Script kiddies can learn.

Skip to content

 cheetz / thp2

Learn Git and GitHub without any code!

Using the Hello World guide, you’ll start a branch, write comments, and open a pull request.
Read the guide

Code Issues 3 Pull requests 7 Projects 0 Actions Wiki Security Pulse Community

Branch: master 

Find fileCopy path

thp2/setup.txt

 cheetz Update Discover Scriptc6fecad on Dec 4, 2015

1 contributor

236 lines (198 sloc)  10.8 KB

RawBlameHistory

 

The Hacker Playbook 2http://www.amazon.com/dp/1512214566/ Since this book is based off of the Kali Linux platform, you can download the Kali Linux distro from: http://www.kali.org/downloads/. I highly recommend you download the VMware image (https://www.offensive-security.com/kali-linux-vmware-arm-image-download/) and download Virtual Player/VirtualBox. Remember that it will be a gz-compressed and tar archived file, so make sure to extract them first and load the vmx file. Once Your Kali VM is Up and Running● Log in with the username root and the default password toor● Open a terminal● Change the password ○ passwd● Update the image ○ apt-get update ○ apt-get dist-upgrade● Setup Metasploit database ○ service postgresql start● Make postgresql database start on boot ○ update-rc.d postgresql enable● Start and stop the Metasploit service (this will setup the database.yml file for you) ○ service metasploit start ○ service metasploit stop● Install gedit ○ apt-get install gedit● Change the hostname – Many network admins look for systems named Kali in logs like DHCP. It is best to follow the naming standard used by the company you are testing ○ gedit /etc/hostname ■ Change the hostname (replace kali) and save ○ gedit /etc/hosts ■ Change the hostname (replace kali) and save ○ reboot● *Optional for Metasploit – Enable Logging ○ I list this as optional since logs get pretty big, but you have the ability to log every command and result from Metasploit’s Command Line Interface (CLI). This becomes very useful for bulk attack/queries or if your client requires these logs. *If this is a fresh image, type msfconsole first and exit before configuring logging to create the .msf4 folder. ○ From a command prompt, type: ■ echo “spool /root/msf_console.log” > /root/.msf4/msfconsole.rc ○ Logs will be stored at /root/msf_console.log Tool InstallationThe Backdoor Factory:● Patch PE, ELF, Mach-O binaries with shellcode.● git clone https://github.com/secretsquirrel/the-backdoor-factory /opt/the-backdoor-factory● cd the-backdoor-factory● ./install.sh HTTPScreenShot● HTTPScreenshot is a tool for grabbing screenshots and HTML of large numbers of websites.● pip install selenium● git clone https://github.com/breenmachine/httpscreenshot.git /opt/httpscreenshot● cd /opt/httpscreenshot● chmod +x install-dependencies.sh && ./install-dependencies.sh● HTTPScreenShot only works if you are running on a 64-bit Kali by default. If you are running 32-bit PAE, install i686 phatomjs as follows: ○ wget https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-1.9.8-linux-i686.tar.bz2 ○ bzip2 -d phantomjs-1.9.8-linux-i686.tar.bz2 ○ tar xvf phantomjs-1.9.8-linux-i686.tar ○ cp phantomjs-1.9.8-linux-i686/bin/phantomjs /usr/bin/ SMBExec● A rapid psexec style attack with samba tools.● git clone https://github.com/pentestgeek/smbexec.git /opt/smbexec● cd /opt/smbexec && ./install.sh● Select 1 – Debian/Ubuntu and derivatives● Select all defaults● ./install.sh● Select 4 to compile smbexec binaries● After compilation, select 5 to exitMasscan● This is the fastest Internet port scanner. It can scan the entire Internet in under six minutes.● apt-get install git gcc make libpcap-dev● git clone https://github.com/robertdavidgraham/masscan.git /opt/masscan● cd /opt/masscan● make● make install Gitrob● Reconnaissance tool for GitHub organizations● git clone https://github.com/michenriksen/gitrob.git /opt/gitrob● gem install bundler● service postgresql start● su postgres● createuser -s gitrob –pwprompt● createdb -O gitrob gitrob● exit● cd /opt/gitrob/bin● gem install gitrob CMSmap● CMSmap is a python open source CMS (Content Management System) scanner that automates the process of detecting security flaws● git clone https://github.com/Dionach/CMSmap /opt/CMSmap WPScan● WordPress vulnerability scanner and brute-force tool● git clone https://github.com/wpscanteam/wpscan.git /opt/wpscan● cd /opt/wpscan && ./wpscan.rb –update Eyewitness● EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.● git clone https://github.com/ChrisTruncer/EyeWitness.git /opt/EyeWitness Printer Exploits● Contains a number of commonly found printer exploits● git clone https://github.com/MooseDojo/praedasploit /opt/praedasploit SQLMap● SQL Injection tool● git clone https://github.com/sqlmapproject/sqlmap /opt/sqlmap Recon-ng● A full-featured web reconnaissance framework written in Python● git clone https://bitbucket.org/LaNMaSteR53/recon-ng.git /opt/recon-ng Discover Scripts● Custom bash scripts used to automate various pentesting tasks.● git clone https://github.com/leebaird/discover.git /opt/discover● cd /opt/discover && ./update.sh