Kali Linux

Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security.

Wapiti — Automated Vulnerability Scanner

Wapiti — Automated Vulnerability Scanner

Wapiti is an advanced automated command line vulnerability scanner. It helps penetration testers and bug bounty hunters to scan web based application to make it secure or search for loopholes. It is free and open source and has had some recent edits and updates. It comes with Kali Linux.

wapiti automatic vulnerability scanner

Wapiti Key Features

Wapiti can detect lots of vulnerabilities, so we don’t need to manually visit every pages of an web application to find vulnerabilities. Wapiti can find following vulnerabilities:

  1. File disclosure (Local and remote include/require, fopen, readfile…)
  2. Database Injection (PHP/JSP/ASP SQL Injections and XPath Injections)
  3. XSS (Cross Site Scripting) injection (reflected and permanent)
  4. Command Execution detection (eval(), system(), passtru()…)
  5. CRLF Injection (HTTP Response Splitting, session fixation…)
  6. XXE (XML External Entity) injection
  7. SSRF (Server Side Request Forgery)
  8. Use of know potentially dangerous files (by using the Nikto database)
  9. Weak .htaccess configurations that can be bypassed
  10. Presence of backup files giving sensitive information (source code disclosure)
  11. Shellshock (aka Bash bug)
  12. Open Redirects
  13. Uncommon HTTP methods that can be allowed (PUT)

Installing and Using Wapiti on Kali Linux

Wapiti latest version (3.0.3 now) comes pre-installed with Kali Linux, if some Kali Linux lighter version doesn’t have it installed then we can install it by simply using following command:

sudo apt-get install wapiti

After installing this we can check the help section of this tool by applying following command:

wapiti -h

The following screenshot shows the output of the applied help command:

wapiti help menu

Now we can run this tool against a website by using following command:

wapiti -u https://target.site/

Then it will scan the website (https://target.site/ is just an example) for URL’s. After the scanning process is done wapiti will run various modules for finding the vulnerabilities. We can see it on the following screenshot:

wapiti simple scanning
We run it on mutillidae web application on localhost

Wapiti crawls all the pages and runs its modules on all the pages so it might be time consuming. On our this localhost machine it took more than 18 minutes to complete the scan and running the all modules. On a real website it might take hours.

If the website of web application have too many pages then it might take a very long time. Fortunately we can skip the modules. Suppose we know that our target website have not any blindsql vulnerability then we can skip this module. When the module blindsql is working we need to to press CTRL+C.

Then it will prompt with some options as the following screenshot:

Skipping modules

Here if we press ‘r’ & Enter, then it will stop everything and generate the report. If we want to skip the running module then we just need to press ‘n’ and Enter, then wapiti will skip the module and run the next module.

Even we can continue the current attack using ‘c’, and quit without generating report by pressing ‘q’.

After the scan is complete we can see a HTML report is crated on our /home/kali/.wapiti/generated_report directory.

We can navigate to the directory from file manager (on in terminal using cd command):

wapiti generated report

Now we can open this on browser to see the full report. As we did in the following screenshot:

wapiti full report

We can click on the found vulnerabilities to get additional information on this. Here is an closer look of XSS vulnerability on this Wapiti report.

XSS vulnerability found using Wapiti

This is how Wapiti works. It’s very useful for cybersecurity researchers and bug bounty hunters.

There are lots of options in this tool we just checked the basics on our above section.

Wapiti can pause the scan and resume it later (It’s very useful because sometimes it took whole day or more than it).

We can save our Wapiti report HTML file on a required directory by using following command:

wapiti -u https://target.site/ -o /home/kali/Desktop

Please don’t forget to add a ‘/’ after the target site (it requires the full address like https://mytarget.com/ not like mytarget.com ), otherwise Wapiti will not think the address is complete.

We can check the help section of this tool for more information. Carefully check the help section and tell us,

“What command we need to use if we just use the blindsql module on a website called https://target.com/ ?”

Got the answer? Please comment in the comment section. Question and answer will improve our learning.

For any problem or help we are always there. Please describe the full problem we always happy to help. We read each and every comment and, We always answer.

We are available on Twitter and GitHub, we share article updates there make sure to follow there to get updated. Also subscribe our E-mail subscription to get notification about new articles directly on e-mail.

Who is the King of Cricket in the World at Present 2023?

Who is the King of Cricket in the World at Present 2023?

The Indian T20 League 2023 is currently underway, providing cricket fans with an abundance of thrilling action to witness and determine the reigning king of cricket worldwide.

king of cricket

Experience the excitement of fantasy cricket by playing on the Howzat Fantasy App, where you can potentially become the ultimate king of fantasy cricket!

During this time, numerous aspiring young cricketers are being given their maiden opportunities in the national team. While some struggle to leave a lasting impression and fade away, others manage to secure their positions through captivating performances, aiming to ascend to the status of the king of cricket. Read about the best cricket betting casino here – 888 Review

Who is the King of Cricket?

To earn the title of the king of cricket in the world, players must consistently perform at the highest level over an extended period. Given the current rigorous demands of the sport, this is an exceptionally challenging feat. However, there are a select few who have proven their mettle and earned the respect of fans.

Below, we discuss four prominent names who can be considered the best and potential kings of cricket in the world at this time.

Virat Kohli: The King of Cricket in India

Without a doubt, Virat Kohli is the undisputed king of cricket in India, amassing 25,322 runs across all formats of international cricket, including T20s, Tests, and ODIs. There is a reason why Kohli has earned the moniker “King Kohli.” He reigns over the hearts of Indian cricket fans, and despite a recent dip in form, he is still regarded as one of the greatest players of the game. Kohli’s technical perfection sets him apart, with his cover drives being a sight to behold. He prefers constructing his innings and possesses the temperament to go the distance.

Kohli stands among the few batsmen who maintain an average of over 50 in all three formats of the game, rightfully earning him the title of the king of cricket. Sustaining an average of 57.32 across 274 ODIs is no small feat, and Kohli accomplishes it with relative ease. In addition, he boasts an average of 48.93 in Tests and 52.74 in T20s. A strike rate of 137.97 in the shortest format is a matter of immense pride for any cricketer.

Babar Azam : King of cricket in Pakistan

Babar Azam, the talented Pakistani batsman, has rightfully earned the title of the king of cricket in Pakistan. He has established himself as one of the finest contemporary batters, displaying immense potential to become the number one player across all three formats of the game. At the age of just 28, Azam has already made a significant impact and dominates the rankings in both ODI and T20 formats.

In Test cricket, Azam holds the 5th position in the rankings, with only Marnus Labuschagne, Kane Williamson, Steve Smith, and Joe Root ahead of him. With an impressive average of 48.63 in Test matches, Azam showcases his ability to excel in the longest format. Furthermore, he maintains a remarkable average of 59.17 in ODI cricket, emphasizing his consistency and effectiveness in limited-overs cricket.

What sets Azam apart is his adaptability and versatility, allowing him to adjust his game according to the demands of different formats. He exhibits a strike rate of over 127 in T20 cricket, highlighting his ability to score quickly in the shortest format. Azam represents the younger generation of cricketing leaders, displaying immense potential and a promising future as one of the best cricketers in the world.

As the captain of the Pakistan team, Azam not only leads by example with his batting skills but also demonstrates strong leadership qualities. His remarkable performances and potential make him a deserving candidate for the title of the king of cricket in Pakistan, and he continues to inspire fans with his talent and dedication to the sport.

Joe Root

Joe Root, the English cricketer, has showcased his prowess and earned the right to be called a king of cricket. With his recent decision to step down from leadership duties, Root has found a new sense of freedom in his game, causing concerns for opposing teams. His performances on the field have been exceptional, solidifying his status as a true cricketing king.

Not only does Root possess an outstanding average of over 50 in Test cricket, but he also maintains impressive numbers in the ODI format. His ability to adapt and excel across different formats of the game is a testament to his skills and versatility. In addition, Root has begun to find his rhythm in T20 cricket, demonstrating his adaptability and ability to adjust to the demands of the game. With a strike rate of over 120 in T20s, he consistently contributes to his team’s success.

Rohit Sharma

Rohit Sharma, the Indian captain, continues to be hailed as one of the greatest cricketers, particularly in the limited-overs formats, despite being 35 years old. Sharma’s aggressive and high-risk style of play sets him apart, fearlessly taking on bowlers who attempt to exploit bounce against him. His cover drives and straight drives are a visual treat for cricket enthusiasts, showcasing his elegant stroke play.

Although injuries have affected Sharma’s ICC rankings, he has not lost his touch and remains a formidable force in any format of the game. In Test matches, he has amassed over 3,000 runs in just 49 matches at an average of 45.66. As an experienced campaigner in one-day internationals, Sharma has an impressive record of 9,825 runs to his name. Currently ranked 10th on the ODI batter’s list, Sharma has the potential to be the difference-maker for India in the upcoming 2023 ODI World Cup.

FAQ

Who is called the King of IPL?

The title of “King of IPL” is indeed a subject of debate, and both Virat Kohli and Rohit Sharma have strong cases to support their claims.

Virat Kohli’s performances in the IPL have been nothing short of extraordinary. He holds multiple records in the tournament, including the highest number of runs in a single edition and the overall highest run-scorer in IPL history. Kohli’s consistency with the bat is commendable, and he has played numerous match-winning innings for his team, Royal Challengers Bangalore. Despite not having won an IPL title, his individual contributions and records speak for themselves.

On the other hand, Rohit Sharma’s leadership skills and impact in the IPL cannot be ignored. As the captain of the Mumbai Indians, Sharma has led his team to a record-breaking five IPL titles. He has showcased his ability to make crucial decisions under pressure and has been a guiding force for his team’s success. Additionally, Sharma himself has been a prolific run-scorer in the tournament, having multiple centuries and significant contributions to Mumbai’s victories.

Mostbet Apps India Review – Bonuses | Register | Games

Mostbet Apps India Review – Bonuses | Register | Games

Mobile App Mostbet India

MostBet India, a well-known website for sports betting and casino games, was established in 2008

MostBet India, a well-known website for sports betting and casino games, was established in 2008. The website is a pioneer in the field of online gambling and has been offering players services for more than ten years. The platform has developed along with technology, and they recently created a mobile application that streamlines the process of gamers accessing their services from mobile devices.

Is it Legal to Play the MostBet App?

Every player wants to confirm the legality of the activities before signing up for the MostBet India platform. MostBet India is governed by a Curacao eGaming License, which is issued by an international agency in charge of monitoring and controlling online gaming. The license guarantees that MostBet India complies with the highest requirements for compliance and player funds.

MostBet App Benefits

Sports bettors and online casino games like the MostBet India mobile application because of its many benefits. Several of these benefits include:

  • Playing casino games and placing bets is made simple thanks to the MostBet India mobile application, which enables players to access the platform from their mobile devices.
  • Easy navigation around the platform is made possible by the mobile application’s user-friendly design. It is simple for players to locate the games they want to play and make bets on the sporting activities they wish to watch.
  • Players can watch live streaming of their preferred sporting events through the MostBet India mobile application. In addition to enjoying the live action, players can place bets on the sporting events they are viewing.

In conclusion, the MostBet India mobile application has transformed the online gambling sector by facilitating players’ access to its offerings. Players’ money and private information are safeguarded because the platform complies with the Curacao eGaming License. The most popular platform for online casino games and sports bettors alike is the MostBet India mobile application due to its user-friendly layout and live broadcasting of sporting events.

MostBet India App Review

The MostBet India platform provides a user-friendly mobile application experience that meets their requirements. The application provides a variety of live dealer games, casino games, and sports betting possibilities, all playable right on your device. The question of whether the mobile application is secure and lawful for users, however, is important.

Is It Safe to Use Mobile Applications?

User safety and dependability are both features of the MostBet India platform. Modern data encryption technology is built into the mobile application, creating a safe and private gaming experience. To give users piece of mind, all transactions done through the site are also extremely secure.

Furthermore, the MostBet mobile application adheres to strong ethical gaming principles, guaranteeing that each player has an equal opportunity to win. The site has a stringent verification procedure in place to thwart fraud and protect user information. Additionally, players can impose limits on their gaming activities, which encourages gambling responsibly.

For users, the MostBet India mobile application provides a safe, reputable, and legal gambling environment. It puts consumers’ protection and safety first, making for a relaxing gaming experience. It stands out from other gaming programmes thanks to its tight rules and ethical gaming methods, which have made it a fan favorite in the Indian market.

MostBet Apk Download – System Requirements

One of the most well-known sports betting sites at the moment is MostBet India. Users can download the MostBet India app for their mobile devices in addition to placing a bet on their preferred sports and teams. Users must take a few easy actions, such as verifying that their device is compatible and fulfilling the prerequisites, in order to accomplish this.

Operating Systems Supported

The MostBet India app is accessible on both of the most widely used mobile platforms, iOS and Android. The application can be downloaded from the App Store for iOS users. Android users can download the MostBet apk via the MostBet India website since Google Play does not presently have it available.

Device Specifications

It’s crucial to take the device requirements into account to guarantee a seamless user experience while using the app. The device must be iOS 9.0 or later capable of iOS users. In the meanwhile, Android users’ devices must be running Android 4.4 or higher. Furthermore, the gadget needs to have a storage capacity of at least 50 MB.

It is simple to download the MostBet India app on your mobile device. You can download the application directly from the company’s website or app store once you’ve verified that it is compatible with your device and has enough storage. After downloading the app, login if you already have an account or follow the steps for creating one.

In conclusion, downloading the MostBet India app is an easy and simple procedure. Before downloading the app, make sure your device satisfies the minimal criteria to ensure a seamless and enjoyable experience while betting on your preferred sports.

Mostbet India App Bonuses

One of the most well-liked online gambling sites in the nation is MostBet India, and for good reason. Numerous bonuses and promotions are available, all of which are intended to draw and keep players. Players who utilize the MostBet India mobile application, which can be downloaded from the official site and the Apple App Store, are eligible for these bonuses and promotions. We will look at a few of the bonuses and promotions that are offered to players in the MostBet India mobile application in this article.

Welcome Bonus

New players are greeted with a sizable welcome bonus when they download and register on the MostBet India mobile application. On their initial deposit, players get a bonus that they may use to play and make real money winnings. Players should visit the MostBet India website or mobile application for specifics on the welcome bonus, which changes according to the size of the first deposit.

Bonuses for App

Players can take advantage of a number of different incentives and promotions on the MostBet India mobile application in addition to the welcome bonus. These consist of:

  1. Match Bonuses – When a player deposits a particular sum into their account, they are given a bonus.
  2. Free Spins – When a player deposits money, they are given a specified number of free spins on a slot machine.
  3. Cashback – In the form of cashback, players get a portion of their losses returned.
  4. Loyalty benefits – MostBet India offers benefits and promotions, including cash awards and free spins, to its most devoted customers.

MostBet India is one of the most alluring gaming platforms for Indian players thanks to the variety of bonuses and promotions it offers on its mobile application. The incentives and promotions are made to entice both new and seasoned players to play more games and increase their chances of winning real money. Players must download and register for an account on the MostBet India mobile application in order to benefit from these bonuses and promotions.

Registration Process

A smartphone app called MostBet India enables users to bet on a variety of sporting events, online casino games, and lotteries. Users must register and create an account in order to use this platform’s services. The registration process is easy and takes only a few minutes to finish.

Periods of Registration

Open the MostBet India mobile application and select the “Register” button to begin the registration procedure. Users will be required to enter their personal information, including name, email address, phone number, and date of birth, on the registration form that will appear after the app has been downloaded. Users must set a password and choose their favorite currency after filling out the details.

Verification

The user must submit some documents to establish their identity during the following stage of the process, identity identification. This protects against fraud and upholds the platform’s reliability. Users can upload a passport, a government-issued ID, or a driver’s license. The MostBet India team will verify the documents after they have been uploaded, and if everything is in order, the account will be confirmed and the user can begin placing bets.

To prevent any problems during verification, it is crucial to ensure that the information provided during registration is valid. The user should also make sure that the identity documents they upload are legible and clear.

In conclusion, it only takes a few minutes to register on the MostBet India platform. In order to protect user data and ensure that they are validated before placing bets, the platform has strict security procedures in place. MostBet India users can have a hassle-free betting experience by following the registration steps and submitting proper information during registration and identification.

How Progressive Slots Look Like In The Future

How Progressive Slots Look Like In The Future

What are Progressive Slots, and How Do They Work?

Progressive jackpot slots have been around for a long time and are great to play, just like ordinary in-game jackpot slots. With progressive slots, the total jackpot amounts constantly change because a small amount of your wager is added every time you bet. This applies to every slot player on the network, so they end up with astronomical jackpot amounts with progressive slots.

The appeal of progressive slots is the potential to win a massive sum of money with only a small wager. The tricky part is that the winner is based on a random number generator (RNG), so it’s hard to predict who will win or when the next win will happen (though many have tried). The reverse could also occur where someone wins while you are playing, and that depletes the pot drastically, meaning if you were to win next, the jackpot might be significantly less.

Image by LoggaWiggler from Pixabay

Tips For Playing Progressive Slots

There is no formula to win at Progressive. It is 99% based on luck, but we will share some tips that may help you.

  1. Choose a reputable casino to avoid winning and not getting your winnings.
  2. Manage your budget, as tempting as it may be, to keep playing, thinking the next spin may be it, reign in your spending, and bet only money you can lose.
  3. Go for the maximum wager (within your budget, of course).
  4. If you ever win the jackpot, don’t spend it all; engage a financial advisor.

The Future of Progressive Slots

Innovation and technological advancements have made an impact in every industry, and that includes the gambling industry. So where do we see progressive slots in the future? Without a doubt, they will still be around ten years from now. But we must admit that they are declining in popularity, and more than the big jackpot wins are needed to draw new players in.

“Poker-Faced” New Age Players

Players have more information on how progressive slots work and the odds of winning. Some say as high as 50,000,000 to 1; this has put off many players who would rather play something with better chances. Players also understand how RT works, and its meaning; progressive slots tend to have a lower RTP than most slot games. Many gamblers prefer table games where you can win based on strategy and skill. That’s why there has been an increase in popularity around card games like Blackjack and Poker; once you have mastered the poker terms and slang and have a solid strategy, you can see some returns.

With Gen Z coming of age and partaking in gambling, there is a shift to more technologically advanced games and a more interactive and social player experience. Slots, in general, could be more interactive games and can be pretty lonely. Ultimately, table games offer better value for players in monetary returns and social interaction. Even when playing online, you can interact with the dealer, and depending on the casino, you can interact with other players.

Accumulative Cost

Another downside with progressive jackpots is you need to know when or how much you will win; you could be playing consistently over a couple of months only to have someone win the jackpot just after you log off. And unlike lottery tickets or games like craps and roulette, it could be weeks, months, or years before the jackpot is won. That is a lot of money used to wager over time.

Simplicity

Progressive slots are easy to play, and the rules are just as easy to understand, and this is a drawcard for many people. Many games also have a lower-tier jackpot which is also progressive, but players have a higher chance of winning; this is another reason players keep playing. The minimum wager amount is a drawcard for players vs. other casino games. So with as little as $0.50, you can win millions without effort by pressing the spin button.

The Jackpot Amounts

No matter how indifferent you are to progressive jackpots, the thought of walking away with $20 million has crossed your mind. These are the amounts many have walked away with in progressive jackpot winnings. Mega Moolah, nicknamed “Million Maker,” has had the most lucrative wins. In January 2019, a massive $20,057,034, while the following year, a $13,615,861 jackpot was won through Luxury Casino. The thought of those millions coming our way does keep us playing these slots.

Cybersecurity risks behind casino
Image by jacqueline macou from Pixabay

Last Word

In most online casinos, over 50% of their game library is dedicated to slot games, and progressive slots form part of that. With the integration of virtual reality and mixed reality in the gambling space, we can only hope it will improve how we play slots and we can enjoy the experience even more. We don’t foresee a gambling experience without progressive slots, no matter how unpopular they may get amongst experienced players. And frankly, it would be boring without them around to remind us of what we could win.

Create Own Dark Website (.onion) on Linux

Create Own Dark Website (.onion) on Linux

We have learns how Tor network works and how to use it in our Tor article. As we know dark websites uses .onion for their domain extension. Here the question comes can we create our own website in Dark Web using our Kali Linux system ? The answer is yes easily. No port forwarding, no spending on buying domain names.
By following our detailed guide we can host our website or entire web application on deep web with onion domain extension in 5 minutes. We have used our beloved Kali Linux system for this article but any Debian based Linux distro (Ubuntu, Linux Mint, Parrotos ,ElementaryOS) will work.

host own dark web

In this article we are going to learn how to host own .onion dark web in Kali Linux.

Install & Configure Tor

First of all we install and configure Tor service on our Kali Linux. To do that we run following command in our Kali Linux Terminal:

sudo apt-get install tor -y

Tor will be installed on our system after we provide our root password. The screenshot of the command is following:

tor install on kali linux

Then we need to configure torrc file located on /etc/tor/torrc . So we apply the following command:

sudo mousepad /etc/tor/torrc

The screenshot is following:

configuring torrc

Then we need to find these two lines (highlighted on the above screenshot) and remove # from both line and save the file (uncomment). After doing this this will look like following:

configure torrc

Now we save this file by using CTRL+S, and close this file after saving. Then we restart Tor service by using following command:

sudo service tor restart

Create & Host Website on Localhost

Now we create a web page on our desktop called index.html or index.php. We do it by using following command:

cd Desktop && touch index.html

Then we edit the web page file and code a simple website for demo. We open the html/php file in mousepad or any other text editor.

mousepad index.html

Then we write a simple html code for an website like following:

demo html website code

Here is site is created for demo, that’s why it is so simple. We can host larger web applications. Then we save (CTRL+S) and close this file. This file is in our Desktop, so we start a php based localhost server in our Desktop using following command:

php -S 127.0.0.1:8080

Now the development server of php will be start as we can see in the following screenshot:

php development server started
Now we check our hosted localhost website, by navigating 127.0.0.1:8080 from our browser.

Example localhost website

Here we had started localhost server using php on 8080 port. We can also use port 80 (if it is not already running), but it will require root permission (sudo php -S 127.0.0.1:80). We can also use python server or apache server or any other localhost web server to host localhost website.

Connecting Tor service with our Localhost

Then we leave this terminal window as it is(running localhost server). Then we open another terminal and type following command on new terminal:

sudo -u debian-tor tor

Let wait a bit and let it configure to 100%. This will Establish a Tor circuit, It may require couple of minutes depending on our system performance and internet speed. The screenshot is following:

Establishing a Tor circuit

All set, our dark web is hosted. Hey wait, where is the .onion link ?
.onion link is generated randomly. To see our hosted demon dark website’s .onion we open another terminal window (3rd terminal,because we can’t close or use those terminals, otherwise connection will lost.) and type following command to see our Dark Web address:

sudo cat /var/lib/tor/hidden_service/hostname

The screenshot is following:

onion link of our own dark web

Now we can access this .onion website with Tor browser from anywhere and any device. Learn more about Tor and Tor Browser read our this tutorial.
This is a demo website for education purpose, but we can host any kind of website on deep web that is not illegal. But we should not abuse this to host illegal websites that voids our federal laws. That will be crime and we are not responsible for that.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity.

To join our family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity.

For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

Easily Setup SQL Injection Testing Lab on Kali Linux

Easily Setup SQL Injection Testing Lab on Kali Linux

In our some previous articles we discussed about some penetration testing labs, like PentestLab , DVWA where we can practice and improve our attacking skills. Practicing is very important, Practice makes perfect. In today’s article we are going to discuss about how to set SQLi lab on Kali Linux to test our SQL Injection skills. Advanced SQL Injection is still a major bug can be found on various sites. That because still learning and growing SQL Injection skills are profitable for cybersecurity experts and bug bounty hunters.

install sqli lab on Kali Linux

For this lab setup we are going to use SQLi_Edited, this is a upgraded fork of sqli-labs (Dhakkan Labs). Before cloning it from GitHub let we move to our /var/www/html directory, we are going to clone it there to make things easy.

cd /var/www/html

Here we need to clone the repository from GitHub by using following command:

sudo git clone https://github.com/Rinkish/Sqli_Edited_Version

In the following screenshot we can see that this repository is successfully cloned to the directory.

SQLi Lab  git clonning

Now we can go inside this directory by using following command:

cd Sqli_Edited_Version

Here we use ls command to see all the files, as we can see in the following screenshot:

SQLi labs git clonned

Here we can see the directory named “sqlilabs“, Now we move it on the previous directory and rename it for easy to open by applying following command:

sudo mv sqlilabs/ ../sqli

Then we back to our previous directory by using following command:

cd ..

We can see the process in the following screenshot:

moving sqlilabs directory

Now we need to edit database credential file named “db-creds.inc“, which is located under “sqli/sql-connections/db-creds.inc” and put our user name and password for database. To edit it we are going to use infamous Linux text editor nano.

sudo nano sqli/sql-connections/db-creds.inc

In the following screenshot we can see the default configuration of it, where the database user is root and database password is blank.

sqlilabs databse username and password changing

Now we modify this as per our Kali Linux system user, here we are using user “kali” and we can also choose a password as we want, as shown in the following screenshot:

sql injection lab setup

Now we save and close it by typing CTRL+X, then Y, then Enter ↲.

Now we need to setup our mySQL database for our Kali Linux system. MySQL comes preloaded with Kali Linux. We need to open up our MariaDB as root user by using following command:

sudo mysql -u root

Then we need to create our user with password, in our case our user will be ‘kali‘ and password will be ‘1234‘. So the command for us will be following:

CREATE USER 'kali'@'localhost' IDENTIFIED BY '1234';

Now our user is created as we can see in the following screenshot:

creating user on mysql Kali Linux

Now we need to grant all permission to user ‘kali‘ by using following command:

GRANT ALL PRIVILEGES ON *.* TO 'kali'@'localhost';

The screenshot of the above command is following:

grant permission for mysql database user on Kali Linux

Database setup is done, now we can exit from MariaDB by using CTRL+C keys and run following command to start our MySQL services:

sudo service mysql start

Our setup is almost complete now we need to run our apache2 server (comes pre-loaded with Kali). We start our Apache2 web server by using following command:

sudo service apache2 start

Now our web server is running, we can see it by navigating to localhost/sqli URL from our browser. Our SQL Injection lab will open in front of us as we can see in the following screenshot:

sqli lab challanges

Here for the very first time we need to ‘Setup/reset database for labs’. After clicking there our database setup will start as we can see in the following screenshot:

SQLi labs database connecting

Now a page will open up in our browser which is an indication that we can access different kinds of Sqli challenges, as we can see in the following screenshot:

SQLi labs on Kali Linux

Here we can solve various types of SQL injection challenges, by solving them our SQL Injection skill will be improved. For an example, to start the basic SQL Injection challenge we need to click on Lesson 1.

SQLi Labs basic challenge 1

This is all for this article. We had learnt how we can create SQL Injection practice labs on our system and practice our SQL Injection skills from basics to advance.

Love our articles? Stay updated with our articles by following us on Twitter and GitHub. Be a part of the KaliLinuxIn community by joining our Telegram Group, where we focus on Linux and Cybersecurity. We’re always available to help in the comment section and read every comment, ensuring a prompt reply.

Amap – Gather Info in Easy Way

Amap – Gather Info in Easy Way

Amap is an application mapping tool that we can use to read banners from network services running on remote ports. In our this detailed article we are going to learn hot we can use Amap on Kali Linux to acquire service banners in order to identify the services running with open ports on a target system. This is a very good information gathering tool for cybersecurity.

amap on Kali Linux

To use Amap to gather service banners, we will need to have a remote system running network services that discloses information when a client device connects to them. In our article we are going to use a Metasploitable2 instance for example. We already have an article about installing Metasploitable2.

Amap is comes preloaded with our Kali Linux system so we don’t need to install it on our system, we can directly run the following command on our terminal to see the help/options of Amap:

amap --h

The output of command shown in the following screenshot:

amap help options on Kali Linux

In the above screenshot we can see that -B flag in Amap can be used to run Amap in banner mode. This have it collect banners for the specified IP and service port(s). This application can be used to collect the banner from a single service by specifying the remote IP address and port number.

For an example we run following command on our terminal:

amap -B 172.20.10.10 21

This command will scan our Metaspoitable2 IP to grab the banner of port 21. The result shown in the following screenshot:

banner garbbing on port 21 using amap

On the above screenshot, we can see that Amap has grabbed the service banner from port 21 on the Metasploitable2 system. We can also run this command to perform a scan of all the possible TCP ports, all the possible ports must need to scanned. The portions of the TCP headers that define the source & destination port address are both 16 bits in length, also each bit can retain a value of 1 or 0. So there are 216 or 65536 possible TCP port addresses. To scan all the TCP ports all we need to specify the range of 1 to 65535. We can do this by using following command on our terminal:

amap -B 172.20.10.10 1-65535

In the following screenshot we can see the output of the applied command.

amap banner grabbing of all ports

In the above screenshot we can see that we got the opened ports and their banners. Sometimes the normal output of the command shows lots of unnecessary & redundant information that can be extracted from the output. Like the IP address & metadata is there without any logic. We can filter the output using following command:

amap -B 172.20.10.10 1-65535 | grep "on" | cut -d ":" -f 2-5

Now in the following screenshot we can see that the output is to the point.

filtered output of amap

This shows the principal that tells how Amap can accomplish the task of banner grabbing is same as some other tools like Nmap. Amap cycles through the list of destination port address, attempts to establish a connection with each port, and then receives every returned banner that is sent upon connection to the service running on the port.

Love our articles? Stay updated with our articles by following us on Twitter and GitHub. Be a part of the KaliLinuxIn community by joining our Telegram Group, where we focus on Linux and Cybersecurity. We’re always available to help in the comment section and read every comment, ensuring a prompt reply.

Best Budget WiFi Adapter for Wireless Testing on Kali Linux

Best Budget WiFi Adapter for Wireless Testing on Kali Linux

To perform wireless auditing we need some special WiFi adapters that supports monitor mode, packet injection and soft AP mode. Alfa cards are known for best quality and reliable. But Alfa card’s price is high for students.

In our this article we are going to cover a budget friendly TP-Link WiFi adapter that supports monitor mode, packet injection and soft AP. TP-Link AC600 is a perfect budget WiFi adapter for cybersecurity students. It also have supports of 2.4Ghz and 5Ghz bands on Kali Linux.

tp-link ac 600 kali linux

TP-Link AC600 comes with a 5dBi antenna which can rotate 180° to cover a long range. This WiFi adapter comes with RTL8821AU chipset which not supported on our Kali Linux (2022.1) directly. So if we plug it in via our system’s USB port, we will see nothing will happen. Ever we can’t see it’s network interface. Let’s configure it for our Kali Linux system.

Configuring TP-Link AC600 for Kali Linux

After plug it in with our system we check for our network interfaces by using following command:

iwconfig

In the following screenshot we can see that we cant see any external wireless network interface (in our case wlan0 is our inbuilt adapter).

iwconfig network interfaces on Kali Linux

Now we check connected devices on our USB via following command:

lsusb

The output sown in the following screenshot:

devices list connected with kali linux

Here we can see our TP-Link adapter (highlighted) with the chipset. It means it connected but we need to install drivers for it. Before installing drivers we need to make sure that we are using a updated version of Kali Linux.

To install TP-Link AC600 driver on our updated Kali Linux we just need to run following command:

sudo apt install realtek-rtl88xxau-dkms

The following screenshot shows the output of above command:

installing AC600 driver on our Kali Linux system

In the above screenshot we can see the output of our applied command. After installing the driver it also not gonna work. What we need ? Yes we need a reboot. Lets reboot our system.

After the reboot we can check again our network interfaces by using following command:

iwconfig

We can see the result in the following screenshot:

network interfaces on kali

Now we can see the wlan1 interface which is our TP-Link AC600 adapter. In the above screenshot we can notice that the mode is managed. We can change it to monitor mode by using following commands one by one:

sudo airmon-ng check kill
sudo airmon-ng start wlan1

Now we check if the monitor mode is started or not by using following command:

iwconfig

The following screenshot shows the output of the above commands.

starting monitor mode on tplink ac600

We can see that our wlan1 interface now have Monitor Mode (highlighted). Now lets check if it is working or not. To do so we need to run following command:

sudo airodump-ng wlan1

In the following screenshot we can see that we are searching for target WiFi.

monitor mode working on tplink ac600

So, it’s time to check for the packet injection is working perfectly or not by using following command:

sudo aireplay-ng --test wlan1

In the following screenshot we can see that packet injection is also working fine.

packet injection is working fine

Let we check for softAP mode by using following command:

sudo airbase-ng -a xx.xx.xx.xx.xx.xx --essid "ESSID" -c 12 wlan1

We can choose any BSSID (in above example x refers to any number) and ESSID on the above command -c is for specify a channel. We can see the output in the following screenshot:

soft ap started on tplink ac600

In the above screenshot we can see that we have started a soft AP on 01:02:03:04:05:06 BSSID, and the ESSID is Kali_Tutorials on channel 12 with our wlan1 interface. Now we can see a wireless network around us using other devices on our given ESSID.

We left one more thing that TP-Link AC600 supports dual band and our previous all the examples were on 2.4 Ghz, so how we can work with 5Ghz.

Let’s check for 5Ghz support, but we can’t scan 5Ghz networks using aircrack-ng so we run following command to scan 5Ghz networks using TP-Link AC600:

sudo airodump-ng --band a wlan1

In the following screenshot we can see 5Ghz networks around us:

changing 5Ghz interface

Now we can also see iwconfig to see our network interfaces and in the following screenshot:

5ghz network interfaces

We can see in the above screenshot that our wlan1 is on 5Ghz.

Extra Talks

TP-Link AC600 is a very good affordable WiFi adapter for penetration testing students, not just only pocket friendly, it has quality also. It supports 5Ghz band with monitor mode, packet injection and soft AP. These things makes it very competitive with other adapters (especially Alfa cards).

This is how we can use TP-Link AC600 on our Kali Linux and use for Wireless auditing.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

Zenmap – GUI of Nmap

Zenmap – GUI of Nmap

Zenmap is Official Graphical User Interface (GUI) version of Nmap. Zenmap is also very powerful tool like nmap. For it’s graphical interface and easy menus makes it very easy to use.

Zenmap install on Kali Linux 2021

Previously Zenmap comes pre-installed on Kali Linux but newer version (from 2019.4) doesn’t comes with Zenmap. So in our this article we are going to learn how to install Zenmap on Kali Linux in 2023 and use it.

Installing Zenmap on Kali Linux 2023

Zenmap relies on deprecated Python 2 libraries that are not available in Kali Linux. So it is not available on Kali Linux repository. Also it’s official .deb file comes with some errors during installing. So we are going to install it using Kaboxer (Kali Applications Boxer).

To install it we need to have an updated system. We need to apply following command to install Zenmap on our Kali Linux system.

sudo apt install zenmap-kbx -y

After providing our root password the installation will be started, as we can see in the following screenshot:

installing zenmap on kali linux

After the installation is complete we just need to run following command to start Zenmap:

zenmap-kbx

Now we can see that the above command opens Zenmap on our Kali Linux system in the following screenshot:

zenmap on kali linux

This is how we can install and run Zenmap on Kali Linux using Kaboxer.

Using Zenmap on Kali Linux

After a successful installation we can use Zenmap. If we use Zenmap with root then we can use it’s all options. So we open it with root by using following command:

sudo zenmap

We can see that Zenmap is opened on the following screenshot:

Zenmap running on kali linux 20121

Here everything is very easy. Here we need to put the IP address of our target network. For an example we are choosing our localhost system’s IP address (192.168.122.148), we also can choose the website’s address.

Then we need to choose the profile as “Quick Scan“. For an example we have chosen “Quick Scan” we can choose other profiles as per our requirements. Then we just need to click on “Scan”. Then the result will comes in front of us as the following screenshot:

zenmap scan results

In the above screenshot we can see the open ports on our target.

Once the scan has completed, we can click on each tab to get further details about our target. If we’re performing a scan on an entire network, the “Topology” tab will help us create a network diagram of the target network.

Zenmap is very easy to use and user-friendly. This is how we can install Zenmap on Kali Linux new versions and it’s uses.

Liked our article? Then make sure to follow our mail-subscription to get new articles directly on inbox. We also update articles on our Twitter and GitHub profiles. Make sure to follow us there. We also have Telegram group for chatting with everyone.

For any kind of problem and queries make sure to comment in the comment section. We always reply.

How to Install Java OpenJDK8 on Kali Linux Manually

There are lots of cybersecurity projects and tools are available on the internet. Some of them like L3mon, HaxRAT and other Android RAT tools requires Java 8/OpenJDK version 8 on our system. In Kali Linux recent update OpenJDK 8 is removed from Kali Linux repository and only OpenJDK 11 comes with Kali Linux. But some tools written on Java 8 so of we want to use those tools we must need to install OpenJDK 8 on our Kali Linux manually.

install openjdk 8 on Kali Linux

In our this article we are going to learn how to install OpenJDK 8 on our Kali Linux system.

Installing OpenJDK 8 on Kali Linux

In our this article we are going to install OpenJDK 8 on our favorite Kali Linux system. Before that we are going to check our system which version if Java is installed on our system by applying following command on our terminal:

java -version

We can see the output on the following screenshot:

Java version installed on our system

In the above screenshot we can clearly see that we have only OpenJDK 11 on our system. Let’s start the OpenJDK 8 installation process start. First of all we need to go into Oracle Official website and Create an Oracle account and login there.

Oracle Account creation page

After sign up and login we need to move to the download page of OpenJDK 8. We need to scroll down a little bit to find OpenJDK version 8, as shown in the following screenshot:

openjdk 8 downlad page
For our x64 PC we are downloading the highlighted version

We click on the jdk-8u321-linux-x64.tar.gz link to download. Then we got a popup window and we accept the terms and conditions of Oracle to download this. Shown in the following screenshot:

accept the Oracle Technology Network License Agreement for Oracle Java OpenJDK8 to download

Now we need to click on the download button and let the download finish. Usually the downloads files stored on our Downloads directory. Now lets open our terminal and navigate to /usr/lib/jvm (If our system doesn’t have any of Java versions then we need to create this jvm directory under /usr/lib manually by using sudo mkdir -p /usr/lib/jvm command) by using following command:

cd /usr/lib/jvm

Now here we are going to extract our Java OpenJDK 8 compressed file by using following command:

sudo tar -xvzf ~/Downloads/jdk-8u321-linux-x64.tar.gz

We can see the output on the following screenshot:

extracting java 8 on Kali Linux

After all files extracted we need to navigate to our newly de-compressed directory (jdk1.8.0_321) by using following command:

cd jdk1.8.0_321

Here we need to set the java path to do so we need to change the environmental variables. We need to edit the file by text editor like Nano, so we run the following command to edit the file:

sudo nano /etc/environment

We can see the output of the above command in the following screenshot:

java environment editing for setting the path

In the above screenshot we can clearly see that there are some paths are already set. Two paths are divided by : symbol. Here we need to add some paths so we added a : sign after /usr/games path and add some paths that is /usr/lib/jvm/jdk1.8.0_321/bin:/usr/lib/jvm/jdk1.8.0_321/db/bin:/usr/lib/jvm/jdk1.8.0_321/jre/bin

After adding these paths our files looks like following screenshot:

 

java openjdk8 environment path editing

In the above screenshot we had highlighted the modified part of default file. Now we save and close this file by using CTRL+X then Y then Enter ⤶ key.

Now we will install OpenJDK 8 as an alternative, so that we can change our Java versions easily as per our requirement. We need to use following command:

sudo update-alternatives --install  "/usr/bin/java" "java" "/usr/lib/jvm/jdk1.8.0_321/bin/java" 0

After that we will set Java compiler by using following command:

sudo update-alternatives --install  "/usr/bin/java" "java" "/usr/lib/jvm/jdk1.8.0_321/bin/javac" 0

Now we can set Java OpenJDK 8 by using following command:

sudo update-alternatives --set java /usr/lib/jvm/jdk1.8.0_321/bin/java

Also for the Java compiler we use following command:

sudo update-alternatives --set java /usr/lib/jvm/jdk1.8.0_321/bin/javac

Output of these previous commands shown in the following screenshot:

setting java 8 as alternative

Now we are ready to rock. Let choose our Java version by using following command from anywhere of our terminal:

sudo update-alternatives --config java

The output of the above command shown in the following screenshot:

java openjdk8 update alternative on linux

In the above screenshot we can clearly see that our Java version 8 is on the number 2, and the Java version 11 is on number 0. So we just need to run the above command to switch between Java versions. Here we are going to use Java OpenJDK8, so here we need to type 2 and hint ENTER ⤶ button. As we can see in the following screenshot:

setting up java 8 manually

Now we are using Java 8, as we can see the output of java -version command in the following screenshot:

Java version 8 installed on Kali

In the above screenshot we can see that now Java version 8 (In JDK 8 and JRE 8, the version strings are 1.8 and 1.8) is default on our system. Now we can use any tool using Java8 on our system easily. This is how we can install Java 8 on Linux (especially on Kali Linux) manually.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

Open Whatsapp chat
Whatsapp Us
Chat with us for faster replies.