Categories
Kali Linux

How to Check Kali Linux Version

$lsb_release -a
Distributor ID:	Kali
Description:	Kali GNU/Linux Rolling
Release:	2020.1
Codename:	kali-rolling
Categories
Kali Linux

NAS mount

Kali Linux live system does not have any persistent file system as default. If you would like to store the data on the live system, you may need external storage such as NAS(Network Attached Storage). The following mount.cifs command mounts a NAS file system to /mnt directory.

$sudo mount.cifs //192.168.0.10/home /mnt -o username=share-user 
Password for share-user@//192.168.0.10/home:   *******

where //192.168.0.10/home is the NAS IP address and shared directory, /mnt is the mounting point, and “share-user” is the NAS account name.

Since kali account does not have the write permission to /mnt, The write access to mounted directory requires sudo.

$sudo cp foo.txt /mnt/ 

To unmount the mounted NAS shared directory, use the umount command.

$sudo umount /mnt

Categories
Kali Linux

WPScan

WPScan is a WordPress vulnerability scanner. WPScan is found in the Kali desktop menu 03:Web Application Analysis>Web Vulnerability Scanners.

WPScan

The following command runs password-attack to wordpress server(192.168.0.3/wordpress). –passwords option requires password file that contains a list of passwords to use during the password attack.

One of the easiest ways to prepare the password file is to use Openwall wordlists collection(https://download.openwall.net/). The following command uses the file named “password” as its list of passwords, which downloaded from /pub/wordlists/passwords directory.

kali@kali:~$ wpscan --url 192.168.0.3/wordpress --passwords ./password
_______________________________________________________________
         __          _______   _____
         \ \        / /  __ \ / ____|
          \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
           \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
            \  /\  /  | |     ____) | (__| (_| | | | |
             \/  \/   |_|    |_____/ \___|\__,_|_| |_|

         WordPress Security Scanner by the WPScan Team
                         Version 3.7.6
       Sponsored by Automattic - https://automattic.com/
       @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

 [+] URL: http://192.168.0.3/wordpress/
 [+] Started: Mon Apr 25 00:00:00 20xx

Interesting Finding(s):

 [+] http://192.168.0.3/wordpress/
 | Interesting Entry: Server: Apache/2.4.38 (Raspbian)
 | Found By: Headers (Passive Detection)
 | Confidence: 100%

 [+] http://192.168.0.3/wordpress/xmlrpc.php
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%
 | References:
 |  - http://codex.wordpress.org/XML-RPC_Pingback_API
 |  - https://wordpress_ghost_scanner
 |  - https://wordpress_xmlrpc_dos
 |  - https://wordpress_xmlrpc_login
 |  - https://wordpress_pingback_access

 [+] http://192.168.0.3/wordpress/readme.html
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%

[+] Upload directory has listing enabled: http://192.168.0.3/wordpress/wp-content/uploads/
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%

[+] http://192.168.0.3/wordpress/wp-cron.php
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 60%
 | References:
 |  - https://defend-wordpress-from-ddos
 |  - https://github.com/wpscanteam/wpscan/issues/1299

[+] WordPress version 5.4 identified (Latest, released on 2020-03-31).
 | Found By: Emoji Settings (Passive Detection)
 |  - http://192.168.0.3/wordpress/, Match: 'wp-includes\/js\/wp-emoji-release.min.js?ver=5.4'
 | Confirmed By: Meta Generator (Passive Detection)
 |  - http://192.168.0.3/wordpress/, Match: 'WordPress 5.4'

[i] The main theme could not be detected.

[+] Enumerating All Plugins (via Passive Methods)

[i] No plugins Found.

[+] Enumerating Config Backups (via Passive and Aggressive Methods)

 Checking Config Backups -: |=============================================|

[i] No Config Backups Found.

[+] Enumerating Users (via Passive and Aggressive Methods)

 Brute Forcing Author IDs -: |============================================|

[i] User(s) Identified:

[+] admin
 | Found By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
 | Confirmed By: Login Error Messages (Aggressive Detection)

[+] Performing password attack on Wp Login against 1 user/s

Progress: |=================================================
[SUCCESS] - admin / admin
Progress: |===============================================================|

[i] Valid Combinations Found:
 | Username: admin, Password: admin

[+] Finished: Mon Apr 25 00:00:00 20xx
[+] Requests Done: 2895
[+] Cached Requests: 5
[+] Data Sent: 1.42 MB
[+] Data Received: 16.047 MB
[+] Memory used: 132.027 MB
[+] Elapsed time: 00:02:43

The log shows that wpscan found admin/admin account-password pair in 3 minutes.

Note: wpscan requires internet access to update its database. If the network is unreachable to the database server, wpscan aborted.

_______________________________________________________________
         __          _______   _____
         \ \        / /  __ \ / ____|
          \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
           \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
            \  /\  /  | |     ____) | (__| (_| | | | |
             \/  \/   |_|    |_____/ \___|\__,_|_| |_|

         WordPress Security Scanner by the WPScan Team
                         Version 3.7.6
                               
       @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

 [i] Updating the Database ...

Scan Aborted: Unable to get https://data.wpscan.org/metadata.json.sha512 (Couldn't connect to server)
Categories
Kali Linux

Kali Linux network routing priority

When Wi-Fi and Ethernet are both connected and Wi-Fi is the only way to to access the internet, kali linux default routing cannot access the internet. To access the internet on this system, Wi-Fi metric value should have lower value than Ethernet metric value.

The metric value of the network devices can be modified by nmcli command.

The following commands change Wi-Fi metric value from 600 to 50. After changing the metric value , Wi-Fi has lower metric value and the system can access the internet.

# default network setting 
kali@kali:$ ip r
default via 192.168.0.1 dev eth0 proto dhcp metric 100 
default via 192.168.10.1 dev wlan0 proto dhcp metric 600 
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.2 metric 100 
192.168.10.0/24 dev wlan0 proto kernel scope link src 192.168.10.9 metric 600 

# change wlan0 metric from 600 to 50
kali@kali:$ sudo nmcli connection modify access-point-name ipv4.route-metric 50
kali@kali:/mnt/tmp$ sudo nmcli connection up access-point-name
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)

# current network setting
kali@kali:$ ip r
default via 192.168.10.1 dev wlan0 proto dhcp metric 50 
default via 192.168.0.1 dev eth0 proto dhcp metric 100 
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.2 metric 100 
192.168.10.0/24 dev wlan0 proto kernel scope link src 192.168.10.9 metric 50