"If you want to keep a secret, you must also hide it from yourself"

Since Kali Linux rolled out their newest version (as of last night/yesterday - yeah, local time is a bitch), many people wondered if they're using the latest version (or not!) of the operating system.
Since the Kali Version I use is a "rolling" version, this means that if you update & upgrade, you're good to go. What is a "rolling" version?
You install the rolling version, and from now on you receive incremental updates, both for security patches and new versions of applications.
Now, getting back to our subject. The easy way to find out you current version of Kali is to open a terminal session and type:
lsb_release -a
The result should look something like the one below:


Now, as you can see from the screenshot, I'm using the latest Kali Linux distro - since I've (remember that line?) updated my distro lately. But, what does "lsb_release -a" stands for?
The lsb_release command provides certain LSB (Linux Standard Base) and distribution-specific information.
Sidenote: many people pointed-out that the kali-undercover is new to this distribution. It seems that it isn't new at all and (drum rolls) it only works if you're using Xfce desktop environment. If you're using a Gnome desktop environment (like myself), it won't work.

How to change your desktop environment in Kali Linux and switch from Gnome (or whatever) to Xfce?

Once the system boots-up, just after you've entered your password, click on the gear drop down (see picture below) and switch from Gnome or the desktop environment you're currently using to Xfce.


Now, you can test and use kali-undercover.











How many times have you messed-up your Kali Linux repositories/sources list? How many times you forgot how to edit the list using a text editor (available in Kali Linux)? It happened a lot of times to me so, I'll just keep this as a note for myself.
My repositories list contains only two lines of text. In case you've changed it and need to get it back to the "original" version, below is a small tutorial on how to edit your sources.list file. I'll cover both Gedit and Leafpad options.

In order to open your sources.list file with gedit, type the below command in the console:
sudo gedit /etc/apt/sources.list
Once the sources.list file is opened, make sure that you have these two lines in it:

deb http://http.kali.org/kali kali-rolling main non-free contrib
deb-src http://http.kali.org/kali kali-rolling main non-free contrib
If these two lines are not present, feel free to copy & paste them - don't forget to save your file before closing it.







In order to open your sources.list file with leafpad, type the below command in the console:

sudo leafpad /etc/apt/sources.list



Once the sources.list file is opened, make sure that you have these two lines in it:

deb http://http.kali.org/kali kali-rolling main non-free contrib
deb-src http://http.kali.org/kali kali-rolling main non-free contrib

That’s it, you should now have access to most of the packages. Once you save the file, don't forget to execute the following commands:

apt-get update
apt-get upgrade
apt-get dist-upgrade

And you’re good to go. For more information & sources, please visit: https://www.kali.org/docs/general-use/kali-linux-sources-list-repositories/.









Below is the updated list of websites which have been informed about their security flaws - per email, social media profiles, etc. At the time of this post, the list contained 237 websites.
No user data has been compromised and the security flaws were ethically disclosed. The list will be updated on a monthly basis.
7thsensedesign.com
addcar.ro
aeonevents.co.uk
afpm.ro
africa-travel-service.com
agrimoney.com
agropower.at
ahrradhaus-wagner.de
airsoft.ro
airsoft.ro
alexandrasevents.ro
all4you-pr.de
amoyachts.com
ampbusiness.co.uk
angelplatz.at
anpcc.ro
antaloexpeditions.ro
arcub.ro
asii-curateniei.ro
asociatiait.ro
astrosail.com
autorizatieconstruire.ro
avocat-ionescubogdan.ro
azlp.org
bcrc.eu
bewlwater.co.uk
bishop-reparatii-termopane.ro
bluebellhair.com
bmmt.ro
bnp-ciucasiasociatii.ro
bohle-group.com
bossemployment.co.uk
bradleysmasterlocksmiths.co.uk
brokerfarm.ro
brucknerhaus.at
btldesign.ro
buildcorp.ro
businessmediapromotion.ro
c2-europe.eu
cabana-ranca.ro
cadmando.co.uk
calidus.ro
cannonkirk.co.uk
carbonsystems.ro
carclean.ro
carhs.de
cart.shoppingtechnology.com
casa-maria.ro
casanuntiisighet.com
castlescoventry.com
cazare-pensiune-parndorf.ro
cfonetwork.ro
cfonetwork.ro
chems.ro
ciautomart.com
city-event.ro
cnpcluj.ro
concordiatravel.ro
core-trade.eu
cristinnecosmetics.com.ro
criticalnetwork.co.uk
cropfertil.ro
czga.ro
dcoilinvest.com
decofurniture.ro
deliascanarycatering.com
delimanjoo.ro
designit.ro
designsmells.com
destglobal.ro
dgaspcgr.ro
dgaspcgr.ro
diamond-inco.ro
diamondcut.de
dijv.de
disyl.ro
dvb.de/de
e-flights.de
eastsomersetrailway.com
ed-info.de
ehl.de
energy-cosmetic.ro
englishrural.org.uk
etiquettestore.ro
etiquettestore.ro
europro-concept.ro
eurotv.ca
evanwijk.ro
fabricareclame.ro
farbsucht.de
fc-utd.co.uk
fic.ro
fideminvest.eu
flagmycab.com
flexiva.ro
flixfacilities.com
fmv.or.at
fotofunk.ro
fresenius.ro
gah-bayern.de
gamesymbol.com
gcsproperty.com
gendernow.at
gesellschaft-harmonie.de
goldenes-rad.de
goodweave.org
greenideas.com.ro
gvz.co.at
gwyneddconfectioners.co.uk
hammerplc.com
happycity.ro
harrisinteractive.com
heathrowtransfersandpackages.com
herotire.com
hotel-regal.com
hyundaiconstanta.ro
i-management.ro
i-nutritie.ro
i-spa.ro
iankingimaging.com
ibm.stillco.ro
idylle-salon.ro
ilsc.ro
ingbert-liebing.de
ingeniousbritain.biz
ingrijimbatrani.ro
Inm-lex.ro
investigatii.md
isidev.de
itexclusiv.ro
jawntee.com
jhrecruitment.co.uk
jocuridetop.ro
kcuk.org
knectit.com
kronect.ro
lincsheritage.org
link2ec.ro
littleparachutes.com
macscientific.co.uk
mercadia.de
mhc.ro
mondial-congress.com
mongolrestaurant.ro
mutari-mtrans.ro
narcisvirgiliu.ro
natradinghouse.com
nbtrade.ro
new-tricks.co.uk
nfv-de
nicepps.ro
norfolkadmirals.com
novacescu.ro
oms-chaumont.com
orifswedencosmetics.ro
ottawayconsultants.com
ovi.at
oxxygene.ro
pakemb.de
papillon.ro
parts-express.ro
pdqcoldcall.co.uk
pentruvin.ro
perfecthomemedia.ro
petroservices.de
pony-park-cheia.ro
portalroman.com
power-events.ro
primusrentacar.ro
proconsult-ing.ro
profiset.ro
projectboxonline.com
qbs.ro
qulit.co.uk
ralcolor.ro
receca.com
redwheelweiser.com
reformiert-online.net
regussurgical.ro
restaurantulmirador.ro
ronps.ro
rosenloecher.de
rosialconcept.ro
rtmodels.ro
rubinian.com
rulouriexterioare-jaluzele.ro
rvb-books.com
sansage.eu
scoalapsi.ro
scoalaturism.ro
scolmore.com
scottish-building.co.uk
scs-service.ro
secretsocietyballroom.ro
serazo.ro
sexromanesc.com
shopping-24.at
singinherts.co.uk
slspares.co.uk
soldateluldeplumb.ro
sonorizaredj.ro
sprint15.com
st-andrews.ac.uk
steadfasttrust.org.uk
stomatologie-iuliabratu.ro
strategiessl.qc.ca
sunglass-elite.co.uk
sweet-dreams.ro
sweetgarden.ro
tehnopress.ro
tehnopress.ro
telefunken.com
theaterpubinlight.ro
themarketer.ro
thestyleseries.com
thornbridgebrewery.co.uk
toobigforthat.com
top-foto.de
totalbhakti.com
traam.com
transact.de
tvnoe.at
ukgraffiti.com
underground-bucharest.com
utilaje-alexandria.ro
vclegaluk.com
vclegaluk.com
vcm.ro
venom-business.ro
versuripenet.ro
vhs-austria.com
video-photo.ro
vritikaherbotech.com
webro.ro
werthe.de
wolfpublishers.com
wordsworldwide.co.uk

vulnerability ahead road sign
Blogger has the option to set a custom page not found message and redirect (if needed). For my personal blog I decided not to only add a small message whenever a user misspells any links (or if I delete older posts) but also to redirect them to my blog's homepage.
Access settings for "custom page not found"


Follow the below easy steps and you're good to go:
Access your blogger draft and go to "Search preferences". Under "Error and redirections" you'll see the "Custom Page Not Found" option > click on Edit.
Copy and paste the below code:

<style type="text/css"> #error-404 { border: 20px solid #1B1B1B; border-radius: 240px 240px 240px 240px; height: 240px; margin: 0 auto 40px; text-align: center; transition: all 0.8s ease 0s; width: 240px; } #error-404:hover { border-color: #333; } #error-404 span { color: #FA4C29; font-size: 100px; font-weight: bold; line-height: 240px; } .large-heading { font-size: 48px; line-height: 1.2em; } .light-heading { font-weight: 400; } .status-msg-bg { background-color: transparent; } .sidebar-wrapper, .page-header { display: none; } .main-wrapper { margin-right: 0; } .outer-wrapper { min-height: 0; } .status-msg-border { border: 0 none; } </style> <div id="error-404"> <span>404</span>
</div> <h2 class="large-heading" style="text-align: center;">Page not found.</h2>
<h3 class="light-heading" style="text-align: center;">Sorry, the page you were looking for on this blog does not exist.<br>You will be redirected shortly to the homepage.</h3>
<script type = "text/javascript">
BSPNF_redirect = setTimeout(function() {
location.pathname= "/"
}, 5000);
</script>
404 error message for page not found

The user will be presented with the above message and he will be automatically redirected to your homepage - after a 5 seconds delay time. Feel free to change the code as you wish.
Before explaining how to add Meta-tags to your blog, let us remember what these tags are all about. HTML Meta tags will not make you rank number 1 in 2 seconds, but they are a very important part since they help search engines and users to understand what your site's all about - if implemented correctly. Below is a small breakdown of the most important tags.

html tags image


Title Tag
Even though the "Title-Tag" isn't actually a meta-tag, this tag is displaying the page title in the header of the browser window (or tabs) like in the example you see below:

Example of a title tag

The title tag is meant to be an accurate and concise description of a web-page's content. Keep it between 50-60 characters long.

Description tag
Represents a short description of the page's content, used also by search-engines to categorize your website pages. Meta descriptions are commonly used on search engine result pages (SERPs) to display preview snippets for a given page.

Example of description tag

Write a good description, keep it between 150-160 characters long and above all, avoid duplicate descriptions.

Keywords tag
Couple of years ago, the keyword tag was one of the important elements - as with anything else, people abused it. These days relevance of keywords meta-tags is close to 0 so you can totally ignore this tag - most important: if you need/want to use it, do not use it in a "spammy" way.
Keyword tags represent short keywords separated by commas that are (were) used for search engines to accurately categorize a web-page.

View-source display of the keywords tag



The use 5 to 10 keywords should be enough. Do not use keywords that are not visible on the page (content) itself.

Language tag
The language attribute helps search engines to understand in what natural language your website content is written.

In order to add HTML tags to your blog template, access your blogger settings, go to Template &gt; click on Edit HTML. Find the </head> section - you can search for it through CTRL+F.

HTML edit option in Blogger template

After editing the below code, copy and paste it there:
<!-- Meta Tags ~  seo-for-humans.blogspot.ro  -->
 <meta content='Your Blog Description' name='description'/>
 <meta content='Keyword1,Keyword2,Keyword3' name='keywords'/>
 <meta content='Author Name' name='Author'/>
 <meta content='Author Email Address' name='Email'/>
 <meta content='all' name='robots'/>
 <meta content='index, follow' name='robots'/>
 <meta content='Language Name' name='language'/>
 <meta content='Country Name' name='country'/>
 <meta content='blogger' name='generator'/>
<!-- /Meta Tags ~   seo-for-humans.blogspot.ro  -->
Change the data marked in bold orange text to accurately fit your needs. Remember to save your template afterwards. Below is an example on how my blog uses the HTML Meta-tags:

Example of HTML tags in blogger template
If you want to play around with different systems through the help of virtual machines or if you simply want to create your own pentesting virtual-lab for free, installing virtualbox is one of the best options for linux. Before installing virtualbox, you'll need to make sure that the below dependencies are added to your sources.list file:
## Regular repositories
deb http://http.kali.org/kali kali main non-free contrib
deb http://security.kali.org/kali-security kali/updates main contrib non-free
## Source repositories
deb-src http://http.kali.org/kali kali main non-free contrib
deb-src http://security.kali.org/kali-security kali/updates main contrib non-free
These can be added manually through editing the sources.list file or by running the following command:
leafpad /etc/apt/sources.list
The above command will open one of the available text editors, LeafPad, and will edit your sources file that can be found in the /etc/apt/  location. Save the file after editing and close it. Now, open a terminal window and run:
apt-get update
apt-get upgrade
apt-get dist-upgrade
Once these commands are completed run the following command:
apt-get install linux-headers-$(uname -r)
And then:
wget download.virtualbox.org/virtualbox/4.2.14/virtualbox-4.2_4.2.14-86644~Debian~wheezy_i386.deb
dpkg -i virtualbox-4.2_4.2.14-86644~Debian~wheezy_i386.deb
installation-of-virtualbox-in-kali-linux

wget will download the mentioned version of virtualbox to your home/user folder and dpkg –i will unzip (de-package) your file and install it (through the use of the –i command).

If you need to test the successful installation simply type virtualbox in the terminal.

virtualbox-in-kali-linux

Now you can easily create your own pentesting lab in Kali Linux, but this will be covered in another post.

Sources:
How to add official Kali Linux Repositories.
Installing Virtualbox on Kali Linux.

Creating scripts is easy in Linux distributions, you just need access to any text editor - Linux has plenty available (gedit or gvim, to name just a few examples) and to some available neurons. In this example we'll use the update and upgrade commands and we'll create ourselves a script that once executed will automatically run the commands for us - this is the easiest example I came-up with.

Open your text editor. At the first line write

#!/bin/bash
Press enter and below this line type:
apt-get clean && apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y


Save it as "update.sh" - or any other name you would prefer.

Kali-update-script

Right click your script and on the "Permissions" tab set a checkmark near Execute - allow executing file as a program.

allow-executing-file-as-program

Now every time you boot-up your Kali, instead of typing the whole thing into a terminal, just run your script.
run-in-terminal-window





This is a fictional adventure with fictional characters that have fictional (non)skills based on true events. This post was created for informational purposes only and no admins lost their job during the writing of this story. It was inspired by Troy Hunt's "Hacking is child's play" article.

Bob, a 20-something year old boy, never considered himself a computer “guru”. He started using computers around the age of 18, late compared to his friends. What he lacked in experience, he gathered through patience.
Saturday morning news, July 2012: Yahoo voices was breached, half a million emails and passwords were leaked. The attack was made possible due to a SQL injection flaw on their servers.

yahoo voices logo
 
SQL injection? Sound like a medical term. Bob moves to his computer and starts typing:
sql injection attacks
He goes through the results, reads various topics and his eyes fall on: 
Havij - an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.
Havij SERP results from google search
 
He was never very tech-savvy so this might be what he was looking for. Another search follows:
havij torrent
Bam, first results, his beloved piratebay. The torrent is small in its size so it should be ready soon enough. In the meantime he'll grab a coffee, smoke a cigarette or two and wait.
Minutes later when he returns, the download session is complete. He registers – by using the all-too-easy provided steps - and fires-up the application. 

Havij default first screen

But, he remembers that he needs some websites to test it on. Opens Firefox again, set's the homepage to google.uk and enters:
inurl:newsitem.php?num=

Google results for inurl dork

This is the google “dork” he choose from a list. It's an example of “advanced search string operators” - termed by some people as “dorking”. Since Bob is inexperienced, he doesn't really care what these are or why they're named “dorks”. 
He starts copying and pasting the available results into Havij. First site doesn't work, Havij returns:
MySQL error based injection method cant be used!
MySQL time based injection method can't be used!
He moves on to the other results. Finally, one site seems to be vulnerable, he pressed “Analyze” and in less than 5 seconds:
Havij table results

This is getting interesting. From all the tables, only one seems to have the data he's looking for: labeled_user. He selects the table and clicks on “Get columns”. The important columns are there:
☐ forename
☐ surname
☐ username
☐ password
☐ email
He selects three of them: email, username and password, then presses on “Get data”. Finally, he has access to the admins usernames and passwords. But the passwords are encrypted so he needs to dig-on.

Table results with username and passwords

Havij has an MD5 decryption option available, let's try that one. He tries with the first encrypted password - Havij is using online resources to decrypt passwords.
Success! The results came in seconds and the password has been revealed: johnC1980 – it's a combination between the name of the web admin and his birthday dates - common password combination. Bob moves to the “Find admin” tab and clicks on start. The program found something like nameofthesite.co.uk/admin . He pastes the link into his browser and tries the username and password combination:

admin

John121980

Admin cpanel login screen
 
He's in. It was easier than he thought and now he has access to admin panels of this recruitment agency from the UK. He'll dig more into it tomorrow but for now he's done. He wants to celebrate his script-kiddie success.

Bob's back early in the morning. What if those five users are “recycling” their passwords? This was usually the cause for many famous successful break-ins in the past.
People are lazy and they don't want to remember 12 passwords used on 12 different websites: what they do instead? They use the same password for all sites. You got access to one, you have access to all of them.
After two hours, Bob was able to access John's Gemail, Linked-in, Facebook and twitter account. He used the same password on all of them: John121980.
Worse yet: John creates and administrates websites for other companies also. Obviously he's using the same password. From here on, Bob can get access to a huge amount of login details.
If you're curios enough, the sky is the limit.
During the "Reconnaissance" phase we might need to frequently access the targeted website and this can trigger some alarms. I used to rely on Httrack – or WebHttrack – for making one-on-one offline copies for a given web-page, but for some odd reasons it doesn't work on my current Kali installation. For those who want to give WEBHTTRACK a chance, one thing you need to remember: it's not included by default in Kali. In order to install webhttrack type the following:
apt-get update
apt-get install webhttrack
to get the full GUI version, or
apt-get update
apt-get install httrack
to get the command-line version only.

Searching for alternative easy ways to do it, I've found this tutorial from kossboss – all the credit goes there.
Open a terminal and type mkdir /mywebsitedownloads/ and then
cd / mywebsitedownloads – you can name the folder in any way you wish.
Now (copy and paste):
wget --limit-rate=200k --no-clobber --convert-links --random-wait -r -p -E -e robots=off -U mozilla http://www.nameofthesiteyouwanttocopy.com
Replace the nameofthesiteyouwanttocopy.com with the actual name of your targeted web-page. Below is the explanation of each command:

--limit-rate=200k: Limit the download to 200 Kb/sec – higher download rates might seem suspicious.
--no-clobber: don't overwrite any existing files (used in case the download is interrupted and
resumed).
--convert-links: convert links so that they work locally, off-line, instead of pointing to a website online.
--random-wait: Random waits between download – same reason as for the limit-rate.
-r: Recursive - downloads full website
-p: downloads everything, including pictures.
-E: gets the right extension of the file.
-e robots=off: prevent the website from considering your session as a robot/crawler.
-U mozilla: pretends to be just like a web-browser.

Once the download is completed you can find the offline copy in /nameofthefolder you used for saving your downloaded page – look for the home/index.html page.
wget-screen-running-offline-copy

You'll notice that it is an identical copy – it preserves the link structure, pictures, code and other formatting. Remember that anytime you interact directly with any online resources owned by the 'target', there's a chance you'll leave your digital fingerprint behind.
Previous PostOlder Posts Home