Kali Linux

Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security.

Everything about Cross-Site Scripting (XSS)

Everything about Cross-Site Scripting (XSS)

During surfing the web sometimes we welcomed with a pop-up, after entering a web page. Even on our website now have a pop-up for the very first time. Suppose our system can be attacked by these pop-ups, may be malicious payloads comes in to our system or our sensitive data is stolen.

xss cross site scripting kali linux thumbnail

Today in our this article we will going to cover the Cross-Site Scripting and we also learn how an attacker executes malicious JavaScript codes over at the input field and generates pop-us to deface the web-application or hijack user’s session.

Pop-up JavaScript’s relation to XSS

JavaScript is one of the most popular programming language of the web, more than 93% websites uses JavaScript. It is very flexible and easily mixes with the HTML codes.

A HTML webpage embedded with JavaScript shows it magic after the webpage loaded on the browser. JavaScript uses some functions to load an object over on a webpage. Functions like Onload, Onmouseover, Onclick etc. Then it prompts the alert as it coded. That’s why basically XSS payloads uses JavaScript codes.

Basics of Cross-Site Scripting (XSS)

Cross-Site Scripting aka XSS is a client side code injection attack where attacker is able to execute malicious scripts into trusted websites. All the websites are not vulnerable to XSS, only those websites or web-applications are effected where the input-parameters are not properly validated. From there attacker can send malicious JavaScript codes, and the user of the web-application has no way to know that it is loading attacker scripts. That’s why XSS is too much dangerous.

Confused with what we are talking about? Don’t like too much theory? Let we come to practical examples. Before that we should know that XSS are mainly three types, those are following:

  1. Stored XSS
  2. Reflected XSS
  3. DOM-based XSS

Stored XSS

“Stored XSS” is also known as “Persistence XSS” or “Type I”, as we can know from the name that it will be stored, that means attacker’s malicious JavaScript codes will be “stored” on the web-applications database, and the server further drops it out back, when the client visits the perticular website.

Because this happens in a very legitimate way, like when the client/user clicks or hovers a particular infected section, the injected malicious JavaScript code will get executed by the browser as it was already saved into the web-application’s database. For that being reason this attack doesn’t requires any phishing technique to trap the user.

The most common example of “Stored XSS” is the comment section of the websites, which allow any user to write his comment as in the form for comments. Now lets have a look with an example:

A web-application is asking to users to submit their feedback, in the following screenshot we can see the two fields one is for name and another is for the comment.

storage based XSS example

Now when we fill the form and hit “Sign Guestbook” button to leave our feedback, our entry gets stored into the database. We can see the database section highlighted in the following screenshot:

xss stored testing

In this case the developer trusts us and hadn’t put any validator in the fields, or may be he forget to add validators. So this if this loophole found by an attacker, the attacker can take advantage of it. Without typing the comment in the Message section attacker may run any malicious script. The following script is given for an example:

<script>alert("This website is hacked")</script>

When we put the JavaScript code into the “Message” section, we can see the web-application reflects with an alert poop-up.

stored based xss

In the database section we can see that the database has been updated with name, but the message section is empty.

xss stored database

This is a clear indication that our/attacker’s script is successfully injected.

Now let’s check if it really submitted on the database or not? We open another browser (Chrome) and try to submit a genuine feedback.

xss stored comment

Here when we hit the “Sign Guestbook” button our this browser will execute the injected script, as we can see in the following screenshot:

We can see this also reflects our injected script, because it stored our input in the database. This is the stored based XSS.

Reflected XSS

Reflected XSS is also known as “Non-Persistence XSS” or “Type II”. When the web-application responds immediately on client’s input without validating what the client entered, this can lead an attacker to inject malicious browser executable code inside the single HTML response. This is also called “non-persistence”, because the malicious script doesn’t get stored inside the web-application’s database. That’s why the attacker needs to send the malicious link through phishing in order to trap the client.

Reflected XSS is the most common and it can be easily found on the “website’s search fields” where the attacker injects some malicious JavaScript codes in the text box/search box and, if the website is vulnerable, the web-page returns up the event described into the script.

Reflected XSS are mainly two types:

  • Reflected XSS GET
  • Reflected XSS POST

Lets check the concept of reflected XSS, we need to check the following scenario:

Here we have a webpage where we can enter our name and submit it. So, when we enter our name and submit it. A message prompts back over the screen, and say hello to us.

reflected xss reflecting name

If we look at the URL then we can see the “name” parameter in the URL shows up that, that means the data has been requested over through the GET method.

Now we are going to try to generate some pop-ups by injecting JavaScript codes over into this “name” parameter as:

<script>alert("This is reflected XSS, and you got hacked")</script>

We need to put this script on the URL where our name was,

example of reflected XSS

Now we can see that our JavaScript code is executed as an alert in the following screenshot:

reflected XSS

Actually the developer didn’t set up any input validation over the function, and our input simply get “echo“.

This is an example of reflected XSS using GET method, for reflected XSS POST method we can’t see the request on the URL, in that case we need to use Burpsuite or WebScarab like tools to change the request and inject our JavaScript codes.

DOM-Based XSS

DOM-Based XSS is the vulnerability which appears up in a Document Object Model rather than in the HTML pages. But before that we need to know what is Document Object Model.

DOM or Document Object Model describes up the different web-page segments like – title, headings, forms, tables etc, and even the hierarchical structure of an HTML page. That because this API increases the skill of the developers to produce and change HTML and XML documents as programming objects.

When an HTML document is loaded into a web browser, it becomes a “Document Object”.

DOM-based XSS vulnerabilities normally arise when JavaScript takes data from an attacker-controllable source, such as the URL, and passes it to a sink (a dangerous JavaScript function or DOM object as eval()) that supports dynamic code execution.

This attack is different from stored and reflected XSS attacks because over in this attack developer can’t find the dangerous script in the HTML source code as well as in the HTML response, it only can be observed during the execution time. Didn’t understand well, let’s check out a DOM-based XSS example.

The following application permits us to opt a language shown in the following screenshot:

Dom-based XSS

If we choose our language then we can see it on the URL. like previous (Reflected XSS GET) we can manipulate the URL to get the alert.

#<script>alert("This is DOM XSS, and you got hacked")</script>

Then if we try to change the language we can see following:

alert for dom-based XSS

After the language we put a ‘#’, this is the major diffrence between DOM-BAsed XSS and Reflected or Stored XSS is that it can’t be stopped by server-side filters because anything written after the ‘#’ (hash) will never forward to the server.

XSS Exploitation

Haha ?, what the hell if we get an alert by doing these kind of stuffs, just this? nothing else? We click on the OK button and the pop-up alert is vanishing.

Wait, the pop-up speaks about a lot words. Let’s go back to the the first place, “We’ve come a long way from where we began”. Back to the Stored XSS section.

Here, in the stored XSS section, we know that our input is stored on the database of the web-application. In our previous example we created just an alert but we can do much more then it. For an example if we put any name in the name field and put the following JavaScript code on the message field.

<script>alert(document.cookie)</script>

And we captured the cookie as we can see in the following screenshot:

xss stored exploit coockie capture

Now, if we navigate away from this page, from another browser, then return to the XSS stored page, our code should run again and present a pop-up with the cookie for the current session. This can be expanded upon greatly, and with a bit more knowledge of JavaScript, an attacker can do a lot of damage.

To know more about exploitation of XSS we can go though this official PortSwigger documentation, this is well written.

Preventing XSS Attacks

As a cybersecurity expert we try to find bugs on various services, not only that fixing them or giving an idea to fix them is also our duty. Forestalling Cross-Site scripting or XSS is trivial some times however can be a lot harder relying upon the intricacy of the application and the manners in which it handles client controllable information.

Normally we can stop XSS by using following guide:

  • Validate input from user. At the point where user input is received, filter as strictly as possible based on what is expected or valid inputs.
  • Encode data on output from server. Where user-controllable data is output in HTTP responses, we should encode the output to prevent it from being interpreted as active content. Depending on the output context, this might require applying combinations of HTML, URL, JavaScript, and CSS encoding.
  • Using appropriate response headers. To stop XSS in HTTP responses that are not intended to contain any HTML or JavaScript, we can use the Content-Type and X-Content-Type-Options headers to ensure that browsers interpret the responses in the way we intend.
  • Content Security Policy. As the last line of our defense, we can use Content Security Policy (CSP) to reduce the severity of any XSS vulnerabilities that still come.

There are tons of more article on this we can get from the internet. We found a very detailed article on preventing XSS attacks.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

Right way to record and share our Terminal sessions

Right way to record and share our Terminal sessions

The Terminal, also known as the command line or a Terminal emulator, is an crusial component of any useful operating system. It is by far one of the most important applications on MacOS and Linux. The Terminal provides an efficient interface to access the true power of a computer better than any graphical user interface.

Sometimes we need to share our terminal or terminal commands to others to show or solve some issue. In that case we use screenshots which are not so satisfying. If we use a screen recorder apps but recording a screen and send the video file is annoying, here steps in asciinema.

Asciinema record and share terminal on Linux

Asciinema is a free and open source solution for recording terminal sessions and sharing them on the web in a easy way. Now this seems very interesting, lets try asciinema on our Kali Linux system. It also can be installed on various systems like MacOS, Linux, BSD even from source and pip.

To install it on our Kali Linux system we can run following command:

sudo apt install asciinema

After giving sudo password the installation process will start. In the following screenshot we can see that asciinema is installing.

asciinema installing on Kali Linux

This is very little tool should be installed on some seconds. After the installation process is complete we can run this tool and start record our terminal.

To start the recording we need to use the following command on our terminal.

asciinema rec

In the following screenshot we can see that it is started and we can see in the following screenshot:

asciinema started

Now we can type any command and it will be recorded. Now we need to remember one thing that it records only the terminal, not other apps or the whole screen. When we feel that our recording is complete we can press CTRL+D or run exit command, shown in the following screenshot:

asciinema save options

Here it is clearly written that if we want to upload it on asciinema.org then we need to just press Enter⤶ and to save it on just our system we need to use CTRL+C.

We press Enter⤶ to upload it on asciinema.org and in the following screenshot we got the link of the recording.

asciinema uploaded

Now we can open this on our browser, here we might need an asciinema.org account. If it requires then we can easily create it by using mail id. Asciinema doesn’t requires any password they verify the mail address (?We can use temp-mail for a temporary mail id?), and we are ready to rock. We can see various options there as shown in the following screenshot.

asciinema website options

We can share it in various way. We can directly send someone the link. Asciinema also supports oEmbed/Open Graph/Twitter Card protocols, displaying a nice thumbnail where possible. We can also easily embedded an asciicast on any HTML page. If we want to put a recording in a blog post, project’s documentation or in a conference talk slides. As we embedded a asciinema terminal record, please check below:

We also can play our locally saved asciinema records (with *.cast file extension), by using following command:

asciinema play filename.cast

This is about record and share our terminal in a very easy way. Forget screen recording apps and blurry video. Enjoy a lightweight, purely text-based approach to terminal recording on our Kali Linus system.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

Basics of Digital Forensics

Basics of Digital Forensics

Forensics is the work of investigating the evidence and establishing the facts of interest that links to an incident. In this article we just discuss something about Digital Forensics. Here we try to give an introduction to digital forensics as we believe it is necessary to have a reaction plan when one of our assets, such as a server or web application, is compromised. We also recommend researching other sources for a more thorough training as this topic extends beyond the tools available in Kali Linux. Digital forensics is a faster growing area of interest in cyber security with very few people that know it well.

Basics of Digital Forensics Kali Linux

Before stepping into the world of Digital James Bond, we need to remember some rules. Not much, we believe these three rules must be followed by a digital forensics expert. If we failed to follow these rules then we may have failed to solve the case.

1. Never touch the evidence

Now it is not like the physical evidence touch. It means “never work on original data”,  always use a copy of evidence for forensics testing. We also need to ensure that we didn’t modify the data while creating a copy. The moment we touch or modify original data, our case becomes worthless. Tampered evidence can never be used in any legal proceeding regardless of what is found. The reason is once an original is modified, there is a possibility of identifying false evidence that can misrepresent the real incident. An example is making a change that adjusts the timestamp in the system logs. There would be no way to distinguish this change from an noob analyst’s mistake or attacker trying to cover his traces.
Most digital forensic analysts will use specialized devices to copy data bit for bit. There are also very reputable softwares that will do the same thing. It is important that our process be very well documented. Most digital copies in legal proceedings that have been thrown out were removed due to a hash of a storage medium, such as a hard drive, not matching copied data. The hash of a hard drive will not match a contaminated copy, even if only a single bit is modified. A hash match means it is extremely likely the original data including filesystem access logs, deleted data disk information, and metadata is an exact copy of the original data source.

2. Look for everything

The second vital rule for digital forensics is anything that can store data should be examined. In famous cases involving digital media, critical evidence has been found on a camera, DVR recorders, video game consoles, phones, iPods, and other random digital devices. If the device has any capability of storing user data, then it is possible that device could be used in a forensics investigation. Do not dismiss a device just because it is unlikely. A car navigation system that stores maps and music on SD cards could be used by culprits to hide data, as well provide evidence for Internet usage based on download music tags.

3. Well Documentation

This is the last crucial rule of digital forensics. Most of newcomers ignore it, but we MUST ensure documenting our findings. All evidence and steps used to reach a conclusion must be easy to understand for it to be credible. More importantly, our findings must be re-creatable. Independent investigators must arrive at the same conclusion as we using our documentation and techniques. It is also important that our documentation establishes a timeline  of events on when specifics occurred and how they occurred. All timeline conclusions must be documented.
A forensic investigation is all about the perception of being a security expert validating evidence linked to an incident. It is easy to get caught up looking for bad guys and drawing conclusions on what may have happened based on opinion. This is one of the fastest ways to discredit our work.

As a forensics specialist, we must only state the facts. Did the person Tony steal Steve’s files, or did the account that was logged on as the username Tony initiate a copy from the user account  Steve’s home directory to a USB drive with serial number XXX at the timestamp XXX on date XXX? See the difference? The real bad guy could have stolen Tony’s login credentials (using methods covered in this book) and steal Steve’s data while posing as Tony. The moment you jump to a conclusion is the moment your case becomes inconclusive based on personal interference. Remember, as a forensics specialist, we could be asked under oath to give testimony on exactly what happened. When anything outside of facts enters the record, our credibility will be questioned.

Extra Talks

These are the basic rules of digital forensics that we need to remember and follow all the time. Digital forensics is not so easy and it is very potential as a career option. As the basics we need to collect the information carefully and painstakingly analyzed with a view to extract evidence relating to the incident to help answer questions, as shown in the following diagram:

This is for today, if we follow the basics and use our brain and eyes then we can solve cases and become a digital James Bond. The world needs a hero.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

Best USB WiFi Adapter For Kali Linux 2021 [Updated August]

Best USB WiFi Adapter For Kali Linux 2021 [Updated August]

Best WiFi Adapter for Kali Linux

The all new Kali Linux 2021.1 was rolling out and we can simply use it as our primary operating system because of the non-root user. The main benefit of using Kali Linux as primary OS is we got the hardware support. Yes, we can do our all penetration testing jobs with this Kali Linux 2021, but to play with wireless networks or WiFi we need some special USB WiFi adapters in Kali.
Best WiFi Adapter for Kali Linux

Here we have listed some best USB Wireless adapters Kali Linux in 2021. These WiFi adapters are 100% compatible with Kali Linux and supports monitor mode and packet injection, which will help a lot in WiFi penetration testing.

Best WiFi Adapter for Kali Linux

Sl No.
WiFi Adapter
Chipset
Best for
Buy
1
AR9271
Good Old Friend
2
RT 3070
Best in it’s Price Range
3
RT 3070
Compact and Portable
4
RT 5572
Stylish for the Beginners
5
RTL8812AU
Smart Look & Advanced
6
RTL8814AU
Powerful & Premium
7
RT5372
Chip, Single Band

Alfa AWUS036NH

We are using this USB WiFi adapter from the BackTrack days (before releasing Kali Linux) and still we consider it as one of the best. For it’s long range signals we can do our penetration testing jobs from a long distance.

Alfa AWUS036NHA Kali Linux WiFi Adapter 2020

Alfa AWUS036NH is plug and play and compatible with any brand 802.11g or 802.11n router using 2.4 GHz wavelength and supports multi-stream & MIMO (multiple input multiple output) with high speed transfer TX data rate up to 150 MBPS. It also comes with a clip which can be used to attach this adapter on a laptop lid.

    1. Chipset: Atheros AR 9271.
    2. Compatible with any brand 802.11b, 802.11g or 802.11n router using 2.4 Ghz wave-length.
    3. Includes a 5 dBi omni directional antenna as well as a 7 dbi panel antenna.
    4. Supports security protocols: 64/128-bit WEP, WPA, WPA2, TKIP, AES.
    5. Compatible with Kali Linux RPi with monitor mode and packet injection.
    6. High transmitter power of 28 dBm – for long-rang and high gain WiFi.
      https://www.amazon.com/Alfa-AWUS036NH-802-11g-Wireless-Long-Range/dp/B003YIFHJY/ref=as_li_ss_tl?dchild=1&keywords=Alfa+AWUS036NHA&qid=1594882122&sr=8-6&linkCode=ll1&tag=adaptercart-20&linkId=2f09cf7cc9b84fcd2be61c590af1d25c&language=en_US

      Alfa AWUS036NHA

      Alfa again. Alfa provides the best WiFi adapters for Kali Linux. This adapter is the older version of Alfa AWUS036NH with Ralink RT3070 chipset. AWUS036NHA is the IEEE 802.11b/g/n Wireless USB adapter with 150 Mbps speed This is also compatible with IEEE 802.11b/g wireless devices at 54 Mbps.

      Alfa AWUS036NH Kali Linux WiFi Adapter 2020

      This plug and play WiFi adapter supports monitor mode and packet injection in any Linux distribution and Kali Linux. Alfa AWUS036NHA comes with a 4 inch 5 dBi screw-on swivel rubber antenna that can be removed and upgrade up to 9 dBi.

        1. Chipset: Ralink RT 3070.
        2. Comes with a 5 dBi omni directional antenna as well as a 7 dBi panel antenna.
        3. Supports security protocols: 64/128-bit wep, wpa, wpa2, tkip, aes
        4. Compatible with Kali Linux (Also in Raspberry Pi) with monitor mode and packet injection.
          https://www.amazon.com/Alfa-AWUS036NH-802-11g-Wireless-Long-Range/dp/B003YIFHJY/ref=as_li_ss_tl?dchild=1&keywords=Alfa+AWUS036NH&qid=1594870855&s=amazon-devices&sr=8-1&linkCode=ll1&tag=adaptercart-20&linkId=4c49c0097d6157190cf04122e27714ed&language=en_US

          Alfa AWUS036NEH

          This Alfa WiFi Adapter is compact and tiny, but it has a good range. It supports plug and play so connect it with Kali Linux machine and start playing with WiFi security. The antenna is detachable and makes it very portable. We have used this to build our portable hacking machine with Raspberry Pi and Kali Linux.

          Alfa AWUS036NEH Kali Linux WiFi Adpater 2020

          Alfa AWUS036NEH is the ultimate solution for going out and red teaming attacks. The long high gain WiFi antenna will give us enough range to capture even low signal wireless networks. This adapter is slim and doesn’t require a USB cable to use.

            1. Chipset: Ralink RT 3070.
            2. Supports monitor mode and packet injection on Kali Linux and Parrot Security on RPi.
            3. Compact and portable.
              https://www.amazon.com/AWUS036NEH-Range-WIRELESS-802-11b-USBAdapter/dp/B0035OCVO6/ref=as_li_ss_tl?dchild=1&keywords=Alfa+AWUS036NEH&qid=1594870918&sr=8-3&linkCode=ll1&tag=adaptercart-20&linkId=c6578f6fb090f86f9ee8917afba3199a&language=en_US

              Panda PAU09 N600

              Besides Alfa, Panda is also a good brand for WiFi adapters with monitor mode. Panda PAU09 is a good WiFi adapter to buy in 2020. This dual-band plug & play adapter is able to attack both 2.4 GHz as well as 5 GHz 802.11 ac/b/g/n WiFi networks.

              Panda PAU09 WiFi adapter for monitor mode

              This adapter comes with a USB docker and dual antennas, which looks really cool. It is also detachable into smaller parts. This adapter is reliable even on USB 3 and works great and fully supports both monitor mode and injection which is rare on a dual band wireless card out of the box.

                1. Chipset: Ralink RT5572.
                2. Supports monitor mode and packet injection on Kali Linux, Parrot Security even in RPi.
                3. 2 x 5dBi antenna.
                4. It comes with a USB stand with a 5 feet cable.
                5. Little bit of heating issue (not so much).
                  https://www.amazon.com/Panda-Wireless-PAU09-Adapter-Antennas/dp/B01LY35HGO/ref=as_li_ss_tl?dchild=1&keywords=Panda+PAU09&qid=1594870963&sr=8-1-spons&psc=1&spLa=ZW5jcnlwdGVkUXVhbGlmaWVyPUEzRUUwQjNVSkNGMEFIJmVuY3J5cHRlZElkPUEwODkwNzI3MkZHWUFNUTBRMlRTQSZlbmNyeXB0ZWRBZElkPUEwNzkxNzgzMTBaUEdDS05IUzdDTSZ3aWRnZXROYW1lPXNwX2F0ZiZhY3Rpb249Y2xpY2tSZWRpcmVjdCZkb05vdExvZ0NsaWNrPXRydWU=&linkCode=ll1&tag=adaptercart-20&linkId=d9d43db491c7cf14863cc99c1b8b7797&language=en_US

                  Alfa AWUS036ACH / AC1200

                  In Kali Linux 2017.1 update Kali Linux was released a significant update – support for RTL8812AU wireless chipset. Now Alfa AWUS036ACH is a BEAST. This is a premium WiFi adapter used by hackers and penetration testers. It comes with dual antennas and dual band technology (2.4 GHz 300 Mbps/5 GHz 867 Mbps) supports 802.11ac and a, b, g, n.

                  Alfa AWUS036ACH WiFi adapter for Kali Linux

                  These antennas are removable and if we require higher range, then we can connect an antenna with greater dbi value and use it as a long range WiFi link which makes this one of the best WiFi adapters. Also this adapter has an awesome look.

                  If budget is not an issue then this adapter is highly recommended.

                    1. Chipset: RealTek RTL8812AU.
                    2. Dual-band: 2.4 GHz and 5 GHz.
                    3. Supports both monitor mode & packet injection on dual band.
                    4. Premium quality with high price tag.
                      https://www.amazon.com/Alfa-Long-Range-Dual-Band-Wireless-External/dp/B00VEEBOPG/ref=as_li_ss_tl?dchild=1&keywords=Alfa+AWUS036ACH&qid=1594871102&sr=8-3&linkCode=ll1&tag=adaptercart-20&linkId=928256b6b245a63277f865d406f44c02&language=en_US

                      Alfa AWUS1900 / AC1900

                      Now this is the beast, then why is it at last? It is last because of its high price range. But the price is totally worth it for this USB WiFi adapter. If the previous adapter was a beast then it is a monster. Alfa AWUS1900 has high-gain quad antenna that covers a really long range (500 ft in an open area).

                      This is a dual band WiFi adapter with high speed capability 2.4GHz [up to 600Mbps] & 5GHz [up to 1300Mbps]. It also has a USB 3.0 interface.

                      Alfa AWUS036ACH The best wifi adapter for hacking in Kali Linux

                      Monitor mode and packet injection supported with both bands and it will be very useful for serious penetration testers. We also can attach this on our laptop display with it’s screen clip provided with the box.

                      What we got in the box?

                      • 1 x AWUS1900 Wi-Fi Adapter
                      • 4 x Dual-band antennas
                      • 1 x USB 3.0 cable
                      • 1 x Screen clip
                      • 1 x Installation DVD-Rom (doesn’t require on Kali Linux. Plug&Play)
                      • A consistent solution for network congestion!
                        1. Chipset: RealTek RTL8814AU.
                        2. Dual-band: 2.4 GHz and 5 GHz.
                        3. Supports both monitor mode & packet injection on dual band.
                        4. Premium quality with high price tag.
                        5. Very long range.
                          https://www.amazon.com/Alfa-AC1900-WiFi-Adapter-Long-Range/dp/B01MZD7Z76/ref=as_li_ss_tl?dchild=1&keywords=Alfa+AWUS036ACH&qid=1594871169&sr=8-4&linkCode=ll1&tag=adaptercart-20&linkId=d62c81825eace1b0f09d0762e84881c4&language=en_US

                          Panda PAU 06

                          Yes, This low cost Panda PAU 06 WiFi adapter supports Monitor Mode and Packet Injections. But we really don’t suggest to buy this adapter if budget is not an issue.
                          panda pau 06 wifi adapter for Kali Linux
                          The main reason is this WiFi adapter doesn’t supports dual-band frequency (only supports 2.4GHz), it doesn’t supports 5GHz frequency.
                          This WiFi adapter comes with Ralink RT5372 chipset inside it. 802.11n standards supports 300MB per second maximum speed.
                          This adapter takes less power from computer, but other adapters doesn’t took too much power from system (this point is negligible).
                          panda pau 06 order on amazon

                          Extras

                          There are some more WiFi adapters that we did not cover because we didn’t test them on our hands. These WiFi adapters were owned by us and some of our friends so we got a chance to test these products. We didn’t listed some WiFi adapters like following:

                          Be Careful to choose from these, because we don’t know that they surely support monitor mode & packet injection or not. As per our own experience Alfa cards are the best in the case of WiFi Hacking.

                          How to Choose Best Wireless Adapter for Kali Linux 2020

                          Before going through WiFi adapter brands let’s talk something about what kind of WiFi adapter is best for Kali Linux. There are some requirements to be a WiFi penetration testing wireless adapter.

                          • Should support Monitor mode.
                          • The ability to inject packets and capture packets simultaneously.

                          Here are the list of WiFi motherboards supports Monitor mode and Packet injection.

                          • Atheros AR9271 (only supports 2.4 GHz).
                          • Ralink RT3070.
                          • Ralink RT3572.
                          • Ralink RT5370N
                          • Ralink RT5372.
                          • Ralink RT5572.
                          • RealTek 8187L.
                          • RealTek RTL8812AU (RTL8812BU & Realtek8811AU doesn’t support monitor mode).
                          • RealTek RTL8814AU

                          So we need to choose WiFi Adapter for Kali Linux carefully. For an Example, on the Internet lots of old and misleading articles that describe TP Link N150 TL-WN722N is good for WiFi security testing. But it is not true. Actually it was.

                          TP Link N150 TL-WN722N newer models don't support Monitor Mode
                          TP Link N150 TL-WN722N newer models doesn’t work

                          The TP Link N150 TL-WN722N’s previous versions support monitor mode. The version 1 comes with Atheros AR9002U chipset and supports monitor mode. Version 2 has the Realtek RTL8188EUS chipset and doesn’t support monitor mode or packet injection. TP Link N150 TL-WN722N version 1 is not available in the market right now. So clear these things and don’t get trapped.

                          Which WiFi adapter is the best? Vote Please

                           
                          pollcode.com free polls

                          WiFi Hacking in Kali Linux

                          Kali Linux is the most widely used penetration testing operating system of all time. It comes with lots of tools pre-installed for cyber security experts and ethical hackers. We can perform web application penetration testing, network attack as well as wireless auditing or WiFi hacking. We have already posted some lots of tutorials on our website and some good WiFi auditing tutorials like AirCrack-Ng.

                          Why Do We Use External USB WiFi Adapters in Kali Linux?

                          A WiFi adapter is a device that can be connected to our system and allows us to communicate with other devices over a wireless network. It is the WiFi chipset that allows our mobile phone laptop or other devices which allows us to connect to our WiFi network and access the internet or nearby devices.

                          But most of the Laptops and mobile phones come with inbuilt WiFi chipset so why do we need to connect an external WiFi adapter on our system ? Well the simple answer is our in-built WiFi hardware is not much capable to perform security testing in WiFi networks.Usually inbuilt WiFi adapters are low budget and not made for WiFi hacking, they don’t support monitor mode or packet injection.

                          If we are running Kali Linux on Virtual Machine then also the inbuilt WiFi Adapter doesn’t work for us. Not even in bridge mode. In that case we also need an external WiFi adapter to play with WiFi networks. A good external WiFi adapter is a must have tool for everyone who has interest in the cyber security field.

                           
                          WSL2 installation of Kali Linux will not support any kind (Inbuilt or External) of Wi-Fi adapters.

                          Kali Linux Supported WiFi Adapters

                          Technically almost every WiFi adapter supports Kali Linux, but those are useless on WiFi hacking if they don’t support monitor mode and packet injection. Suppose, we buy a cheap WiFi adapter under $15 and use it to connect WiFi on Kali Linux. That will work for connecting to wireless networks but we can’t play with networks.

                          It doesn’t make sense, when we are using Kali Linux then we are penetration testers so a basic WiFi adapter can’t fulfill our requirements. That’s why we should have a special WiFi adapter that supports monitor mode and packet injection. So in this tutorial Kali Linux supported means not only supported it means the chipset has ability to support monitor mode and packet injection.

                          What is Monitor Mode

                          Network adapters, whether it is wired or wireless, are designed to only capture and process packets that are sent to them. When we want to sniff a wired connection and pick up all packets going over the wire, we put our wired network card in “promiscuous” mode.

                          In wireless technology, the equivalent is monitor mode. This enables us to see and manipulate all wireless traffic passing through the air around us. Without this ability, we are limited to using our WiFi adapter to only connect to wireless Access Points (APs) that accept and authenticate us. That is not what we are willing to settle for.
                          In the Aircrack-ng suite, we need to be able to use airodump-ng to collect or sniff data packets.

                          What is Packet Injection

                          Most WiFi attacks require that we are able to inject packets into the AP while, at the same time, capturing packets going over the air. Only a few WiFi adapters are capable of doing this.

                          WiFi adapter manufacturers are not looking to add extra features to their standard wireless adapters to suit penetration testers needs. Most wireless adapters built into your laptop are designed so that people can connect to WiFi and browse the web and send mails. We need something much more powerful and versatile than that.

                          If we can’t inject packets into the Access Point (in Aircrack-ng, this is the function of Aireplay-ng), then it really limits what we do.

                          If we are using Kali Linux and want to be a security tester or ethical hacker then a special WiFi adapter is a must have tool in our backpack. As per our own experience listed Alfa cards in this list are best USB wireless adapter for Kali Linux, going with them may be costly but they are really worth it. For more assistance comment below we reply each and every comment.

                          We are also in Twitter join us there. Our Telegram group also can help to choose the best WiFi adapter for hacking and Kali Linux.
                          Ping — Know the Target (Ping Pong)!

                          Ping — Know the Target (Ping Pong)!

                          Ping Pong! No we are not in wrong article. In this article we are going do discuss about the ping tool. Ping is the most famous tool that is used to check whether a particular host is available or not. tool works by sending an Internet Control Message Protocol (ICMP) echo request packet to the target host. If the target host is available and the firewall is not blocking the ICMP echo request packet, it will reply with the ICMP echo reply packet.

                          ping on Kali Linux

                          Although we can’t find the ping tool in Kali Linux application menu but in our terminal we can ping -h command to see the help section of the ping tool.

                          ping -h

                          In the following screenshot we can see the help of ping.

                          help of ping on Kali Linux

                          Now we run the ping with a destination address. For an example we use IP address of Facebook. We use following command:

                          ping 31.13.79.35

                          In the following screenshot we can see the output of the above command.

                          ping facebook ip from Kali Linux

                          By default, ping will run continuously until we press Ctrl + C and stop it.

                          We also can use a domain name to ping. Ping will automatically fetch the IP, if the target not behind a firewall.

                          ping facebook.com

                          In the following screenshot we can see that ping is started and it’s automatically find facebook’s IP address.

                          ping facebook.com from Kali Linux

                          This was the basic example, ping toll has lot of options inside it, but few of them are widely used. Those are following:

                          • -c count: This is the number of echo request packets to be sent.
                          • -I interface address: This is the network interface of the source address. The argument may be a numeric IP address (such as 192.168.0.108) or the name of the device (like eth0, wlan0). This option is required if we want to ping the IPv6 link-local address.
                          • -s packet size: This specifies the number of data bytes to be sent. The default is 56 bytes, which translates into 64 ICMP data bytes when combined with the 8 bytes of the ICMP header data.

                          We will discuss about these with example.

                          Assume that we are starting with internal penetration testing work. The customer gave us access to their network using a LAN cable. And, they also gave us the list of target servers’ IP addresses.

                          The first thing we would want to do before launching a full penetration testing arsenal is to check whether these servers are accessible from our machine. We can use ping for this task.

                          Our target server is located at 192.168.0.1, while our machine has an IP address of 192.168.0.108. To check the target server availability, we can give the following command:

                          ping -c 1 192.168.0.1

                          In the following screenshot is the result of the preceding ping command:

                          ping on local target

                          From the above screenshot, we know that there is one ICMP echo request packet sent to the destination (IP address: 192.168.0.1). Also, the sending host (IP address: 192.168.0.108) received one ICMP echo reply packet. The round-trip time required is 2.208 ms (millisecond), and there is no packet loss during the process.

                          Let’s see the network packets that are transmitted and received by our machine. We are going to use Wireshark, a network protocol analyzer, on our machine to capture these packets, as shown in the following screenshot:

                          ping network packets capturing on wireshark

                          From the above screenshot, we can see that our host (192.168.0.1) sent one ICMP echo request packet to the destination host (192.168.0.108). Since the destination is alive and allows the ICMP echo request packet, it will send the ICMP echo reply packet back to our machine.

                          If our target is using an IPv6 address, such as fe80::e82a:e363:100d:9b02, we can use the ping6 tool to check its availability. We need to give the -I option for the command to work against the link-local address:

                          ping6 -c 1 fe80::e82a:e363:100d:9b02 -I wlan0

                          The following screenshot shows the packets sent to complete the ping6 request:

                          ping6 for IPV6

                          Here ping6 is using the ICMPv6 request and reply.

                          To block the ping request, our firewall can be configured to only allow the ICMP echo request packet from a specific host and drop the packets sent from other hosts. This is how we can use ping and know things about our host. This is the primary thing for penetration testers.

                          That’s for today. Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

                          Maltego — Powerful OSINT Reconnaissance Framework

                          Maltego — Powerful OSINT Reconnaissance Framework

                          Maltego is one of the most famous OSINT frameworks for personal and organizational reconnaissance. It is a GUI tool that provides the capability of gathering information on any individuals, by extracting the information that is publicly available on the internet by diffrent methods. Maltego is also capable of enumerating the DNS, brute-forcing the normal DNS and collecting the data from social media in an easily readable format.

                          How are we going to use the Maltego in our goal-based penetration testing or red teaming exercise? We can utilize this tool in developing a visualization of data that we gathered. The community edition of Maltego comes with Kali Linux.

                          Maltego Kali Linux

                          The tasks in Maltego are named as transforms. Transforms come built into the tool and are defined as being scripts of code that execute specific tasks. There are also multiple plugins available in Maltego, such as the SensePost toolset, Shodan, VirusTotal, ThreatMiner, and so on. Maltego offers the user with unprecedented information. Information is leverage. Information is power. Information is Maltego.

                          What does Maltego do?

                          Maltego is a program that can be used to determine the relationships and real world links between:

                          • People
                          • Groups of people (social networks)
                          • Companies
                          • Organizations
                          • Web sites
                          • Internet infrastructure such as:
                          • Domains
                          • DNS names
                          • Netblocks
                          • IP addresses
                          • Phrases
                          • Affiliations
                          • Documents and files
                          • These entities are linked using open source intelligence.
                          • Maltego is easy and quick to install – it uses Java, so it runs on Windows, Mac and Linux.
                          • Maltego provides you with a graphical interface that makes seeing these relationships instant and accurate – making it possible to see hidden connections.
                          • Using the graphical user interface (GUI) you can see relationships easily – even if they are three or four degrees of separation away.
                          • Maltego is unique because it uses a powerful, flexible framework that makes customizing possible. As such, Maltego can be adapted to your own, unique requirements.

                           What can Maltego do for us?

                          • Maltego can be used for the information gathering phase of all security related work. It will save our time and will allow you to work more accurately and smarter.
                          • Maltego aids us in your thinking process by visually demonstrating interconnected links between searched items.
                          • Maltego provide us with a much more powerful search, giving you smarter results.
                          • If access to “hidden” information determines your success, Maltego can help us discover it.

                          Setting Up Maltego on Kali Linux

                          The easiest way to access this application is to type maltego in our Terminal, also, we can open it from Kali Linux Application menu.

                          maltego

                          After first time we opened Maltego it will show us the product selection page, where we can buy various versions of Maltego, but the community edition of Maltego is free for everyone so we choose it (Maltego CE) and click on run, as shown in the following screenshot:

                          Selecting Maltego CE Community Edition

                          After clicking on “RUN”, we will got the configuring Maltego window. Here  we need to login and setup our Maltego for the very first time. First we need to accept the terms and conditions of Maltego as we can see in the following screenshot:

                          Accept terms and conditions and move next

                          On the above screenshot we can see that we check ✅ the “Accept” box and click on “Next”.

                          After that we got a login screen a we can see in the following screenshot:

                          On the above screenshot we can see that note “LOGIN: Please log in to use the free online version of Maltego.” So, we need to log in here. But before that we need to Register to create our credential. We need to click on “Register”, and register page will open on our browser, or we can click here to go to the same page for register.

                          Maltego Registration

                          Here we need to fill up everything then they send activation link on our given mail address. For security reasons we are using temp-mail services, and we got our activation mail and activate it. After activating it we need to login from Maltego.

                          Maltego sucessfully logged in

                          Then we just need to click “Next”, “Next”, “Next”, and our Maltego will open in front of us, as we can see in the following screenshot.

                          Maltego on kali Linux

                          Running Maltego on Kali Linux

                          Now we are ready to use Maltego and run the machine, by navigating to “Machines” in the Menu folder and clicking on “Run Machine”; and then, we will be able to start an instance of the Maltego engine. Shown in the following screenshot:

                          Starting Maltego intence

                          After that we got a list of available options in Maltego public machines:

                          Maltego machines list

                          Usually, when we select Maltego Public Servers, we will have the following machine selections:

                          • Company Stalker: To get all email addresses at a domain and then see which one resolves on social networks. It also downloads and extracts metadata of the published documents on the internet.
                          • Find Wikipedia edits: This transform looks for the alias from the Wikipedia edits and searches for the same across all social media platforms.
                          • Footprint L1: Performs basic footprints of a domain.
                          • Footprint L2: Performs medium-level footprints of a domain.
                          • Footprint L3: Intense deep dive into a domain, typically used with care since it eats up all the resources.
                          • Footprint XXL: This works on the large targets such as a company hosting its own data centers, and tries to obtain the footprint by looking at sender policy framework (SPF) records hoping for netblocks, as well as reverse delegated DNS to their name servers.
                          • Person – Email Address: To obtain someone’s email address and see where it’s used on the internet. Input is not a domain, but rather a full email address.
                          • URL to Network and Domain Information: This transform will identify the domain information of other TLDs. For example, if we provide www.google.com, it will identify www.google.us, google.co.in, and so on and so forth.

                          Cybersecurity experts usually begin with “Footprint L1” to get a basic understanding of the domain and it’s potentially available sub-domains and relevant IP addresses. It is quite good to begin with this information as part of information gathering, however, pentesters can also utilize all the other machines as mentioned previously to achieve their goal.

                          Once the machine is selected, we need to click on “Next” and specify a domain, for example google.com. The following screenshot provides the overview of google.com.

                          google on maltego
                          Footprint L1 with Maltego on Google.com

                          On the top-left side of the above screenshot, we will see the Palette window. In the Palette window, we can choose the entity type for which you want to gather the information. Maltego divides the entities into six groups as follows:

                          • Devices such as phone or camera.
                          • Infrastructure such as AS, DNS name, domain, IPv4 address, MX record, NS record, netblock, URL, and website.
                          • Locations on Earth.
                          • Penetration testing such as built with technology.
                          • Personal such as alias, document, e-mail address, image, person, phone number, and phrase.
                          • Social Network such as Facebook object, Twitter entity, Facebook affiliation, and Twitter affiliation.

                          If we right-click on the domain name, we will see all of the transforms that can be done to the domain name:

                          Maltego all transform

                          • DNS from domain.
                          • Domain owner’s details.
                          • E-mail addresses from domain.
                          • Files and documents from domain.
                          • Other transforms, such as To Person, To Phone numbers, and To Website.
                          • All transforms.

                          If we want to change the domain, you need to save the current graph first. To save the graph, click on the Maltego icon, and then select Save. The graph will be saved in the Maltego graph file format ( .mtgx ).

                          Saving maltego output

                          Then to change the domain, just double-click on the existing domain and change the domain name.

                          maltego against KaliLinuxIn

                          This is how Maltego works on our Kali Linux system. This is a very strong GUI based information gathering tool which comes loaded with Kali Linux.

                          Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

                          Guide to Check & Remove Pegasus Spyware from Mobile

                          Guide to Check & Remove Pegasus Spyware from Mobile

                          Table of Contents

                          1. Pegasus Spyware
                          2. What is MVT ?
                          3. Installation of MVT on Linux and Mac
                          4. Checking for Pegasus Spyware on Android Device
                          5. Checking for Pegasus Spyware on iPhone
                          6. How to Remove Pegasus Spyware from Mobile Phone

                          Pegasus Spyware

                          Pegasus Spyware is a very trending topic in the world media now. It is really debatable whether, it is abused for spying on people like activists, or journalists etc or not. Without making our article controversial we directly jump into the topic. How can we find out if our phone is infected with this Pegasus Spyware or not?

                          Pegasus is a spyware developed by the Israeli infosec firm NSO Group that can be covertly installed on mobile phones (and other devices) running most versions of iOS and Android. The 2021 Project Pegasus revelations suggest that current Pegasus software is able to exploit all recent iOS versions up to iOS 14.6. According to the Washington Post and other prominent media sources, Pegasus not only enables the keystroke monitoring of all communications from a phone (texts, emails, web searches) but it also enables phone call and location tracking, while also permitting NSO Group to hijack both the mobile phone’s microphone and camera, thus turning our phone into a constant surveillance device. 

                          Pegasus on Kali Linux

                          First of all we don’t know exactly how this malware comes into our devices and uses which vulnerability. But when it is on our device it can spy on us, by reading SMS, tracking our GPS locations, using our microphone and camera and downloading our files from our phones. Here to do everything it requires permissions from our Android or iOS. So it can be detected from there, but we need to perform some forensics test to detect it. Don’t worry it will be very easy when we are here. We are going to use MVT or Mobile Verification Toolkit on our system to detect this Pegasus Spyware. MVT was created by Amnesty International Security Lab in July 2021.

                          What is MVT ?

                          Mobile Verification Toolkit aka MVT is a collection of tools designed to facilitate the consensual forensic testing of Android and iOS devices for the purpose of identifying any signs of compromise even it can identify Pegasus. MVT’s capabilities are continuously evolving, but some of its key features include: 

                          • Decrypt encrypted iOS backups.
                          • Process and parse records from numerous iOS system and apps databases, logs and system analytics.
                          • Extract installed applications from Android devices.
                          • Extract diagnostic information from Android devices through the adb protocol.
                          • Compare extracted records to a provided list of malicious indicators in STIX2 format.
                          • Generate JSON logs of extracted records, and separate JSON logs of all detected malicious traces.
                          • Generate a unified chronological timeline of extracted records, along with a timeline of all detected malicious traces.

                          Installation of MVT on Linux and Mac

                          Before going to install MVT we need to have Python 3.6 installed on our computer. Python is available for most of the desktop operating systems.

                          Installing MVT on Linux

                          To install MVT on Linux we need to install some dependencies, to install them we need to run following commands on our terminal window:

                          sudo apt install python3 python3-pip libusb-1.0-0

                          libusb-1.0-0 is not required if you intend to only use mvt-ios and not mvt-android, coming to these things later.

                          Then we need to run the following command to install MVT on our system:

                          pip3 install mvt

                          MVT will start downloading on our system, as we can see in the following screenshot:

                          mvt installing on Linux

                          After a couple of minutes (time will depend on our system performance and internet speed) MVT will be installed on our Linux system.

                          Installing MVT on MAC

                          To install MVT on MAC requires Xcode and homebrew to be installed. Further the process is almost the same. We need to install dependencies to run MVP on MAC by using following command on the terminal:

                          brew install python3 libusb

                          Then we need to install MVT by using following command:

                          pip3 install mvt

                          Path correction after installation

                          After installing MVT on our system we can run it to check Pegasus on our mobile device, but before running it we need to fix our path to easily run this. This step sometimes already comes with some operating system. We suggest to skipping this and forward to the next step if that doesn’t work then try this.

                          We need to open our .bash or .zshrc (depending which shell we are using BASH or ZSH) on nano editor by using following command:

                          nano .zshrc

                          Then we need to add the following line at the end of the code (in a new line), then save and close it (by pressing ctrl+x, then Y, then Enter).

                          export PATH=$PATH:~/.local/bin

                          So we had installed MVT to run a forensics scan on our Mobile phones to check if our device is infected by Pegasus spyware or not. Firstly we check the help/options of this tool by applying two commands on our terminal. Two commands ? Yes one help menu is for Android another is for iOS. Both are in following:

                          mvt-android --help
                          mvt-ios --help

                          In the following screenshot we can see the output of above commands.

                          options to run MVT aginst pegasys spyware

                          Checking for Pegasus Spyware on Android Device

                          If we have a suspected android device then we need to connect our Android device via ADB (Android Debug Bridge). So ADB needs to be in our system. On Linux systems we can use sudo apt install adb android-tools-adb, We can install it also on Mac. The phone’s ADB connection must be allowed inside developer options, details about ADB can be found here.

                          Then we need to connect our android device via USB with our computer and check that ADB is working and our mobile device is connected properly.

                          adb device connected

                          In the above screenshot we can see that our device is properly connected with ADB. Now we also can check the connection using MVT by using following command:

                          mvt-android check-adb

                          We may got some error like the following screenshot:

                          mvt adb error may comes

                          If we get this common error (already adb-server is running, we need to kill it) then we need to run the following command to solve it and check-adb again.

                          adb kill-server

                          Now here there are two type of scans we can perform on our Android devices:

                          • Check APKs: We can scan all installed apps.
                          • Check Android Backup: Create a backup of the device and scan it.

                          Check APKs

                          We can run the following command to start downloading all our Android applications on our PC and scan them.

                          mvt-android download-apks --output androidapps --all-checks

                          The above command will start the work and save our all applications on a folder called androidapps, then start all checks as we commanded it.

                          downloading apk files on PC

                          In the above screenshot we can see that we are extracting all the installed applications on our PC. After the download complete MVT will start scanning every applications, after scan it will show us a result as we can see in the following screenshot:

                          Scan result on MVT

                          Here in a chart we can see MVT didn’t detect any spyware on our phone.

                          Check Android Backup

                          Some attacks against Android phones are done by sending malicious links by SMS. The Android backup feature does not allow to gather much information that can be interesting for a forensic analysis, but it can be used to extract SMSs and check them with MVT. To do so, we need to connect our Android device to our computer. We will then need to enable USB debugging on the Android device.

                          If this is the first time we connect to this device, we will need to approve the authentication keys through a prompt that will appear on our Android device. Then we can use adb to extract the backup for SMS only with the following command:

                          adb backup com.android.providers.telephony

                          We need to approve the backup on the phone and potentially enter a password to encrypt the backup. The backup will then be stored in a file named backup.ab on our working directory on PC.

                          We need to use Android Backup Extractor and download abe.jar file to convert it to a readable file format. Make sure that java is installed on our system (mostly Linux comes with it) and use the following command:

                          java -jar ~/Downloads/abe.jar unpack backup.ab backup.tar

                          We can see the output in the following screenshot:

                          backup in a readable format

                          Now we extract it by using following command:

                          tar xvf backup.tar

                          Screenshot shows the output of the above command.

                          extracting backup

                          Then we can extract SMSs containing links with MVT:

                          mvt-android check-backup --output sms .

                          The output will be saved in a folder named “sms”. In the screenshot we can see our device has lots of SMS with links, which may be dangerous.

                          sms checks by MVT

                          This is how we can test an Android device to find Pegasus or any other potential spyware.

                          Checking for Pegasus Spyware on iPhone

                          Before jumping into acquiring and analyzing data from an iOS device, we should evaluate what is our precise plan of action. Because multiple options are available to us, We should define and familiarize with the most effective forensic methodology in each case.

                          Filesystem Dump

                          We will need to decide whether to attempt to jailbreak the device and obtain a full filesystem dump, or not.

                          While access to the full file system allows to extract data that would otherwise be unavailable, it might not always be possible to jailbreak a certain iPhone model or version of iOS. In addition, depending on the type of jailbreak available, doing so might compromise some important records, pollute others, or potentially cause unintended malfunctioning of the device later in case it is used again.

                          If we are not expected to return the phone, we might want to consider to attempting a jailbreak after having exhausted all other options, including a backup.

                          iTunes Backup

                          An alternative option is to generate an iTunes backup (in the most recent version of mac OS, they are no longer launched from iTunes, but directly from Finder). While backups only provide a subset of the files stored on the device, in many cases it might be sufficient to at least detect some suspicious artifacts. Backups encrypted with a password will have some additional interesting records not available in unencrypted ones, such as Safari history, Safari state, etc.

                          The use of MVT is almost the same here. If we read the android part then we can easily get the point, but iOS forensics and backup has some little bit different. Here we suggest to going with the Official Documentation of MVT. This is detailed enough to follow easily.

                          How to Remove Pegasus Spyware from Mobile Phone

                          OK we got this. We know that we can check for Pegasus on our mobile phone, but what if our phone is affected? In that case we suggest the following methods.

                          • If our Android or iPhone is not rooted (Jailbroken term used for iPhones), then we can easily remove it by doing a factory reset or hard reset to remove Pegasus. Keep the backup aside. Backing them up again on the mobile is not recommended, because we don’t know which loophole used by Pegasus (It can be media files or something can be stored).
                          • If we have a rooted Android device then full format or factory reset will not work here, because on rooted devices spywares are installed as default applications. Updating the Android version also doesn’t work here. Best solution can be to install a custom ROM. That can remove the entire OS with the spyware.
                          • If we are on a Jailbroken iPhone then we already violated Apple’s policy, they will not be going to help us. Because iOS is not open-source and uses different kernels it don’t have any practical custom ROM. In this case we can suggest a full reset of the device and check again. If Pegasus was still there we would need to buy a new phone.
                          • Using a feature phone may be a solution, but in this digital era this is next to impossible, so we can use some Linux phones (Smart phones comes with Linux operating system).

                          This is how we can find and remove if our mobile phone device is infected with Pegasus Spyware using MVT. Pegasus has been called the most sophisticated hacking software available today to intrude phones. NSO Group has, time and again, claimed that it does not hold responsibility in case of misuse of the Pegasus software. The NSO group claims that it only sells the tool to vetted governments and not individuals or any other entities.

                          Love our articles? Make sure to follow us on Twitter and GitHub, we post updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we are always happy to help everyone in the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

                          BED — Bruteforce Exploit Detector

                          BED — Bruteforce Exploit Detector

                          In our previous article we discussed about “what is fuzzing ?” In our this article we are going to try a fuzzer (tool for fuzzing).

                          BED is a plain-text protocol fuzzer which stands for Bruteforce Exploit Detector. Bed checks software for common vulnerabilities like buffer overflows, format string bugs, integer overflows, etc.

                          It automatically tests the implementation of a chosen protocol by sending different combinations of commands with problematic strings to confuse the target. The protocols supported by this tool are: finger, ftp, http, imap, irc, lpd, pjl, pop, smtp, socks4 and socks5.

                          bed bruteforce exploit detector kali linux

                          BED comes pre-installed with our Kali Linux system. It is too easy to use so our article will be brief. So lets start:

                          As we mentioned BED comes pre-installed with Kali Linux so check with the help of BED. To do so we need to run following command on our terminal:

                          bed -h

                          After that we can see the help of BED tool, as we can see on the screenshot below.

                          help of bed tool in kali linux

                          In the help section (above screenshot) we clearly can see the basic use example of BED. We need to use -s flag to scan, then we need to choose <plugin>, then we need to specify our target (IP address) by using -t flag, then we need to specify our port using -p flag, at last we need to set our timeout by using -o flag.

                          Let’s see an example of this, we have an localhost http server on port 80 we try to find vulnerabilities on it by using BED. So our command will be as following:

                          bed -s HTTP -t 127.9.0.1 -p 80 -o 10

                          The above command will start testing for vulnerabilities on our target (127.9.0.1) as we can see in the following screenshot:

                          Bed fuzzer testing for vulnerabilities

                          If it got any vulnerability then it will show us by showing errors.

                          This is how we can use BED fuzzer on our Kali Linux system. Here we need to find IP address of our target.

                          Love our articles? Make sure to follow us on Twitter and GitHub, we post updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

                          Ghost Framework — Control Android Devices Remotely

                          Ghost Framework — Control Android Devices Remotely

                          Ghost Framework is an Android post-exploitation framework that uses an Android Debug Bridge to remotely access and control Android device. Ghost Framework 7.0 gives us the power and convenience of remote Android device administration.

                          Ghost Framework Remotely control Android on Kali Linux

                          We can use this framework to control old Android devices which have turn on the debug bridge in the “Developer options”. Now this becomes very harmful because an attacker gets the full admin control on the vulnerable Android device.
                          In our this detailed tutorial we will practically learn how we can use the Ghost Framework to take control of Android device from our Kali Linux system. So we start from cloning the Ghost Framework from GitHub by using following command:

                          pip3 install git+https://github.com/EntySec/Ghost

                          In the following screenshot we can see that Ghost is downloaded on our system.

                          installing ghost from github

                          Now ghost framework is ready to use on our system, we can run it from any where in our terminal by only the ghost command:

                          ghost

                          The following screenshot shows ghost console is up on our system and it is successfully running.

                          Ghost framework on Kali Linux

                          Now we can see the help options of ghost framework by simply running help command on the console.

                          help

                          The help option will be like following screenshot:

                          Ghost help menu

                          Now we can connect it with vulnerable Android devices. Now how we get a IP address of an old vulnerable Android devices? Shodan is here. Shodan is a grate search engine for searching the devices connected to internet. We already have a tutorial on Shodan.

                          In Shodan search engine we have to search for “Android Debug Bridge“, as we have shown in following screenshot:

                          Shodan Android Debug Bridge

                          Here we can see over 2.5k search results. Every device is vulnerable for ghost and those devices are connected to internet. If ghost shows failed to connect then Shodan is showing us an offline device. We also can try this with our Android device.

                          From here we can pick any IP address and use with connect command. For an example we select the highlighted IP address and connect it with ghost by using following command:

                          connect 168.70.49.186

                          In some seconds it will be connected as we can see in the following screenshot.

                          Ghost connected to target

                          Here we can see we are connected with the IP address. Now we can run anything from Ghost Framework. We can see the commands we can run after connecting by using help command here.

                          help

                          In the following screenshot we can see a lot of things that we can do with this device.

                          ghost commands

                          Now we can do almost everything with this device.

                          What we can do with Ghost Framework

                          • See device activity information.
                          • See device battery state.
                          • See device network information.
                          • See device system information.
                          • See device system information.
                          • Clicks the specified x and y axis.
                          • Control device keyboard.
                          • Press/Simulate key-press on target device.
                          • Open URL on device.
                          • Control device screen.
                          • Take device screenshot.
                          • Open device shell.
                          • Types the specified text on the device.
                          • Upload local file.
                          • Download remote file.
                          • Show Contacts Saved on Device.
                          • Reboot device.

                          Ghost Framework has a simple and clear UX/UI. It is easy to understand. Ghost Framework can be used to remove the remote Android device password if it was forgotten. It is also can be used to access the remote Android device shell without using OpenSSH or other protocols.

                          Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

                          Black Widow — Web Ripper Tool

                          Black Widow — Web Ripper Tool

                          Website security auditing is always on demand in the cybersecurity field. Web application hacking is the main priority of every penetration testing student. We have learned in our many previous articles how we can gather information about a target. After information gathering the next process in finding the vulnerabilities or loopholes on a target website. Manually doing this requires a lot of experience and time, but some tools make it easier.
                          Black widow is a website ripper tool, this will help us to mapping or scanning targeted websites and Black widow works automatically.
                          Black Widow Kali Linux
                          Black Widow is written in Python3. This tool scans on target websites to gather subdomains, URL’s, dynamic parameters, email addresses and phone numbers from a target website. Black Widow also includes Inject-X fuzzer to scan dynamic URLs for common OWASP vulnerabilities.

                          Key features of Black Widow:

                          • Automatically collect all URLs from a target website.
                          • Automatically collect all dynamic URLs & parameters from a target website.
                          • Automatically collect all subdomains from a target website.
                          • Automatically collect all phone numbers from a target website.
                          • Automatically collect all email addresses from a target website.
                          • Automatically collect all form URLs from a target website.
                          • Automatically scan/fuzz for common OWASP TOP vulnerabilities.
                          • Automatically saves all data into sorted text files.

                          Installing Black Widow on Kali Linux

                          To install Black Widow in our Kali Linux system we need to clone it from it’s GitHub repository by using following command:

                          git clone https://github.com/1N3/BlackWidow

                          The screenshot of the command is following:

                          clonning blackwidow from github

                          Now we need to navigate in to the BlackWidow directory by applying following command:

                          cd BlackWidow
                          We are now inside the blackwidow directory. Here if we want we can check the files using ls command, shown in the following screenshot,
                          files blackwidow
                          Now we can install this tool by using the following command:
                          sudo ./install.sh
                          Installing black widow on kali linux
                          In the above screenshot we can see that Black Widow started installing, after the installation is complete we can run this tool. We use the following command to crawl our target with 3 levels of depth.
                          blackwidow -u http://192.168.122.244
                          As we can see in the following screenshot:
                          Scanning with black widow

                          To crawl our target with 5 levels of depth and fuzz all unique parameters for OWASP vulnerabilities we apply the following command.

                          blackwidow -d https://test.com/uers.php?user=1&admin=true -v y

                          It automatically saves the output data on usr/share/BlackWidow directory, as we can see in the following screenshot:

                          Blackwidow saved output

                          Not only these there are lots of things we can do for more information we can check the help options of BlackWidow by using following command:

                          blackwidow -h
                          BlackWidow help menu on Kali Linux
                          BlackWidow help menu
                          We even can use BlackWidow in docker. To install it we need to run following command inside BlackWidow directory:
                          sudo docker build -t blackwidow

                          To start BlackWidow on docker we can apply following command:

                          sudo docker run -it blackwidow

                          Disclaimer: Using BlackWidow on others without proper mutual agreement is considered as crime. This tool is built for educational purposes and to increase safety. If anyone brakes the federal laws then creators are not responsible.
                          This is how we can use the BlackWidow tool to scan a target and gain much more information and we also tested for some vulnerabilities using this tool on our Kali Linux. Isn’t it powerful as Marvel’s one?
                          Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

                          Open Whatsapp chat
                          Whatsapp Us
                          Chat with us for faster replies.