Friday, May 16, 2014

How to fix Wired Network interface "Device not managed" error in Debian or Kali Linux?

Read full details here: How to fix Wired Network interface "Device not managed" error in Debian or Kali Linux? 

Device not managed error actually is an interesting error. When I tested, Device not managed error only happened to Wired Network interfaces (such as eth0 or eth1) in both Debian and Kali Linux. It doesn’t seem to happen to wireless network interfaces. When a user connects their Laptop or Computer to a LAN cable, suddenly they get this Wired Network interface “Device not managed error” and they can’t browse internet. It is annoying and particularly confusing as the error goes not make it obvious how it was generated. Most people end up searching for “Firefox can’t connect to Internet” or “Unable to browse internet in Kali Linux” or such. Those search strings will take to nowhere. This guide takes you through step by step procedures on fixing “Wired Network interface Device not managed error” in Debian and Kali Linux.
In this guide I will quickly point you to an alternate solution where you can setup you IP addess from Command Line on Kali Linux.
The reason you should read this other guide is because if you only have one Laptop or Desktop which allows you to browse Internet and you’re stuck with this annoying “Device not managed” error, at least you will be able to setup an IP address manually and be able to browse Internet and search for instructions that will permanently fix this “Device not managed” error. Well, actually my guides fixes it forever, as you can see from the comments section. But nevertheless, to be able to setup IP address from Command line in Linux is a must learn stuff for anyone as you might be using a non-GUI Linux or your GDM3/GNOME/KDE/KDM broke.

How to fix Wired Network interface is Unmanaged error in Debian or Kali Linux - 1  - blackMORE Ops

Read the rest of it here: How to fix Wired Network interface "Device not managed" error in Debian or Kali Linux?

Thursday, May 15, 2014

Remote Router Hack: DSL ADSL router hack using NMAP on Kali Linux. Windows and MAC works too!!

Read full details here: Remote Router Hack: DSL ADSL router hack using NMAP on Kali Linux. Windows and MAC works too!!

Remote Router Hack: DSL ADSL router hack using NMAP on Kali Linux. Windows and MAC works too!!

A Asynchronous digital subscriber line (DSL or ADSL) modem is a device used to connect a computer or router to a telephone line which provides the digital subscriber line service for connectivity to the Internet, which is often called DSL or ADSL broadband. In this guide I will show you show you how to scan IP range for connected ADSL or DSL modem routers and find DSL ADSL router hack remotely. This guide applies to Windows, Linux or MAC, so it doesn’t matter what’s your Operating system is, you can try the same steps from all these operating systems.
The term DSL or ADSL modem is technically used to describe a modem which connects to a single computer, through a USB port or is installed in a computer PCI slot. The more common DSL or ADSL router which combines the function of a DSL or ADSL modem and a home router, is a standalone device which can be connected to multiple computers through multiple Ethernet ports or an integral wireless access point. Also called a residential gateway, a DSL or ADSL router usually manages the connection and sharing of the DSL or ADSL service in a home or small office network.

What’s in a DSL ADSL Router?

A DSL or ADSL router consists of a box which has an RJ11 jack to connect to a standard subscriber telephone line. It has several RJ45 jacks for Ethernet cables to connect it to computers or printers, creating a local network. It usually also has a USB jack which can be used to connect to computers via a USB cable, to allow connection to computers without an Ethernet port. A wireless DSL or ADSL router also has antennas to allow it to act as a wireless access point, so computers can connect to it forming a wireless network. Power is usually supplied by a cord from a wall wart transformer.
It usually has a series of LED status lights which show the status of parts of the DSL or ADSL communications link:
  1. Power light – indicates that the modem is turned on and has power.
  2. Ethernet lights – There is usually a light over each Ethernet jack. A steady (or sometimes flashing) light indicates that the Ethernet link to that computer or device is functioning
  3. DSL or ADSL light – a steady light indicates that the modem has established contact with the equipment in the local telephone exchange (DSL or ADSLAM) so the DSL or ADSL link over the telephone line is functioning
  4. Internet light – a steady light indicates that the IP address and DHCP protocol are initialized and working, so the system is connected to the Internet
  5. Wireless light – only in wireless DSL or ADSL modems, this indicates that the wireless network is initialized and working

Almost every ADSL DSL modem router provides a management web-page available via Internal network (LAN or Local area network) for device management, configuration and status reporting. You are supposed to login to the management web-page, configure a username password combination provided by your ISP (Internet service provider) which then allows you to connect to internet.
The network is divided into two parts:

External Network

External network indicates the part where ADSL DSL modem routers connects to upstream provider for internet connectivity. Once connected to the ISP via a Phone line (ADSL DSL Modem routers can use conventional Copper Phone lines to connect to ISP at a much higher speed), the router gets an IP address. This is usually a Publicly routable IP address which is open to the whole world.

Internal Network

Internal network indicates the part where devices in Local Area Network connects to the ADSL DSL modem router via either Wireless or Ethernet cable. Most modem DSL ADSL Modem routers runs a DHCP server internally which assigns an Internall IP address to the connected device. When I say device, this can be anything from a conventional computer, a laptop, a phone (Android, Apple, Nokia or Blackberry etc.), A smart TV, A Car, NAS, SAN, An orange, A banana, A cow, A dragon, Harry Potter … I mean anything that’s able to connect to internet! So you get the idea. Each device get’s it’s own IP address, a Gateway IP and DNS entries. Depending on different DSL ADSL Modem router, this can be slightly different, but the idea remains the same, the DSL ADSL Router allows users to share internet connectivity.
These DSL ADSL Modem Routers are like miniature Gateway devices that can have many services running on them. Usually they all use BusyBox or similar proprietary Linux applications on them. You want to know what a DSL ADSL Router can do? Here’s a list of common services that can run on a DSL ADSL Modem Router:
  1. ADSL2 and/or ADSL2+ support
  2. Antenna/ae (wireless)
  3. Bridge/Half-bridge mode
  4. Cookie blocking
  5. DHCP server
  6. DDNS support
  7. DoS protection
  8. Switching
  9. Intrusion detection
  10. LAN port rate limiting
  11. Inbuilt firewall
  12. Inbuilt or Free micro-filter
  13. Java/ActiveX applet blocking
  14. Javascript blocking
  15. MAC address filtering
  16. Multiple public IP address binding
  17. NAT
  18. Packet filter
  19. Port forwarding/port range forwarding
  20. POP mail checking
  21. QoS (especially useful for VoIP applications)
  22. RIP-1/RIP-2
  23. SNTP facility
  24. SPI firewall
  25. Static routing
  26. So-called “DMZ” facility
  27. RFC1483 (bridged/routed)
  28. IPoA
  29. PPPoE
  30. PPPoA
  31. Embedded PPPoX login clients
  32. Parental controls
  33. Print server inbuilt
  34. Scheduling by time/day of week
  35. USB print server
  36. URL blocking facility
  37. UPnP facility
  38. VPN pass-through
  39. Embedded VPN servers
  40. WEP 64/128/256 bit (wireless security)
  41. WPA (wireless security)
  42. WPA-PSK (wireless security)
That’s a lot of services running on a small device that are configured by nanny, granny, uncle, aunt and the next door neighbour, in short many non technical people around the world. How many of those configured badly? Left ports open left right and center? Didn’t change default admin passwords? Many! I mean MANY! In this guide we will use namp to scan a range of IP addresses, from output we will determine which are DSL ADSL Routers and have left their Management ports open to External Network. (again read top section to know which one is a external network).

A typical ADSL Router’s Management interface is available via following URL:
This is the Management page for DSL ADSL modem router and it’s always protected by a password. By default, this password is written below a DSL ADSL modem router in a sticker and they are one of these combinations:



A lot of the home users doesn’t change this password. Well, that’s 
ok. It doesn’t hurt much cause this is only available via a connected 
device. But what’s not OKAY is when users open up their management to 
the external network. All you need to know what’s the Public IP address 
for your target and just try to access this management page externally.

Read the rest of it here: Remote Router Hack: DSL ADSL router hack using NMAP on Kali Linux. Windows and MAC works too!!

Wednesday, May 7, 2014

Use SQLMAP SQL Injection to hack a website and database on Kali Linux

Read full details here: Use SQLMAP SQL Injection to hack a website and database on Kali Linux

What is SQL Injection?

SQL injection is a code injection technique, used to attack data driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).[1] SQL injection must exploit a security vulnerability in an application’s software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL databases. In this guide I will show you how to SQLMAP SQL Injection on Kali Linux to hack a website (more specifically Database) and extract usernames and passwords on Kali Linux.

What is SQLMAP

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.


  1. Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB database management systems.
  2. Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query, stacked queries and out-of-band.
  3. Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.
  4. Support to enumerate users, password hashes, privileges, roles, databases, tables and columns.
  5. Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.
  6. Support to dump database tables entirely, a range of entries or specific columns as per user’s choice. The user can also choose to dump only a range of characters from each column’s entry.
  7. Support to search for specific database names, specific tables across all databases or specific columns across all databases’ tables. This is useful, for instance, to identify tables containing custom application credentials where relevant columns’ names contain string like name and pass.
  8. Support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
  9. Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
  10. Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user’s choice.
  11. Support for database process’ user privilege escalation via Metasploit’s Meterpreter getsystem command.

Be considerate to the user who spends time and effort to put up a website and possibly depends on it to make his days end. Your actions might impact someone is a way you never wished for. I think I can’t make it anymore clearer.

Read the rest of it here: Use SQLMAP SQL Injection to hack a website and database on Kali Linux

Monday, May 5, 2014

DOS using hping3 with random source IP on Kali Linux

Read full details here: DOS using hping3 with random source IP on Kali Linux

DOS using hping3 with random source IP on Kali Linux

Let’s face it, you installed Kali Linux to learn how to DOS, how to crack into your neighbors Wireless router, how to hack into a remote Windows machine be that a Windows 2008 R2 server or Windows 7 or learn how to hack a website using SQL Injection. There’s lot’s of guide that explain it all. In this guide, I am about to demonstrate how to DOS using hping3 with random source IP on Kali Linux. That means,
  1. You are executing a Denial of Service attack or DOS using hping3
  2. You are hiding your a$$ (I meant your source IP address).
  3. Your destination machine will see source from random source IP addresses than yours (IP masquerading)
  4. Your destination machine will get overwhelmed within 5 minutes and stop responding.
Sounds good? I bet it does. But before we go and start using hping3, let’s just go over the basics..

What’s hping3?

hping3 is a free packet generator and analyzer for the TCP/IP protocol. Hping is one of the de-facto tools for security auditing and testing of firewalls and networks, and was used to exploit the Idle Scan scanning technique now implemented in the Nmap port scanner. The new version of hping, hping3, is scriptable using the Tcl language and implements an engine for string based, human readable description of TCP/IP packets, so that the programmer can write scripts related to low level TCP/IP packet manipulation and analysis in a very short time.
Like most tools used in computer security, hping3 is useful to security experts, but there are a lot of applications related to network testing and system administration.

hping3 should be used to…

  • Traceroute/ping/probe hosts behind a firewall that blocks attempts using the standard utilities.
  • Perform the idle scan (now implemented in nmap with an easy user interface).
  • Test firewalling rules.
  • Test IDSes.
  • Exploit known vulnerabilties of TCP/IP stacks.
  • Networking research.
  • Learn TCP/IP (hping was used in networking courses AFAIK).
  • Write real applications related to TCP/IP testing and security.
  • Automated firewalling tests.
  • Proof of concept exploits.
  • Networking and security research when there is the need to emulate complex TCP/IP behaviour.
  • Prototype IDS systems.
  • Simple to use networking utilities with Tk interface.

hping3 is pre-installed on Kali Linux like many other tools. It is quite useful and I will demonstrate it’s usage soon.

My setup

I have two machines. The first one is my attacking machines and the second one is my target machine.

Attacking Machine

I have freshly installed Kali Linux 1.0.6 64-bit running on a VirtualBox with internal networking setup. You can use NAT/Bridge or any types of setup you feel like. You can also use VMWare if you have a license for it.

Target Machine

I am running Linux Mint Debian edition (LMDE) version 16 64-bit on my target machine. Similar to my attacking machine, this one is also virtualized running on a VirtualBox with internal networking setup. You can again using VMWare or physical installation if you want to.
I’ve tested this with Windows 7, Linux Mint, Windows server 2008 R2, Kali Linux, CentOS 6.4 and Ubuntu. All the target machines became completely unusable or unresponsive within 5 minutes. It made no difference whether the target machine was 64-bit or 32-bit, the results were conclusive. After 5 minutes attack from a single source/attacking machine, their TPC stack was almost full and I could hardly move my mouse in them.

Read the rest of it here: DOS using hping3 with random source IP on Kali Linux

Saturday, May 3, 2014

Detect Exploit openSSL Heartbleed vulnerability using Nmap and Metasploit on Kali Linux

Read full details here: Detect Exploit openSSL Heartbleed vulnerability using Nmap and Metasploit on Kali Linux


The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs). This guide is specifically designed to show how to detect exploit openSSL Heartbleed vulnerability using Nmap and Metasploit on Kali Linux.
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
A fixed version of OpenSSL was released on April 7, 2014, at the same time as Heartbleed was publicly disclosed. At that time, some 17 percent (around half a million) of the Internet’s secure web servers certified by trusted authorities were believed to be vulnerable to the attack, allowing theft of the servers’ private keys and users’ session cookies and passwords.
Heartbleed is registered in the Common Vulnerabilities and Exposures system as CVE-2014-0160.

Discovery and Naming

The bug was named by an engineer at the firm Codenomicon, a Finnish cybersecurity company, which also created the bleeding heart logo, and launched the domain to explain the bug to the public. According to Codenomicon, Neel Mehta first reported the bug to OpenSSL, but both Google and Codenomicon discovered it independently. Codenomicon reports April 3 as their date of discovery of the bug and as their date of notification of NCSC-FI (formerly known as CERT-FI) for vulnerability coordination.

Affected and non-affected OpenSSL versions

Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.
  1. OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
  2. OpenSSL 1.0.1g is NOT vulnerable
  3. OpenSSL 1.0.0 branch is NOT vulnerable
  4. OpenSSL 0.9.8 branch is NOT vulnerable
The vulnerable versions have been out there for over two years now and they have been rapidly adopted by modern operating systems. A major contributing factor has been that TLS versions 1.1 and 1.2 came available with the first vulnerable OpenSSL version (1.0.1) and security community has been pushing the TLS 1.2 due to earlier attacks against TLS.

Affected operating systems?

Some operating system distributions that have shipped with potentially vulnerable OpenSSL version:
  1. Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4
  2. Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11
  3. CentOS 6.5, OpenSSL 1.0.1e-15
  4. Fedora 18, OpenSSL 1.0.1e-4
  5. OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012)
  6. FreeBSD 10.0 – OpenSSL 1.0.1e 11 Feb 2013
  7. NetBSD 5.0.2 (OpenSSL 1.0.1e)
  8. OpenSUSE 12.2 (OpenSSL 1.0.1c)
Operating system distribution with versions that are not vulnerable:
  1. Debian Squeeze (oldstable), OpenSSL 0.9.8o-4squeeze14
  2. SUSE Linux Enterprise Server
  3. FreeBSD 8.4 – OpenSSL 0.9.8y 5 Feb 2013
  4. FreeBSD 9.2 – OpenSSL 0.9.8y 5 Feb 2013
  5. FreeBSD 10.0p1 – OpenSSL 1.0.1g (At 8 Apr 18:27:46 2014 UTC)
  6. FreeBSD Ports – OpenSSL 1.0.1g (At 7 Apr 21:46:40 2014 UTC)
That’s a lot of system’s that are vulnerable. We all thought Linux is secured and open source being the bearer of security flag, apparently not anymore!

This attack in UNDETECTABLE

Exploitation of this bug does not leave any trace of anything abnormal happening to the logs. Some Intrusion detection and Intrusion prevention systems can pick up this attack but they need to have specific rules. With SSL deemed safe, not many organization would actually implement that. That means many secured system vulnerable.
It affects 32 bit and 64 bit systems alike. There is no total of 64 kilobytes limitation to the attack, that limit applies only to a single heartbeat. Attacker can either keep reconnecting or during an active TLS connection keep requesting arbitrary number of 64 kilobyte chunks of memory content until enough secrets are revealed.
This means, an attacker can attack both 32 and 64 bit systems alike, can repeat this attack as many times they want and no one will know as the connection is deemed safe and no logs will be generated about an attack. This is PROBABLY the worst bug that was discovered in any system. It is also speculated that NSA, CIA and many security organizations were aware of this vulnerability and abused this till now. While this can not be confirmed, but the possibilities are really scary!

What we are going to do in this guide?

This guide will demonstrate the following:
  1. How to setup a openSSL Heartbleed vulnerable system with Apache and SSL.
  2. How to scan for openSSL Heartbleed vulnerable system with Nmap.
  3. How to exploit openSSL Heartbleed vulnerability with MetaSploit on Kali Linux.
Scanning is quite easy, you just need to find a target and use Nmap to scan it. Offensive Security’s MetaSploit is another fantastic tool to use to exploit this vulnerability. Together, they can be used to exploit any vulnerable system.

Our setup

Because I can’t directly show how to exploit a live target (and most common target’s are already being patched).. I will demonstrate this using the following method:

Target System:

  • Freshly installed Kali Linux version 1.0.6 (it is vulnerable).
  • OpenSSL version 1.0.1e built before April 7 2014. (that’s when the fix was released)
  • Setup Apache Web server.
  • Enable SSL support on Apache Web server.

Attacking System

  • Kali 1.0.6 fully updated and upgraded (specifically MetaSploit and Nmap)

Read the rest of it here: Detect Exploit openSSL Heartbleed vulnerability using Nmap and Metasploit on Kali Linux