In old days, computer users were always waiting for Microsoft or Apple release the latest OS. We all grow up, and now as security evangelist and penetration tester, we are looking forward to see the latest version of Kali Linux v2. You can download ISO image file from Kali Website or you may download the VMware version from Offensive-Security website.
Hi guys, that’s been a while I didn’t have time to update my blog. I would like to write a simple post about how to automate some works and run them easily any time. Many of us, during our playing time with the Penguin, run some tasks and commands repeatedly. Writing bash scripts is my hobbies and I like to automate things, even automating Eat-Rave-Linux process 🙂 . So I am writing a simple script and show you how to call it from anywhere, similar to other Linux tools and commands such as ifconfig or ls …etc.
Today I had a call from a friend of mine, about running Metasploit. His problem was that, sometimes some services such as Apache2 or prostgresql are not running which cause might cause the Metasploit malfunction or slow running. So it’s better to check if these services are running before running the msfconsole. What I do is, I wrote a very simple bash script that restart the services, update the Metasploit, and finally run the Metasploit automatically. I have a “my-scripts” directory that I put my scripts there and hence, you may call them from anywhere. So here is my Metasploit script.
service postgresql stop
service postgresql start
service apache2 stop
service apache2 start
service metasploit stop
service metasploit start
Once you created your script, just save it as a bash file. You may call it Metasploit.sh to avoid any confliction with msfconsole. Then just make this file as a executable program using: Chmod 755 Metasploit.sh In the next step, I move this script in “my-scripts” directory which I located it in the root directory. I have added this directory to my variables $path. So I can call my script anytime from anywhere by just simply call its name. Do to so, you may use the following command.
now edit your .bashrc file and add the following line at the end of .bashrc file to make it as permanent parameter. you may need to reboot your system to apply the changes. so now you may call your Metasploit from anywhere.
add the following after the last line:
Good Luck and let me know if you have any alternative way to do so.
It happens to many of us that we zip some files with passwords, but after a long time we might forget the chosen password, it happened to me recently, I decided to write about a hand on simple tutorial on how to crack zip password protected file. Mostly I prefer an online web tool such as online pdf cracker due to high speed in cracking, unfortunately I couldn’t find any online unzip cracker, so I tried to find desktop tool, preferably free one. “frackzip” is the tool, I am using to crack the zip file. It uses brute force attack, written in assembly language, and it is a free application, which you can find it Kali and BackTrack.
frackzip switches are as follow:
-b brute force
-D dictionary Attack
-c charset characterset
-p init-password string
-l length min-max
-m method num
-2 modulo r/m
fcrackzip -u -v -b -p aaaa zipfolder.zip
If you don’t know the length of the password -p option will increase the speed of password cracking. in addition , your computer CPU and RAM are very important in speed of cracking.
Password cracking is one the common steps in Penetration testing to find if the web application or network have been configured properly or not.