ecver=2" style="height: 100%; left: 0; position: absolute; width: 100%;" width="485"></iframe></div> <div> <br /></div> <div> <br /> <h3 style="text-align: left;"> STEPS:</h3> </div> <div> 1. Open kali linux terminal and type</div> <div> <blockquote class="tr_bq"> root@kali:-# sudo apt-get install tor proxychains</blockquote> <blockquote class="tr_bq"> root@kali:-# sudo service tor start</blockquote> <blockquote class="tr_bq"> root@kali:-# gedit /etc/proxychains.conf</blockquote> Go to http://proxylist.hidemyass.com/ . Select one ip and add as shown :<br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://1.bp.blogspot.com/-bZJETR9kj_U/WM7L0PeDxEI/AAAAAAAAFS4/hKwOrJ4Bsh4WYf6oZkipIMR94Rkr3Qm8wCEw/s1600/Screenshot%2B%252831%2529.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="263" src="https://1.bp.blogspot.com/-bZJETR9kj_U/WM7L0PeDxEI/AAAAAAAAFS4/hKwOrJ4Bsh4WYf6oZkipIMR94Rkr3Qm8wCEw/s320/Screenshot%2B%252831%2529.png" width="320" /></a></div> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <blockquote class="tr_bq"> root@kali:-# proxychains wget http://ipinfo.io/ip -qO-</blockquote> <br /> That's it! Now you can use proxychains with any sort of command.<br /> <br />  Example:<br /> <blockquote class="tr_bq"> root@kali:-# proxychains sqlmap -u http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15 --dbs</blockquote> <br /> ############################################<br /> # Full Hacking Course at Huge Discount: <a href="https://hacking-school.teachable.com/p/ethical-hacking-bootcamp" target="_blank">Click Here</a> #<br /> ###########################################<br /> <br /></div> <div> <br /></div> <div> <br /></div> </div> </span> <script type='text/javascript'>summary("7274341584167589407")</script> <div class='readmore'> <a href='https://www.kalitutorials.net/2017/03/stay-anonymous-while-hacking-online.html'><i class='fa fa-arrow-circle-right'></i> Read More</a> </div> <div style='clear: both;'></div> </div> <div class='post-footer'> <div class='post-footer-line post-footer-line-1'> <div style='clear: both;'></div> <div id='related-posts'> <script type='text/javascript'> var currentposturl="https://www.kalitutorials.net/2017/03/stay-anonymous-while-hacking-online.html"; var maxresults=3; var relatedpoststitle="<b></b>"; removeRelatedDuplicates_thumbs(); printRelatedLabels_thumbs(); </script> </div> <div style='clear: both;'></div> <div style='clear: both;'></div> <span class='post-author vcard'> Posted by <span class='fn' itemprop='author' itemscope='itemscope' itemtype='http://schema.org/Person'> <span itemprop='name'>Anonymous</span> </span> </span> <span class='post-timestamp'> at <meta content='https://www.kalitutorials.net/2017/03/stay-anonymous-while-hacking-online.html' itemprop='url'/> <a class='timestamp-link' href='https://www.kalitutorials.net/2017/03/stay-anonymous-while-hacking-online.html' rel='bookmark' title='permanent link'><abbr class='published' itemprop='datePublished' title='2017-03-19T11:56:00-07:00'>March 19, 2017</abbr></a> </span> <span class='reaction-buttons'> </span> <span class='post-comment-link'> <a class='comment-link' href='https://www.kalitutorials.net/2017/03/stay-anonymous-while-hacking-online.html#comment-form' onclick=''> 90 comments: </a> </span> <span class='post-backlinks post-comment-link'> </span> <span class='post-icons'> <span class='item-control blog-admin pid-1207769824'> <a href='https://www.blogger.com/post-edit.g?blogID=1987100455892845792&postID=7274341584167589407&from=pencil' title='Edit Post'> <img alt='' class='icon-action' height='18' src='//img2.blogblog.com/img/icon18_edit_allbkg.gif' width='18'/> </a> </span> </span> <div class='post-share-buttons goog-inline-block'> </div> </div> <div class='post-footer-line post-footer-line-2'> <span class='post-labels'> Labels: <a href='https://www.kalitutorials.net/search/label/anonymity' rel='tag'>anonymity</a>, <a href='https://www.kalitutorials.net/search/label/anonymous' rel='tag'>anonymous</a>, <a href='https://www.kalitutorials.net/search/label/hacking%20with%20kali%20linux' rel='tag'>hacking with kali linux</a>, <a href='https://www.kalitutorials.net/search/label/hide%20your%20ip' rel='tag'>hide your ip</a>, <a href='https://www.kalitutorials.net/search/label/Kali%202.0' rel='tag'>Kali 2.0</a>, <a href='https://www.kalitutorials.net/search/label/Kali%20Basics%20Tutorials' rel='tag'>Kali Basics Tutorials</a>, <a href='https://www.kalitutorials.net/search/label/kali%20linux' rel='tag'>kali linux</a>, <a href='https://www.kalitutorials.net/search/label/kali%20tutorials' rel='tag'>kali tutorials</a>, <a href='https://www.kalitutorials.net/search/label/proxychains' rel='tag'>proxychains</a>, <a href='https://www.kalitutorials.net/search/label/tor' rel='tag'>tor</a> </span> </div> <div class='post-footer-line post-footer-line-3'> <span class='post-location'> </span> </div> </div> </div> </div> </div></div> <div class="date-outer"> <h2 class='date-header'><span>Saturday, February 25, 2017</span></h2> <div class="date-posts"> <div class='post-outer'> <div class='post hentry'> <div class='entrybody'> <a href='https://www.kalitutorials.net/2017/02/install-kali-linux-on-raspberry-pi-3.html'><script type='text/javascript'> document.write(bp_thumbnail_resize("https://2.bp.blogspot.com/-KwomAKpwrLg/WLHmSdvP8gI/AAAAAAAAFQE/t6KUDLjSyTEYhz-hpra8aszHhvOzh4ciACLcB/s72-c/raspberry%2Bpi%2Bhacking.jpg","Install Kali Linux On Raspberry Pi 3 : Creation of a Hacking Machine")); </script></a></div> <meta content='https://2.bp.blogspot.com/-KwomAKpwrLg/WLHmSdvP8gI/AAAAAAAAFQE/t6KUDLjSyTEYhz-hpra8aszHhvOzh4ciACLcB/s400/raspberry%2Bpi%2Bhacking.jpg' itemprop='image_url'/> <meta content='1987100455892845792' itemprop='blogId'/> <meta content='2429839531516358658' itemprop='postId'/> <a name='2429839531516358658'></a> <h2 class='post-title entry-title'> <a href='https://www.kalitutorials.net/2017/02/install-kali-linux-on-raspberry-pi-3.html'>Install Kali Linux On Raspberry Pi 3 : Creation of a Hacking Machine</a> </h2> <div class='postmeta-primary'> <span class='meta_author'>By <i class='fa fa-user'></i> <a href=''> Anonymous</a></span> <span class='meta_date'><i class='fa fa-clock-o'></i> February 25, 2017</span> <span class='meta_labels'><i class='fa fa-folder-open-o'></i> <a href='https://www.kalitutorials.net/search/label/install%20kali%20linux%20on%20raspberry%20pi' rel='tag'>install kali linux on raspberry pi</a>, <a href='https://www.kalitutorials.net/search/label/kali%20linux%20on%20raspberry%20pi' rel='tag'>kali linux on raspberry pi</a>, <a href='https://www.kalitutorials.net/search/label/raspberry%20pi' rel='tag'>raspberry pi</a>, <a href='https://www.kalitutorials.net/search/label/raspberry%20pi%203' rel='tag'>raspberry pi 3</a></span> <span><br/><ul><li><a href='http://www.kalitutorials.net/p/disclaimer.html' rel='nofollow'>Disclaimer </a> - TLDR; some stuff here can be used to carry out illegal activity, our intention is, however, to educate</li></ul></span> </div> <div class='post-header-line-1'></div> <div class='post-body entry-content'> <span id='2429839531516358658'><div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://2.bp.blogspot.com/-KwomAKpwrLg/WLHmSdvP8gI/AAAAAAAAFQE/t6KUDLjSyTEYhz-hpra8aszHhvOzh4ciACLcB/s1600/raspberry%2Bpi%2Bhacking.jpg" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="225" src="https://2.bp.blogspot.com/-KwomAKpwrLg/WLHmSdvP8gI/AAAAAAAAFQE/t6KUDLjSyTEYhz-hpra8aszHhvOzh4ciACLcB/s400/raspberry%2Bpi%2Bhacking.jpg" width="400" /></a></div> <br /> <br /> In this tutorial, we will tell you how to install kali Linux on raspberry pi 3. Raspberry pi is a single board small computer which is portable as well. Raspberry pi 3 is the third generation Raspberry Pi. It will cost you around $35-$40 (totally worth it). It will come with handy <a href="https://arstechnica.com/information-technology/2015/02/raspberry-pi-2-arrives-with-quad-core-cpu-1gb-ram-same-35-price/" rel="nofollow" target="_blank">specs</a>.<br /> <br /> <br /> <br /> <br /> <h2 style="text-align: left;"> INSTALLATION REQUIREMENTS : </h2> <div> <ul style="text-align: left;"> <li>Raspberry Pi :<a href="https://www.amazon.in/gp/product/B01CD5VC92/ref=as_li_tl?ie=UTF8&camp=3638&creative=24630&creativeASIN=B01CD5VC92&linkCode=as2&tag=ayush0c1-21&linkId=35be945fcd3008a4bb90e1fd620fdd31" target="_blank">Raspberry Pi Model B RASP-PI-3 Motherboard</a><img alt="" border="0" height="1" src="//ir-in.amazon-adsystem.com/e/ir?t=ayush0c1-21&l=am2&o=31&a=B01CD5VC92" style="border: none !important; margin: 0px !important;" width="1" /></li> <li>SD CARD : <a href="https://www.amazon.in/gp/product/B007HJPBME/ref=as_li_tl?ie=UTF8&camp=3638&creative=24630&creativeASIN=B007HJPBME&linkCode=as2&tag=ayush0c1-21&linkId=80187c438c7a75005e0b538393593ca1" target="_blank">Samsung Evo 16GB Class 10 micro SDHC Card (MB-MP16D/IN)</a><img alt="" border="0" height="1" src="//ir-in.amazon-adsystem.com/e/ir?t=ayush0c1-21&l=am2&o=31&a=B007HJPBME" style="border: none !important; margin: 0px !important;" width="1" /></li> <li>Ethernet Cable : <a href="https://www.amazon.in/gp/product/B00RQFSWC0/ref=as_li_tl?ie=UTF8&camp=3638&creative=24630&creativeASIN=B00RQFSWC0&linkCode=as2&tag=ayush0c1-21&linkId=bd54db64e616a9a8d76fa73e70f69233" target="_blank">Patch Cord 1.5 Meter Network Ethernet Cable RJ45 and lan cable</a><img alt="" border="0" height="1" src="//ir-in.amazon-adsystem.com/e/ir?t=ayush0c1-21&l=am2&o=31&a=B00RQFSWC0" style="border: none !important; margin: 0px !important;" width="1" /></li> <li>Data cable</li> </ul> <h2 style="text-align: left;"> DOWNLOAD LINKS :</h2> </div> <div> <div> <ul style="text-align: left;"> <li><a href="http://www.putty.org/" target="_blank">Putty</a></li> <li><a href="https://www.offensive-security.com/kali-linux-arm-images/" target="_blank">Kali Linux Image</a></li> <li><a href="https://sourceforge.net/projects/xming/" target="_blank">XMing</a></li> <li><a href="https://sourceforge.net/projects/win32diskimager/" target="_blank">Win32DiskImager</a></li> </ul> </div> </div> <h2 style="text-align: left;"> </h2> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="" class="YOUTUBE-iframe-video" data-thumbnail-src="https://i.ytimg.com/vi/YhYBMgAzRQA/0.jpg" frameborder="0" height="300" src="https://www.youtube.com/embed/YhYBMgAzRQA?feature=player_embedded" width="500"></iframe></div> <h2 style="text-align: left;"> STEPS:</h2> <div> <span style="font-size: x-small;">  Note: Below ( ) are used to mention the time in the video.</span></div> <div> <span style="font-size: x-small;"><br /></span></div> <div> <div> 1. Download all files from the above links.</div> <div> <br /></div> <div> 2. Insert SD CARD and open Win32DiskImager . Locate your kali linux image file and sd card. Hit        write. </div> <div> <br /></div> <div> 3. After the writing process is done. Insert SD card in Raspberry Pi and do setup as shown (1:21)</div> <div> <br /></div> <div> 4. Open Network sharing (1:39) . Do the settings as shown.</div> <div> <br /></div> <div> 5. Open cmd and type arp -a .Note your ip address. (2:38)</div> <div> <br /></div> <div> 6. Open Putty (3:00) and do configuration as shown.</div> <div> <br /></div> <div> 7. Commands to install GUI </div> <div>      apt-get update (4:20)</div> <div>      apt-get install lxde (4:40)</div> <div>      apt-get install lightdm (5:15)</div> <div> <br /></div> <div> 8. Open Xming (5:29) and type startlxde (5:37)</div> <div> <br /></div> <div> 9. Successfully Installed (5:52)</div> </div> </div> </span> <script type='text/javascript'>summary("2429839531516358658")</script> <div class='readmore'> <a href='https://www.kalitutorials.net/2017/02/install-kali-linux-on-raspberry-pi-3.html'><i class='fa fa-arrow-circle-right'></i> Read More</a> </div> <div style='clear: both;'></div> </div> <div class='post-footer'> <div class='post-footer-line post-footer-line-1'> <div style='clear: both;'></div> <div id='related-posts'> <script type='text/javascript'> var currentposturl="https://www.kalitutorials.net/2017/02/install-kali-linux-on-raspberry-pi-3.html"; var maxresults=3; var relatedpoststitle="<b></b>"; removeRelatedDuplicates_thumbs(); printRelatedLabels_thumbs(); </script> </div> <div style='clear: both;'></div> <div style='clear: both;'></div> <span class='post-author vcard'> Posted by <span class='fn' itemprop='author' itemscope='itemscope' itemtype='http://schema.org/Person'> <span itemprop='name'>Anonymous</span> </span> </span> <span class='post-timestamp'> at <meta content='https://www.kalitutorials.net/2017/02/install-kali-linux-on-raspberry-pi-3.html' itemprop='url'/> <a class='timestamp-link' href='https://www.kalitutorials.net/2017/02/install-kali-linux-on-raspberry-pi-3.html' rel='bookmark' title='permanent link'><abbr class='published' itemprop='datePublished' title='2017-02-25T13:02:00-08:00'>February 25, 2017</abbr></a> </span> <span class='reaction-buttons'> </span> <span class='post-comment-link'> <a class='comment-link' href='https://www.kalitutorials.net/2017/02/install-kali-linux-on-raspberry-pi-3.html#comment-form' onclick=''> 211 comments: </a> </span> <span class='post-backlinks post-comment-link'> </span> <span class='post-icons'> <span class='item-control blog-admin pid-1207769824'> <a href='https://www.blogger.com/post-edit.g?blogID=1987100455892845792&postID=2429839531516358658&from=pencil' title='Edit Post'> <img alt='' class='icon-action' height='18' src='//img2.blogblog.com/img/icon18_edit_allbkg.gif' width='18'/> </a> </span> </span> <div class='post-share-buttons goog-inline-block'> </div> </div> <div class='post-footer-line post-footer-line-2'> <span class='post-labels'> Labels: <a href='https://www.kalitutorials.net/search/label/install%20kali%20linux%20on%20raspberry%20pi' rel='tag'>install kali linux on raspberry pi</a>, <a href='https://www.kalitutorials.net/search/label/kali%20linux%20on%20raspberry%20pi' rel='tag'>kali linux on raspberry pi</a>, <a href='https://www.kalitutorials.net/search/label/raspberry%20pi' rel='tag'>raspberry pi</a>, <a href='https://www.kalitutorials.net/search/label/raspberry%20pi%203' rel='tag'>raspberry pi 3</a> </span> </div> <div class='post-footer-line post-footer-line-3'> <span class='post-location'> </span> </div> </div> </div> </div> </div></div> </div> <div class='pagenavi'> <script type='text/javascript'> //<![CDATA[ var pageNaviConf = { perPage: 6, numPages: 9, firstText: "First", lastText: "Last", nextText: "Next", prevText: "Prev" } //]]> </script> <script type='text/javascript'> //<![CDATA[ function pageNavi(o) { var m = location.href, l = m.indexOf("/search/label/") != -1, a = l ? m.substr(m.indexOf("/search/label/") + 14, m.length) : ""; a = a.indexOf("?") != -1 ? a.substr(0, a.indexOf("?")) : a; var g = l ? "/search/label/" + a + "?updated-max=" : "/search?updated-max=", k = o.feed.entry.length, e = Math.ceil(k / pageNaviConf.perPage); if (e <= 1) { return } var n = 1, h = [""]; l ? h.push("/search/label/" + a + "?max-results=" + pageNaviConf.perPage) : h.push("/?max-results=" + pageNaviConf.perPage); for (var d = 2; d <= e; d++) { var c = (d - 1) * pageNaviConf.perPage - 1, b = o.feed.entry[c].published.$t, f = b.substring(0, 19) + b.substring(23, 29); f = encodeURIComponent(f); if (m.indexOf(f) != -1) { n = d } h.push(g + f + "&max-results=" + pageNaviConf.perPage) } pageNavi.show(h, n, e) } pageNavi.show = function(f, e, a) { var d = Math.floor((pageNaviConf.numPages - 1) / 2), g = pageNaviConf.numPages - 1 - d, c = e - d; if (c <= 0) { c = 1 } endPage = e + g; if ((endPage - c) < pageNaviConf.numPages) { endPage = c + pageNaviConf.numPages - 1 } if (endPage > a) { endPage = a; c = a - pageNaviConf.numPages + 1 } if (c <= 0) { c = 1 } var b = '<span class="pages">Pages ' + e + ' of ' + a + "</span> "; if (c > 1) { b += '<a href="' + f[1] + '">' + pageNaviConf.firstText + "</a>" } if (e > 1) { b += '<a href="' + f[e - 1] + '">' + pageNaviConf.prevText + "</a>" } for (i = c; i <= endPage; ++i) { if (i == e) { b += '<span class="current">' + i + "</span>" } else { b += '<a href="' + f[i] + '">' + i + "</a>" } } if (e < a) { b += '<a href="' + f[e + 1] + '">' + pageNaviConf.nextText + "</a>" } if (endPage < a) { b += '<a href="' + f[a] + '">' + pageNaviConf.lastText + "</a>" } document.write(b) }; (function() { var b = location.href; if (b.indexOf("?q=") != -1 || b.indexOf(".html") != -1) { return } var d = b.indexOf("/search/label/") + 14; if (d != 13) { var c = b.indexOf("?"), a = (c == -1) ? b.substring(d) : b.substring(d, c); document.write('<script type="text/javascript" src="/feeds/posts/summary/-/' + a + '?alt=json-in-script&callback=pageNavi&max-results=99999"><\/script>') } else { document.write('<script type="text/javascript" src="/feeds/posts/summary?alt=json-in-script&callback=pageNavi&max-results=99999"><\/script>') } })(); //]]> </script> <div class='clear'></div> </div> <div class='blog-feeds'> </div> </div></div> </div> <div style='clear: both;'></div> <div class='feature-post-video'> <div class='video-feature-post no-items section' id='Feature Post For Videos'></div></div> </div> <div id='sidebar-wrapper' itemscope='' itemtype='http://schema.org/WPSideBar'> <div class='sidebar section' id='sidebar'><div class='widget Image' data-version='1' id='Image1'> <h2>AI Powered UPSC Mentor</h2> <div class='widget-content'> <a href='https://upscmate.ai'> <img alt='AI Powered UPSC Mentor' height='421' id='Image1_img' src='https://blogger.googleusercontent.com/img/a/AVvXsEjUBO9gCherg4_83-ESOewK2jR5nuzTlQSjLS4hHt5-eU1LzZfAco1tYPG96DwMJ3X_wAVRJifAKoT9b38bksFHs0uUGsgvr9xqsAaSRUHY5Nzjhi_nZgFE0gRxoSgQrojzDNewbFWzaRDLkeZAygyvfshaq8DgUw0TTdleqYWiAMiUZ_yEwVGsL40sUfg=s421' width='300'/> </a> <br/> </div> <div class='clear'></div> </div><div class='widget BlogSearch' data-version='1' id='BlogSearch1'> <h2 class='title'>Search This Blog</h2> <div class='widget-content'> <div id='BlogSearch1_form'> <form action='https://www.kalitutorials.net/search' class='gsc-search-box' target='_top'> <table cellpadding='0' cellspacing='0' class='gsc-search-box'> <tbody> <tr> <td class='gsc-input'> <input autocomplete='off' class='gsc-input' name='q' size='10' title='search' type='text' value=''/> </td> <td class='gsc-search-button'> <input class='gsc-search-button' title='search' type='submit' value='Search'/> </td> </tr> </tbody> </table> </form> </div> </div> <div class='clear'></div> </div><div class='widget PopularPosts' data-version='1' id='PopularPosts1'> <h2>Popular Posts</h2> <div class='widget-content popular-posts'> <ul> <li> <a href='https://www.kalitutorials.net/2016/08/things-you-should-know-wireless-hacking.html'>Things You Should Know : Wireless Hacking Basics</a> </li> <li> <a href='https://www.kalitutorials.net/2013/08/kali-linux.html'>Tutorial on Hacking With Kali Linux</a> </li> <li> <a href='https://www.kalitutorials.net/2014/07/evil-twin-tutorial.html'>Evil Twin Tutorial</a> </li> <li> <a href='https://www.kalitutorials.net/2016/09/sqlmap-with-tor-for-anonymity.html'>SQLMap with Tor for Anonymity</a> </li> <li> <a href='https://www.kalitutorials.net/2017/11/macos-high-sierra-login-bug.html'>MacOS High Sierra login bug</a> </li> <li> <a href='https://www.kalitutorials.net/2014/03/hacking-websites-using-sql-injection.html'>Hacking Websites Using SQL Injection Manually</a> </li> <li> <a href='https://www.kalitutorials.net/2014/06/hack-wpa-2-psk-capturing-handshake.html'>Hack WPA/WPA2 PSK Capturing the Handshake</a> </li> <li> <a href='https://www.kalitutorials.net/2014/04/hack-wpawpa2-wps-reaver-kali-linux.html'>Hack WPA/WPA2 WPS - Reaver - Kali Linux</a> </li> <li> <a href='https://www.kalitutorials.net/2014/06/so-you-want-to-be-hacker.html'>So You Want To Be A Hacker</a> </li> <li> <a href='https://www.kalitutorials.net/2015/02/sql-injection-intermediate-level.html'>SQL Injection Intermediate Level</a> </li> </ul> <div class='clear'></div> </div> </div><div class='widget HTML' data-version='1' id='HTML6'> <h2 class='title'>Facebook</h2> <div class='widget-content'> <iframe src="https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Fbeginnerhacking%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId=543250125745022" width="340" height="500" style="border:none;overflow:hidden" scrolling="no" frameborder="0" allowtransparency="true"></iframe> </div> <div class='clear'></div> </div><div class='widget Text' data-version='1' id='Text1'> <h2 class='title'>Contact</h2> <div class='widget-content'> You can write to us at <a href="mailto:admin@kalitutorials.net?Subject=Sidebar%20contact" target="_top">admin@kalitutorials.net</a><br/> </div> <div class='clear'></div> </div></div> </div> </div> <div style='clear:both;'></div> <div id='lower'> <div id='lower-wrapper'> © <a href='http://kalitutorials.net'>Kali Tutorials</a>, 2016. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Shashwat Chaudhary and Kali Tutorials with appropriate and specific direction to the original content.<br/> <div style='clear: both;'></div> </div> </div> <script type='text/javascript'> //<![CDATA[ // JQuery hover event with timeout by Taufik Nurrohman - https://plus.google.com/108949996304093815163/about (function(c){c.fn.hoverTimeout=function(d,e,f,g){return this.each(function(){var a=null,b=c(this);b.hover(function(){clearTimeout(a);a=setTimeout(function(){e.call(b)},d)},function(){clearTimeout(a);a=setTimeout(function(){g.call(b)},f)})})}})(jQuery); // SelectNav.js - by: https://github.com/lukaszfiszer/selectnav.js - Adaptado por http://www.ideiasblog.com window.selectnav=function(){"use strict";var e=function(e,t){function c(e){var t;if(!e)e=window.event;if(e.target)t=e.target;else if(e.srcElement)t=e.srcElement;if(t.nodeType===3)t=t.parentNode;if(t.value)window.location.href=t.value}function h(e){var t=e.nodeName.toLowerCase();return t==="ul"||t==="ol"}function p(e){for(var t=1;document.getElementById("selectnav"+t);t++);return e?"selectnav"+t:"selectnav"+(t-1)}function d(e){a++;var t=e.children.length,n="",l="",c=a-1;if(!t){return}if(c){while(c--){l+=o}l+=" "}for(var v=0;v<t;v++){var m=e.children[v].children[0];if(typeof m!=="undefined"){var g=m.innerText||m.textContent;var y="";if(r){y=m.className.search(r)!==-1||m.parentNode.className.search(r)!==-1?f:""}if(i&&!y){y=m.href===document.URL?f:""}n+='<option value="'+m.href+'" '+y+">"+l+g+"</option>";if(s){var b=e.children[v].children[1];if(b&&h(b)){n+=d(b)}}}}if(a===1&&u){n='<option value="">'+u+"</option>"+n}if(a===1){n='<select class="selectnav" id="'+p(true)+'">'+n+"</select>"}a--;return n}e=document.getElementById(e);if(!e){return}if(!h(e)){return}if(!("insertAdjacentHTML"in window.document.documentElement)){return}document.documentElement.className+=" js";var n=t||{},r=n.activeclass||"active",i=typeof n.autoselect==="boolean"?n.autoselect:true,s=typeof n.nested==="boolean"?n.nested:true,o=n.indent||"?",u=n.label||"Menu",a=0,f=" selected ";e.insertAdjacentHTML("afterend",d(e));var l=document.getElementById(p());if(l.addEventListener){l.addEventListener("change",c)}if(l.attachEvent){l.attachEvent("onchange",c)}return l};return function(t,n){e(t,n)}}();$(document).ready(function(){selectnav('nav');selectnav('nav1');}); //]]> </script> <script type='text/javascript'> //<![CDATA[ $(document).ready(function() { $("ul#sub-menu").parent("li").addClass("hasSub"); $("#menu ul li").each(function() { $(this).hoverTimeout(0, function() { $(this).children("ul").slideDown() }, 0, function() { $(this).children("ul").hide() }) }); }); //]]> </script> <script type='text/javascript'> //<![CDATA[ function resizeThumbarlina(e,t){for(var s=document.getElementById(e),r=s.getElementsByTagName("img"),c=0;c<r.length;c++)r[c].src=r[c].src.replace(/\/s72\-c/,"/s"+t),r[c].width=t,r[c].height=t}resizeThumbarlina("PopularPosts1",400); $(document).ready(function(){ $('.PopularPosts img').each(function(){ var srcUrl = $(this).attr('src'); $(this).attr('src', srcUrl.replace('default', 'maxresdefault')); }); }); //]]> </script> <link href="//fonts.googleapis.com/css?family=Josefin+Sans:400,600%7CDroid+Sans:400,700" rel="stylesheet" type="text/css"> <link href='https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css' rel='stylesheet'/>  <script src='//s7.addthis.com/js/300/addthis_widget.js#pubid=ra-5348203d3c7fb90b' type='text/javascript'></script> <script type="text/javascript" src="https://www.blogger.com/static/v1/widgets/60983134-widgets.js"></script> <script type='text/javascript'> window['__wavt'] = 'AOuZoY76uY3bDm_BJ51F6GN48IQVmpr01Q:1739833516331';_WidgetManager._Init('//www.blogger.com/rearrange?blogID\x3d1987100455892845792','//www.kalitutorials.net/','1987100455892845792'); _WidgetManager._SetDataContext([{'name': 'blog', 'data': {'blogId': '1987100455892845792', 'title': 'Kali Linux Hacking Tutorials', 'url': 'https://www.kalitutorials.net/', 'canonicalUrl': 'https://www.kalitutorials.net/', 'homepageUrl': 'https://www.kalitutorials.net/', 'searchUrl': 'https://www.kalitutorials.net/search', 'canonicalHomepageUrl': 'https://www.kalitutorials.net/', 'blogspotFaviconUrl': 'https://www.kalitutorials.net/favicon.ico', 'bloggerUrl': 'https://www.blogger.com', 'hasCustomDomain': true, 'httpsEnabled': true, 'enabledCommentProfileImages': true, 'gPlusViewType': 'FILTERED_POSTMOD', 'adultContent': false, 'analyticsAccountNumber': '', 'encoding': 'UTF-8', 'locale': 'en', 'localeUnderscoreDelimited': 'en', 'languageDirection': 'ltr', 'isPrivate': false, 'isMobile': false, 'isMobileRequest': false, 'mobileClass': '', 'isPrivateBlog': false, 'isDynamicViewsAvailable': true, 'feedLinks': '\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Kali Linux Hacking Tutorials - Atom\x22 href\x3d\x22https://www.kalitutorials.net/feeds/posts/default\x22 /\x3e\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/rss+xml\x22 title\x3d\x22Kali Linux Hacking Tutorials - RSS\x22 href\x3d\x22https://www.kalitutorials.net/feeds/posts/default?alt\x3drss\x22 /\x3e\n\x3clink rel\x3d\x22service.post\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Kali Linux Hacking Tutorials - Atom\x22 href\x3d\x22https://www.blogger.com/feeds/1987100455892845792/posts/default\x22 /\x3e\n', 'meTag': '\x3clink rel\x3d\x22me\x22 href\x3d\x22https://www.blogger.com/profile/13202927467352106867\x22 /\x3e\n', 'adsenseClientId': 'ca-pub-3637532869445404', 'adsenseHostId': 'ca-host-pub-1556223355139109', 'adsenseHasAds': true, 'adsenseAutoAds': true, 'boqCommentIframeForm': true, 'loginRedirectParam': '', 'view': '', 'dynamicViewsCommentsSrc': '//www.blogblog.com/dynamicviews/4224c15c4e7c9321/js/comments.js', 'dynamicViewsScriptSrc': '//www.blogblog.com/dynamicviews/4b890f0df4aad4c4', 'plusOneApiSrc': 'https://apis.google.com/js/platform.js', 'disableGComments': true, 'interstitialAccepted': false, 'sharing': {'platforms': [{'name': 'Get link', 'key': 'link', 'shareMessage': 'Get link', 'target': ''}, {'name': 'Facebook', 'key': 'facebook', 'shareMessage': 'Share to Facebook', 'target': 'facebook'}, {'name': 'BlogThis!', 'key': 'blogThis', 'shareMessage': 'BlogThis!', 'target': 'blog'}, {'name': 'X', 'key': 'twitter', 'shareMessage': 'Share to X', 'target': 'twitter'}, {'name': 'Pinterest', 'key': 'pinterest', 'shareMessage': 'Share to Pinterest', 'target': 'pinterest'}, {'name': 'Email', 'key': 'email', 'shareMessage': 'Email', 'target': 'email'}], 'disableGooglePlus': true, 'googlePlusShareButtonWidth': 0, 'googlePlusBootstrap': '\x3cscript type\x3d\x22text/javascript\x22\x3ewindow.___gcfg \x3d {\x27lang\x27: \x27en\x27};\x3c/script\x3e'}, 'hasCustomJumpLinkMessage': true, 'jumpLinkMessage': 'Continue Reading', 'pageType': 'index', 'pageName': '', 'pageTitle': 'Kali Linux Hacking Tutorials'}}, {'name': 'features', 'data': {}}, {'name': 'messages', 'data': {'edit': 'Edit', 'linkCopiedToClipboard': 'Link copied to clipboard!', 'ok': 'Ok', 'postLink': 'Post Link'}}, {'name': 'template', 'data': {'name': 'custom', 'localizedName': 'Custom', 'isResponsive': false, 'isAlternateRendering': false, 'isCustom': true}}, {'name': 'view', 'data': {'classic': {'name': 'classic', 'url': '?view\x3dclassic'}, 'flipcard': {'name': 'flipcard', 'url': '?view\x3dflipcard'}, 'magazine': {'name': 'magazine', 'url': '?view\x3dmagazine'}, 'mosaic': {'name': 'mosaic', 'url': '?view\x3dmosaic'}, 'sidebar': {'name': 'sidebar', 'url': '?view\x3dsidebar'}, 'snapshot': {'name': 'snapshot', 'url': '?view\x3dsnapshot'}, 'timeslide': {'name': 'timeslide', 'url': '?view\x3dtimeslide'}, 'isMobile': false, 'title': 'Kali Linux Hacking Tutorials', 'description': 'Kali Linux Hacking Tutorials on Wireless, Penetration Testing, Facebook, Social Engineering, Denial of Service, SQL Injection and Windows hacking.', 'url': 'https://www.kalitutorials.net/', 'type': 'feed', 'isSingleItem': false, 'isMultipleItems': true, 'isError': false, 'isPage': false, 'isPost': false, 'isHomepage': true, 'isArchive': false, 'isLabelSearch': false}}]); _WidgetManager._RegisterWidget('_HeaderView', new _WidgetInfo('Header1', 'headerleft', document.getElementById('Header1'), {}, 'displayModeFull')); _WidgetManager._RegisterWidget('_BlogView', new _WidgetInfo('Blog1', 'main', document.getElementById('Blog1'), {'cmtInteractionsEnabled': false, 'lightboxEnabled': true, 'lightboxModuleUrl': 'https://www.blogger.com/static/v1/jsbin/918196653-lbx.js', 'lightboxCssUrl': 'https://www.blogger.com/static/v1/v-css/1964470060-lightbox_bundle.css'}, 'displayModeFull')); _WidgetManager._RegisterWidget('_ImageView', new _WidgetInfo('Image1', 'sidebar', document.getElementById('Image1'), {'resize': false}, 'displayModeFull')); _WidgetManager._RegisterWidget('_BlogSearchView', new _WidgetInfo('BlogSearch1', 'sidebar', document.getElementById('BlogSearch1'), {}, 'displayModeFull')); _WidgetManager._RegisterWidget('_PopularPostsView', new _WidgetInfo('PopularPosts1', 'sidebar', document.getElementById('PopularPosts1'), {}, 'displayModeFull')); _WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML6', 'sidebar', document.getElementById('HTML6'), {}, 'displayModeFull')); _WidgetManager._RegisterWidget('_TextView', new _WidgetInfo('Text1', 'sidebar', document.getElementById('Text1'), {}, 'displayModeFull')); </script> </body> </html>