Kali Linux Version 2 Released.

In old days, computer users were always waiting for Microsoft or Apple release the latest OS. We all grow up, and now as security evangelist and penetration tester, we are looking forward to see the latest version of Kali Linux v2. You can download ISO image file from Kali Website or you may download the VMware version from Offensive-Security website.

EnJoY Hunting….

writing script to Automate running Metasploit services, and call it from anywhere

Hi guys, that’s been a while I didn’t have time to update my blog. I would like to write a simple post about how to automate some works and run them easily any time. Many of us, during our playing time with the Penguin, run some tasks and commands repeatedly. Writing bash scripts is my hobbies and I like to automate things, even automating Eat-Rave-Linux  process 🙂 . So I am writing a simple script and show you how to call it from anywhere, similar to other Linux tools and commands such as ifconfig or ls …etc.

Today I had a call from a friend of mine, about running Metasploit. His problem was that, sometimes some services such as Apache2 or prostgresql are not running which cause might cause the Metasploit malfunction or slow running. So it’s better to check if these services are running before running the msfconsole. What I do is, I wrote a very simple bash script that restart the services, update the Metasploit, and finally run the Metasploit automatically. I have a “my-scripts” directory that I put my scripts there and hence, you may call them from anywhere. So here is my Metasploit script.

#! /bin/bash

service postgresql stop

service postgresql start

service apache2 stop

service apache2 start

service metasploit stop

service metasploit start

msfupdate

msfconsole

Once you created your script, just save it as a bash file. You may call it Metasploit.sh to avoid any confliction with msfconsole. Then just make this file as a executable program using: Chmod 755 Metasploit.sh In the next step, I move this script in “my-scripts” directory which I located it  in the root directory. I have added this directory to my variables $path. So I can call my script anytime from anywhere by just simply call its name. Do to so, you may use the following command.

now edit your .bashrc file and add the following line at the end of .bashrc file to make it as  permanent parameter. you may need  to reboot your system to apply the changes. so now you may call your Metasploit from anywhere.

nano /root/.bashrc

add the following after the last line:

export PATH=$PATH:~/my-scripts   

Good Luck and let me know if you have any alternative way to do so.

Winzip password Cracking

It happens to many of us that we zip some files with passwords, but after a long time we might forget the chosen password, it happened  to me recently, I decided to write about a hand on simple tutorial on how to crack zip password protected  file. Mostly I prefer an online web tool such as  online pdf cracker due to high speed  in cracking, unfortunately I couldn’t find any online unzip cracker, so I tried  to find desktop tool, preferably free one.  “frackzip” is the tool, I am using to crack the zip file. It uses brute force attack, written in assembly language, and it is a free application, which you can find it Kali and BackTrack.

frackzip switches are as follow:

h help

-b brute force
-D dictionary Attack
-B benchmark
-c charset characterset
-V validate
-p init-password string
-l length min-max
-u use-unzip
-m method num
-2 modulo r/m

fcrackzip -u -v -b -p aaaa zipfolder.zip

If you don’t know the length of the password -p option will increase the speed  of password cracking.  in addition , your computer CPU and RAM  are very important in speed  of cracking.

 

Password cracking is one the common steps in Penetration testing to find if the web application or network have been configured properly or not.