PDA

View Full Version : Bleeding Edge Kali Linux



Agentfbi007
2015-07-30, 23:54
Hey everybody,

I have a problem with updating the setoolkit.
I tried this guide https://www.kali.org/news/bleeding-edge-kali-repositories/ with these commands:
echo deb http://repo.kali.org/kali kali-bleeding-edge main >> /etc/apt/sources.list
apt-get update
apt-get upgrade

However it didn't worked.
I still have version 6.3 of setoolkit, isn't there any newer?
Official release says 6.5 is the newest.
However, in the sources.list is the entry inside.

deb http://http.kali.org/kali moto main non-free contrib
deb-src http://http.kali.org/kali moto main non-free contrib

deb http://security.kali.org/ moto/updates main contrib non-free
deb-src http://security.kali.org/ moto/updates main contrib non-free
deb http://repo.kali.org/kali kali-bleeding-edge main

What have I done wrong?

I hope you guys can help me, because I am very new to Kali Linux, even Linux ;D

Greets
Konstantin

Crash
2015-07-31, 06:34
Hi Man!

So before all: If you New in Linux, Kali not is for you. I recommend you to learn about Linux generically and after move to Kali.

Please check this out:

http://docs.kali.org/introduction/should-i-use-kali-linux
https://forums.kali.org/showthread.php?26260-Kali-Linux-as-OS-on-non-root

And about your question:
Probably the last version in Kali repositories is 6.3
I will do some tests here and write later

Agentfbi007
2015-07-31, 12:01
First of all thanks for your answer :)
I know that Kali isn't recommended for beginners.
I have a bit experience with Ubuntu, but I like to learn things by doing.
Futhermore I have some documentations about Linux and I know some friends which can help me out with Linux and explain
me everything ;)
Nevertheless I need Kali for checking the security of my network and understand how attacks work to protect myself.
And I am not one of these, I-want-to-learn-hacking-guys aka. script kiddies :D
I just like the Debian Distri. and it's nice that Kali has all tools included.
So I don't need to install them all manually^^
I'll mostly work with easy things and try not to kill my own network.
For more safety I run Kali even on a VM.

Crash
2015-07-31, 16:02
Hi Brow!
I understand your point, and i wrote just because a lots of guys are posting doubts here but they dont know for example what a chmod 775 does.
So, if they dont have a basic knowledge about that, how they are able to interpret a tcpdump output or a openvas report?
Btw, your problem already is under investigation, try again in some days, if not fixed write me.

Agentfbi007
2015-08-01, 18:59
Hi ;)
I understand your point too^^
However, there wasn't any fix till now, but I think I'll wait until the Kali Linux release of version 2.0 (11.8.2015).
I think they dont update anything right now, because they are busy with working for the release.

Another question for now:
Is it really so difficult to attack a system?
I tried the setoolkit and metasploit and I couldn't attack neither my XP SP3 nor Windows 7 (clean install without updates).
Are all the exploits from metasploit to old and detected, or am I just stupid? :D
Its really a bit frustrating, I only want to get the meterpreter to work and make a VNC session, but everytime I try it didn't works.
Either the setoolkit crashes (Error in command line - whatever) or metasploit exploits doesn't work.
I tried loads of guides.
:confused:

Crash
2015-08-02, 19:13
Hi!
To be sincerely, i never tried the SET, normally my clients don't contact me to do Social Eng.
For metasploit you need to be sure that you have exploit to same app version installed on machine.

Try some old Java version or default Jboss instalation .
Also, you can use the metsploitable to make sure that your msf is working fine.

Agentfbi007
2015-08-03, 02:04
Hi!
Ah thanks a lot.
I think my problem is, that I am still new to metasploit.
I miss a great workflow for working with it.
Example: I just tried very hard to attack a XP SP3 machine and failed, so I thought I would never ever attack
a WIN7 machine.
Today I found a cool guide, which told me to use a exploit to make a file and than an exploit handler to control it.
I didn't knew that this function is available.
So I was confused, that no exploit worked or showed any "done" messages.
I think I am just to knew to Metasploit, but I just started loving it :D
Can you recommend me some books/guides/documentations for learning metasploit?
Or is there just an easy recipe to follow?
Because sometimes I am confused if I don't know what exploit to use and how to combine it with which tool, etc.

Hope you can make it a little bit more clear for me ;)
Thanks a lot,
Konstantin

Crash
2015-08-03, 07:37
Hi man!

Check this out:

https://www.offensive-security.com/metasploit-unleashed/

I think its a very nice start point.

Agentfbi007
2015-08-04, 00:47
Hi man!

Thanks for the good tip.
My problem is, that the guide is a bit difficult for me to read and understand.
Probably because of my lack of knowledge in the english language :D
Or maybe I need more time to deal with the guide.

A big question which won't be answered in the guide
(I think I haven't seen it, but maybe I read over it.)
is when to use which exploit?
And when do I use only the exploit without the standard payload?
Everything is to new to me :D

I think I will try a German book, which will hopefully help me a bit and make it easier for me to understand,
because I hate it, if I don't know what I am exactly doing.
It's called "Hacking mit Metasploit: Das umfassende Handbuch zu Penetration Testing und Metasploit" and the extract in Amazon looked great.
One last question, how did you start with pentesting?
I heard you talking about clients.
Did you study IT security or did you learn from scratch on your own?

Thanks for your patience with me :D

Crash
2015-08-04, 06:24
Hi man!

So, me recommendation is: Learn English. Normally the best docs are in English.
English not is my primary language too. I'm Brazilian.

"(I think I haven't seen it, but maybe I read over it.)
is when to use which exploit?"

When you found a vulnerable service/app or stuf

And when do I use only the exploit without the standard payload?
It you will learn with experience. Example: When the target has a firewall allowing just connection to 443 port to internet. (dumb example).

When I started, Google not exists, then you can imagine.

Another recommendation: Before start to use msf or Kali, learn about how SO's and Networks works, you will get a lot of replies for your msf /payload and stuff questions.
Try some books for Andrew Tanenbaum. Some one dont like him, but for me, is good.

Also, take a look in offsec pentest certifications/trainings and securitytube.

In last years a lots of "hackers" appeared in the world, "Im a hacker! I can get down a server with DDOS" but if you ask him what is a ICMP type 8, he really don't know what is that and gets a blue screen! lol

Agentfbi007
2015-08-06, 20:08
Hey Crash,

First of all: Thank you very much.
I gave the guide one more chance and it's awesome.
There are many things well explained, e.g. how to install a backdoor and much more.
Only the beginning was a bit difficult and I became very fast frustrated :D

I still have some problems with metasploit, e.g. this:


Command shell session 2 opened (192.168.0.21:4444 -> 192.168.0.22:49247) at 2015-08-05 13:40:28 +0200

msf exploit(firefox_xpi_bootstrapped_addon) > sessions -l

Active sessions
===============

Id Type Information Connection
-- ---- ----------- ----------
2 shell firefox 192.168.0.21:4444 -> 192.168.0.22:49247 (192.168.0.22)

msf exploit(firefox_xpi_bootstrapped_addon) > sessions -i 2
Starting interaction with 2...

I have absolutely no idea, why it doesn't connect.
I tried "jobs -K" but it doesn't help.

The problem is, I'm still waiting for a answer from metasploit for the forum.
At the moment I can't post anything there.
And asking here for Metasploit problems is a bit wrong, isn't it?

Anyway thank you very much ;)

Crash
2015-08-07, 06:18
Yeah, is wrong! lol

Did you set the appropriated payload? Did you check your machine firewall rules?
Start the wireshark to debug the packets and network problems.
If you dont know how to use, it is a nice time to start to learn.