Changes #50
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -182,15 +182,16 @@ We used to start the Metasploit service with: | |
| `service metasploit start` | ||
| but now there is no `metasploit` service as such. | ||
|
|
||
| ##### Useful metasploit commands | ||
|
|
||
| * `msf >` [help](https://www.offensive-security.com/metasploit-unleashed/msfconsole-commands/#help) | ||
| * `msf >` [show](https://www.offensive-security.com/metasploit-unleashed/msfconsole-commands/#show) | ||
| * Valid options to add to show are: `all`, `encoders`, `nops`, `exploits`, `payloads`, `auxiliary`, `plugins`, `options` | ||
| * Additional module specific parameters are: `missing`, `advanced`, `evasion`, `targets`, `actions` | ||
| * `msf > show options` | ||
| * `msf > info <module name>` [info](https://www.offensive-security.com/metasploit-unleashed/msfconsole-commands/#info) | ||
| Refer the following link for more insight :https://www.offensive-security.com/metasploit-unleashed/msfconsole-commands/ | ||
| <!--- I have removed the link from the heading and placed it here as the font looks different when this URl was applied ---> | ||
| ##### metasploit meterpreter client commands | ||
|
|
||
| * Meterpreter Client | ||
|
|
@@ -216,8 +217,7 @@ If you need Metasploit integration in BeEF (in most cases you will want this), s | |
| `extension: metasploit: enable: true` | ||
| in the `/etc/beef-xss/config.yaml` file. | ||
| Also make sure | ||
| `enable` is set to `true` in `/usr/share/beef-xss/extensions/metasploit/config.yaml` | ||
|
There was a problem hiding this comment. The reason for the new line is so that it stands out, as in one line per instruction. Everything is intentional, unless you have a really good reason to change this, please leave it as is. |
||
|
|
||
| When running Metasploit for BeEF, I often provide `msfconsole` with a Metasploit resource file specifically for BeEF (I call this `beef.rc` and put it in `~/`). This resource file will have the following in it at a minimum: | ||
|
|
||
|
|
@@ -325,16 +325,16 @@ or see the documentation for more details | |
| %% Errors installing. Submitted issue here: https://github.com/michenriksen/gitrob/issues/62 | ||
| %% Error running. Didn't like my password: https://github.com/michenriksen/gitrob/issues/63 | ||
|
|
||
| #### CMSmap | ||
|
There was a problem hiding this comment. As per "Useful metasploit commands" link above. I'd suggest chaning your link font, as I've already mentioned to something that works with the heading. |
||
|
|
||
| [CMSmap] (https://github.com/Dionach/CMSmap) is a python open source CMS scanner that automates the process of detecting security flaws of the most popular Content Management Systems (CMSs). | ||
|
There was a problem hiding this comment. Same again, change link font to work with heading. |
||
| Currently supports: WordPress, Joomla and Drupal. | ||
|
|
||
| `git clone https://github.com/Dionach/CMSmap.git /opt/CMSmap` | ||
|
|
||
| #### Veil Framework {#tooling-setup-kali-linux-tools-i-use-that-need-adding-to-kali-linux-veil-framework} | ||
|
|
||
|
|
||
| I have decided to clone the [Veil-Framework] (https://www.veil-framework.com/), as it has a good collection of very useful tools. Veil-Evasion is specifically useful for antimalware evasion. The Veil super project also has an install script to install all Veil projects, found at the [Veil](https://github.com/Veil-Framework/Veil) repository for the Veil-Framework account on github. | ||
|
There was a problem hiding this comment. Doing this might have been a good idea, if you could ensure that all links in headings would be placed in the text very shortly after the heading as is the case here, but I don't think that is feasible. There are a lot of links in headings, we just need a link in heading format to apply to any given existing font format that slightly modifies it, rather than making links look like |
||
|
|
||
| There are install guides here: | ||
| [https://www.veil-framework.com/guidesvideos/](https://www.veil-framework.com/guidesvideos/) | ||
|
|
@@ -551,10 +551,10 @@ We no longer must run everything as root, so this is no longer an issue. | |
| Port: `8080` | ||
|
|
||
| * **ScriptSafe**: I like to be in control of where my JavaScript is coming from | ||
| * **Cookies**: <!---Need some content here--->. | ||
| * **EditThisCookie**:<Need some content here> | ||
| * **SessionBuddy**: For storage of browser sessions and easy hydration | ||
| * **User Agent Switcher for Chrome**:<Need some content here> | ||
|
There was a problem hiding this comment. This was done as per your previous instruction: ba55af9 |
||
| * **Web Developer**: I am a web developer, it has some really useful tools that provide visibility and insight | ||
|
|
||
| #### [Iceweasel](https://wiki.debian.org/Iceweasel) (FireFox with different Licensing) add-ons {#tooling-setup-kali-linux-tools-i-use-that-need-adding-to-kali-linux-iceweasel-add-ons} | ||
|
|
@@ -563,7 +563,7 @@ A small introduction to Iceweasel: Iceweasel was forked from Firefox for the pur | |
|
|
||
| * **FoxyProxy Standard**: Similar to the same [Chromium](#tooling-setup-kali-linux-tools-i-use-that-need-adding-to-kali-linux-chromium-extensions-foxyproxy-standard) Extension as discussed above | ||
| * **NoScript**: I like to know where my JavaScript is coming from | ||
| * **Tamper Data**:<!---Need some content here---> | ||
|
|
||
| * **Web Developer**: I'm a web developer, it has some really useful tools that provide visibility and insight | ||
| * **HackBar**: HackBar is somewhat useful for (en/de)coding (Base64, Hex, MD5, SHA-(1/256), etc), manipulating and splitting URLs | ||
| * **Advanced Cookie Manager** | ||
|
|
@@ -577,6 +577,7 @@ A small introduction to Iceweasel: Iceweasel was forked from Firefox for the pur | |
| %% http://blog.binarymist.net/2014/03/29/up-and-running-with-kali-linux-and-friends/#openVAS | ||
|
|
||
| ### Additional Hardware {#tooling-setup-kali-linux-additional-hardware} | ||
| <!---Need some content here---> | ||
|
There was a problem hiding this comment. This is a heading and subheading. These appear like this in many places in both F0 and F1. We're not changing these. |
||
|
|
||
| #### TP-LINK TL-WN722N USB Wireless Adapter | ||
|
|
||
|
|
@@ -588,9 +589,9 @@ As I find it flexible to run pen testing set-ups on VMs, the following addresses | |
|
|
||
| The following is the process I have found to set-up the pass-through on Kali 2016.1 (first Kali rolling release. Kernel 4.3, Gnome 3.18), by-passing the Linux Mint 17.3 (Rosa) Host (in my case). | ||
|
|
||
| ##### Wi-Fi Adapter | ||
|
|
||
| TP-LINK TL-WN722N Version 1.10: | ||
|
|
||
|
|
||
| * chip-set: Atheros ar9271 | ||
| * Vendor ID: 0cf3 | ||
|
|
@@ -600,7 +601,7 @@ TP-LINK TL-WN722N Version 1.10 | |
|  | ||
|
|
||
| ##### Useful commands: | ||
| <!---Please provide a lead-in sentence before Bullet list---> | ||
|
There was a problem hiding this comment. I don't want to add filler text for the sake of it. All I would say is what is already obvious, These are useful commands to be used when setting up the TL-WN722N |
||
| * `iwconfig` | ||
| * `ifconfig` | ||
| * `sudo lshw -C network` | ||
|
|
@@ -644,7 +645,7 @@ First of all, you need to add the user that controls the guest to the vboxusers | |
| ##### Provide USB recognition to guest: | ||
|
|
||
| Install the appropriate VirtualBox Extension Pack on to the host. These packs can be found here ([https://www.virtualbox.org/wiki/Downloads](https://www.virtualbox.org/wiki/Downloads)) for the most recent, | ||
| and older builds here: ([https://www.virtualbox.org/wiki/Download_Old_Builds_5_0](https://www.virtualbox.org/wiki/Download_Old_Builds_5_0)). Do not forget to checksum the pack before you add the extension. The version of the extension pack must match that of the VirtualBox installed. Now in your guest, check to see if you have the appropriate linux-headers package installed. If you do not, run the following commands: | ||
|
|
||
| 1. `apt-get update` | ||
| 2. `apt-get upgrade` | ||
|
|
@@ -654,21 +655,21 @@ and older builds here: ([https://www.virtualbox.org/wiki/Download_Old_Builds_5_0 | |
| 6. Apply extension to VirtualBox in the host at: File -> Preferences -> Extensions. | ||
|
|
||
| ##### Blacklist Wi-Fi Module on Host: | ||
| <!---Please provide a lead-in sentence---> | ||
|
There was a problem hiding this comment. It's obvious by the heading as to what this is about. No lead in necessary. |
||
| 1.Unload the `ath9k_htc` module to take effect immediately, and blacklist it so that it does not load on boot. The module needs to be blacklisted on the host in order for the guest to be able to load it. Now we need to check to see if the module is currently loaded on the host with the following command: | ||
|
There was a problem hiding this comment. For ordered lists, a space is required after the Are you OK with converting this to an ordered list @holisticinfosec? |
||
|
|
||
| `lsmod | grep -e ath` | ||
|
|
||
| 2.We are looking for `ath9k_htc`. If it is visible in the output produced from the previous command, unload it with the following command: | ||
|
|
||
| `modprobe -r ath9k_htc` | ||
|
|
||
| 3.Next you will need to create a blacklist file in `/etc/modprobe.d/` | ||
| Create `/etc/modprobe.d/blacklist-ath9k.conf` and add the following text into it and save: | ||
|
|
||
| `blacklist ath9k_htc` | ||
|
|
||
| 4.I had to perform the following step on Kali 1.1, but it seems it is no longer necessary in Kali 2016.1 rolling. If you are still on 1.1, go into the settings of your VM -> USB -> and add a Device Filter. I named this tl-wn722n and added the Vendor and Product IDs we discovered with the `lsusb` command. Make sure Enable USB 2.0 (EHCI) Controller is also enabled as shown in the following screenshot: | ||
|
|
||
|  | ||
|
|
||
|
|
@@ -714,7 +715,7 @@ I had to do the following step on Kali 1.1, but it seems it is no longer necessa | |
| ##### Test: | ||
|
|
||
| Plug your Wi-Fi adapter into your laptop. | ||
| <!---Please provide a lead-in---> | ||
|
There was a problem hiding this comment. I don't think it needs it. Thoughts @holisticinfosec? |
||
| In the Devices menu of your guest -> USB Devices, you should be able to select the ATHEROS USB2.0 WLAN adapter. | ||
|
|
||
| Run `dmesg | grep htc`, you should see something similar to the following printed: | ||
|
|
||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And there in lies the problem. The resource is listed in the Attributions, the link is also part of the heading so it's obvious that there is a resource available. Adding hrefs everywhere in text is just scruffy, it needs to be obvious to the reader that there is a link and maybe if they want to check it out, then view it in the Attributions chapter.