Categories
Kali maltego Uncategorized

Graphing Intel with Maltego

Maltego is a powerful intelligence gathering utility that allows simple and visual reconnaissance of a host, website, person, and a whole heck of a lot of other topics that can be extended with utilities available in the Transform Hub.  I did some straightforward querying on my own infrastructure for technicalagain.com.

There are other utilities available to pull down some of the same information as Maltego, but none that I have come across that are as powerful outside the terminal and none are nearly so visual.  

For large scale penetration testing with a team of testers, I definitely see the benefit Maltego offers in visually linking and storing as much information as possible about a target prior to moving into the threat modeling phase.  I think of this akin to a team of detectives building out a whiteboard filled with as much information profiling the potential perps.

Categories
Kali nmap tor Uncategorized

Avoid Detection with Nmap Stealth Scan and Tor

The nmap stealth scan -sS flag allows you to search for open ports by adjusting the TCP/IP three way handshake:

The handshake ordinarily is SYN -> SYN ACK -> ACK

The -sS flags change the handshake to SYN -> SYN ACK -> RST

Defined: Synchronize, Acknowledge, Reset

This makes it less likely, but certainty not impossible for an intrusion detection system to pickup the scan.

The best approach that I can think of would be to use the -sS flag and between each port tested use Tor to change IPs from within a regionally anticipated region based on the purpose and location of the target. There is a great write up on how to do just that here using Tor and Proxy Chains to use public proxies.

The article also mentions using the tor-resolve feature to resolve a hostname to an IP address to avoid all of your queries going through the DNS server of the ISP.  Nmap allows the -n flag to never use DNS name resolution and the -Pn flag to avoid host discovery.

 That leaves me with the following command after using tor-resolve on technicalagain.com: sudo proxychains nmap -sS -n -PN -v 173.194.34.174

Update: Also don’t forget the -O flag to learn the operating system and hosting service.

Categories
brute forzabruta Kali Linux Projects ProjectSuccess Resource Discovery

More Resource Discovery with ForzaBruta.py

Been a busy summer, but I spent some time continuing the work I previously wrote about the brute-forcer, ForzaBruta.py.  This time working through the Lynda coursework to iterate on the brute-forcer to add convenience and analysis capabilities:

  • Take screenshots
  • Capture the MD5 checksum to compare the file contents
  • Record number of words and characters in each file and the time to load
  • Filtering and coloring based on return code
  • Filter for only certain file extensions.

These new capabilities rely on Selenium, a browser automation utility, and PhantomJS, a scriptable headless browser.  The convenience features are nice.  I have not been able to get automated screenshots to work.  All seemingly works well except a zero byte PNG file is created.  I am assuming the issue is related to the nuance of having Kali installed on a MacBook.  These graphics challenges are difficult to debug.  I experienced a similar graphics issue working with Hashcat last month as well.

That’s a long way for me to say I don’t think I’m going to invest the time to get the screenshot capabilities working.

Categories
DMitry Kali

Information Gathering with DMitry

DMitry is a nice little utility built into Kali. It’s a basic and easy to use utility, but not great. Usage is straight forward.

dmitry technicalagain.com

Base functionality is able to gather possible subdomains, email addresses, uptime information, tcp port scan, whois lookups, and more.

DMitry is worth the effort to simply punch in the command line but don’t expect great information back. First, just about everyone is using a whois proxy to conceal their personal information. Second, DMitry relies on search engines to try to find subdomains and email addresses. I specifically tested these features and because the search engines missed, DMitry missed, too. Simple and quick to use, but the information that comes back is not that helpful.

Categories
Kali Linux

Install Kali Linux on a MacBook

I installed Kali Linux on a dualbooted MacBook Pro last week. The frst thing I did was delete unnecessary files on the Mac to free up space and then shrunk the size of the partition using Apple’s built-in Disk Utility. I then manually installed Kali on the remaining unused portion of the hard drive.

This wasn’t a particularly challenging project but it wasn’t easy either. The only real issue I experienced was related to my bootable USB hard drive. I used a utility called Rufus to turn the Kali.iso file into a bootable install on an external hard drive.  I messed up a configuration setting on Rufus, though. Although I could boot Kali into “live mode” just fine, I could only get about half way into the installation until Kali could not detect my CD-ROM. You’d think this wouldn’t be a big deal, but a material part of the installation occurs when the contents of the USB drive are mounted and copied into a folder called /cdrom and the installer is “faked” into thinking the data is coming from a CD/DVD rather than a thumb drive.  I tried to mount and create the directory manually and move the contents in, but I was unable to get past this point.  So back to the drawing  board.  This time I used Apple’s built in dd terminal utility to create the bootable USB and the install went much smoother.

Once I got Kali installed, I noticed a few more odd things.  Example, the mouse did not work during the install, but worked fine after.  The /etc/apt/sources.list was blank.  When I added a new non-root user, I had to log out and log back in before I could see the user even though I was logged in as root.  Once the new user was created, he wasn’t part of the sudoers file.  Not a big deal there, but one more step I had to follow up on.  Overall ease of installation and first use I would give a score of about 7/10.

After playing with Kali for about three days now, I am really excited about all the penetration testing tools to learn, but I can’t say the experience is much better or worse really than when I have used the GNOME desktop on other Linux distributions like Ubuntu or Fedora.

My home network is really coming together now.  I now have access to Windows and Mac desktops, I have a nice Ubuntu server setup and my main machine is Kali running on a late 2011 MacBook.  We continue to abide by the ground rules by doing the work ourselves and breathing new life into old things.  More fun ahead.