Kali linux uses the root user, since root privileges are needed to run various security tools like nmap and wireshark etc. However its uneasy to type the root/toor combination everytime Kali boots. So to make things simple just make the user root login automatically at system start. And here are the simple steps to do it. Open and edit the file called /etc/gdm3/daemon.conf. root@kali:~# leafpad /etc/gdm3/daemon.conf In the daemon section uncomment the 2 lines for [...]

Apache and mysql are installed by default in Kali Linux. They can be accessed through the Kali Linux menu in Applications. To start apache web server click the menu entry at “Applications > Kali Linux > System Services > HTTP > apache2 start”. Similary to start mysql click MySQL > mysql start. However starting services manually everytime is a waste of time and its better to get them to start automatically at boot. To configure [...]

Data Masking: An Introduction By: arD3n7 Dealing with Production Data is a challenge, but most organizations around the world have safeguards in place which secure the production environment properly. However, when it comes to non-production environments like Dev (Development) environment or Test Environment etc., they still do not have proper security in place. Protecting sensitive data is not an only an organization’s moral responsibility, but in certain cases it is also demanded by governing standards. [...]

Angry ip scanner is a popular gui based network/ip range scanning tool that is available for both windows and linux. It is multi threaded and scans the ip range very fast. It is written in java. For linux it provides deb packages that can be easily install on Kali, which is debian based. Download the deb file from Get the correct deb based on your system architecture, either 32bit/64bit. Once downloaded, install from the terminal [...]

Metasploit Metasploit, the great exploitation tool is included in Kali linux along with its powerful frontend armitage. Both are easy to run by clicking from the Kali Linux menu. Will show you the steps in this post, if you are new to it. Metasploit has a commandline interface msfconsole, and a web interface too. To run msfconsole or armitage first start the metasploit pro service. To do that just click on the menu option Kali [...]

Hack windows xp with MS08-067 exploit Using metasploit its possible to hack windows xp machines just by using the ip address of the victim machine. It does not involve installing any backdoor or trojan server on the victim machine. Metasploit does this by exploiting a vulnerability in windows samba service called ms08-67. This exploit works on windows xp upto version xp sp3. The vulnerability/exploit module inside metasploit is Name: Microsoft Server Service Relative Path Stack [...]

Kali linux is the next version of backtrack in a completely new form. Tor is not installed by default in kali linux. However can be installed easily right from its own repositories. root@kali:~# apt-get install tor vidalia Run the above command and tor along with vidalia should be installed. Start the tor service with the following command root@kali:~# service tor start [ ok ] Starting tor daemon…done. Verify tor status with the following command root@kali:~# [...]

Web Shells Web shells are small programs or scripts that can be uploaded to a vulnerable server and then opened from the browser to provide a web based interface to run system commands. They are basically backdoors that run from the browser. For a given web server, the web shell script must be in the same language that the web server supports or is running (php, asp, jsp etc). So if its a php web [...]

Uniscan is a vulnerability scanner that can scan websites and web applications for various security issues like LFI, RFI, sql injection, xss etc. Its written in perl. Its open source and can be downloaded from sourceforge project page here. It is included in backtrack and can be found at the following directory /pentest/web/uniscan In the Backtrack menu its located at Vulnerability Assessment > Web Application Assessment > Web Vulnerability Scanner > uniscan. On kali linux [...]

In penetration testing or hacking, it is a common task to search for exploits and vulnerabilities for a give platform/application. The search is done on google, or various exploit database websites. One of them is exploit-db.com. Backtrack includes lots of exploits from exploit-db in a searchable database that can be used offline. In backtrack 5 its located in the following directory /pentest/exploits/exploitdb In the backtrack menu, it can be found at Exploitation Tools > Open [...]