zoukankan      html  css  js  c++  java
  • Kali Linux additional tools setup

    The steps are pretty straight forward. The only tool that might cause some confusion is SMBexec. This requires you to interact 3 times with a different option every time. So here’s the options you need to use, in the correct order

    1. Select option 1 (When prompted for the path, write: /opt/tools)
    2. Select option 4
    3. Select option 5

    Right after you have written the path to where to install SMBexec, the script will ask you the same question. Make sure that you write the same, /opt/tools, there as well. This is so the bash script knows where to find the new  install.sh script for SMBexec. 

    Other than this, the rest of the process is very simple.

    You can either download the script from my gist  here , or copy the code from below 

    #!/bin/bash
    echo ""
    echo "=========================================================================="
    echo "= Pentest Attack Machine Setup										   ="
    echo "= Based on the setup from The Hacker Playbook							="
    echo "=========================================================================="
    echo ""
    # Prepare tools folder
    echo "[+] Creating tools folder in /opt"
    mkdir /opt/tools/
    echo ""
    # Setting up metasploit with postgresql
    echo "[+] Setting up metasploit with postgresql"
    service postgresql start
    service metasploit start
    echo ""
    # Discover Scripts - Passive reconnaissance
    echo "[+] Installing Discover Scripts"
    cd /opt/tools/
    git clone https://github.com/leebaird/discover.git
    cd /opt/tools/discover/
    /opt/tools/discover/setup.sh
    echo ""
    # SMBexec - Grab hashes out of the Domain Controller and reverse shells
    # Step 1: Select option 1
    # Step 2: Select option 4
    # Step 3: Select option 5
    echo "[+] Installing SMBexec"
    cd /tmp/
    git clone https://github.com/brav0hax/smbexec.git
    cd /tmp/smbexec/
    echo "[+] Select option 1"
    /tmp/smbexec/install.sh
    echo "[*] Where did you install SMBexec?: "
    read smbexecpath
    $smbexecpath/smbexec/install.sh
    echo ""
    # Veil - Create Python based Meterpreter executable
    echo "[+] Installing Veil Framework"
    cd /opt/tools/
    git clone https://github.com/Veil-Framework/Veil-Evasion.git Veil
    cd /opt/tools/Veil/setup
    /opt/tools/Veil/setup/setup.sh
    echo ""
    # WCE (Windows Credential Editor) - Pulls passwords from memory
    echo "[+] Downloading and installing WCE (Windows Credential Editor)"
    mkdir /opt/tools/wce/
    cd /tmp/
    wget http://www.ampliasecurity.com/research/wce_v1_41beta_universal.zip
    unzip -d /opt/tools/wce/ wce_v1_41beta_universal.zip
    rm -f wce_v1_41beta_universal.zip
    echo ""
    # Mimikatz - Pulls passwords from memory
    echo "[+] Installing Mimikatz"
    mkdir /opt/tools/mimikatz/
    cd /tmp/
    wget https://github.com/gentilkiwi/mimikatz/releases/download/2.0.0-alpha-20150122/mimikatz_trunk.zip
    unzip -d /opt/tools/mimikatz/ mimikatz_trunk.zip
    rm -f mimikatz_trunk.zip
    echo ""
    # PeepingTom - Website snapshots
    echo "[+] Installing PeepingTom"
    cd /opt/tools/
    git clone https://bitbucket.org/LaNMaSteR53/peepingtom.git
    cd /opt/tools/peepingtom/
    wget https://gist.githubusercontent.com/nopslider/5984316/raw/423b02c53d225fe8dfb4e2df9a20bc800cc78e2c/gnmap.pl
    echo ""
    # Download appropriate PhantomJS package
    if $(uname -m | grep '64'); then
      wget http://phantomjs.googlecode.com/files/phantomjs-1.9.2-linux-x86_64.tar.bz2
      tar xf phantomjs-1.9.2-linux-x86_64.tar.bz2
      cp /opt/tools/peepingtom/phantomjs-1.9.2-linux-x86_64/bin/phantomjs .
    else
      wget http://phantomjs.googlecode.com/files/phantomjs-1.9.2-linux-i686.tar.bz2
      tar xf phantomjs-1.9.2-linux-i686.tar.bz2
      cp /opt/tools/peepingtom/phantomjs-1.9.2-linux-i686/bin/phantomjs .
    fi
    echo ""
    # Nmap script - Quicker scanning and smarter identification
    echo "[+] Installing nmap scripts"
    cd /usr/share/nmap/scripts/
    wget https://raw.githubusercontent.com/hdm/scan-tools/master/nse/banner-plus.nse
    echo ""
    # PowerSploit - Scripts for post exploitation
    echo "[+] Installing PowerSploit"
    cd /opt/tools/
    git clone https://github.com/mattifestation/PowerSploit.git
    cd /opt/tools/PowerSploit/
    wget https://raw.githubusercontent.com/obscuresec/random/master/StartListener.py
    wget https://raw.githubusercontent.com/darkoperator/powershell_scripts/master/ps_encoder.py
    echo ""
    # Responder - Used to gain NTLM challenge/response
    echo "[+] Installing Responder"
    cd /opt/tools/
    git clone https://github.com/SpiderLabs/Responder.git
    echo ""
    # SET (Social Engineering Toolkit) - Pre-installed on Kali Linux
    echo "[+] Installing SET (Social Engineering Toolkit)"
    cd /opt/tools/
    git clone https://github.com/trustedsec/social-engineer-toolkit.git set
    cd /opt/tools/set/
    /opt/tools/set/setup.py install
    echo ""
    # Bypassuac - Used to bypass UAC in post exploitation
    # → https://www.trustedsec.com/downloads/
    echo "[+] Installing Bypass UAC"
    cd /tmp/
    wget https://www.trustedsec.com/files/bypassuac.zip
    unzip bypassuac.zip
    cp bypassuac/bypassuac.rb /opt/metasploit/apps/pro/msf3/scripts/meterpreter/
    mv bypassuac/uac/ /opt/metasploit/apps/pro/msf3/data/exploits/
    rm -Rf bypassuac
    echo ""
    # BeEF - cross-site scripting framework
    # → http://beefproject.com/
    echo "[+] Installing BeEF"
    apt-get install beef-xss
    echo ""
    # PEDA - Python Exploit Development Assistance for GDB
    # → Repository: https://github.com/longld/peda
    echo "[+] Installing PEDA"
    git clone https://github.com/longld/peda.git /opt/peda
    echo "source /opt/peda/peda.py" >> ~/.gdbinit
    echo ""
    # The End
    echo "[+] All tools installed successfully!"
    echo "[+] ~~~ Happy Hacking! ~~~"
    echo ""
  • 相关阅读:
    python异常处理
    装饰器汇总
    PHP PDO预定义常量
    [转载]Firebird与MySQL:一个使用者的体会
    卸载AppDomain动态调用DLL异步线程执行失败
    c#数据库访问读取数据速度测试
    iis最大工作进程数
    WINCE 获取智能设备唯一编号
    通过 JDBC 驱动程序使用大容量复制
    IIS出现问题时修改配置文件的几项说明
  • 原文地址:https://www.cnblogs.com/askDing/p/5937551.html
Copyright © 2011-2022 走看看