xaxim/kali.txt

## kali.txt

== Installation and Configuration ==

leafpad kali_update.sh
apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y
chmod +x kali_update.sh
./kali_update.sh
apt-get install [package]
dpkg -l | grep [package]
apt-cache show [package]
apt-get remove [package]
leafpad /etc/apt/sources.list
apt-get install preload
apt-get install bleachbit
apt-get install bum
apt-get install gnome-do
apt-get install apt-file
apt-get install scrub
apt-get install shutter
apt-get install figlet

leafpad /root/.bashrc
add in the end:
figlet goodhacking.org

cd /etc/ssh
mkdir [bakcup_folder] (keys_backup_ssh)
mv ssh_host_* [bakcup_folder]
dpkg-reconfigure openssh-server

service ssh start
netstat -antp
service ssh stop

apt-get install tor
leafpad /etc/proxychains.conf
Disable strict_chain
Enable dynamic_chain
Add the socks5 proxy at the end:
socks5 127.0.0.1 9050

service tor start
service tor status

iceweasel www.whatismyip.com
proxychains iceweasel www.whatismyip.com

chkrootkit

== Information Gathering ==

www.exploit-db.com
dnsstuff.com

metagoofil -d goodhacking.org -t doc -o temp -f goodhacking.org.html
theharvester --help
theharvester -d ethicalhackingblog.com -b google -l 100
whois ethicalhackingblog.com
fierce -dns ethicalhackingblog.com
dmitry -winsepfbo ethicalhackingblog.com
git clone https://github.com/leebaird/discover.git
cd discover
./discover.sh

apt-get install recon-ng
recon-ng
show modules
load infodb (loads ipinfodb, doesnt care for exact name)
show info
//set
//run
back
workspaces add mysite
add domains ethicalhackingblog.com
load bing_domain_web
run
load brute_hosts
run
show hosts
load hosts-hosts/resolve
run
show hosts
load hosts-hosts/reverse_resolve
run
load ipinfodb
run
(you need to register in ipinfodb.com)
keys add ipinfodb <paste_key_here>
keys list
show hosts
load html
show options
set creator gus
set customer mywebsite
run


== External Pentesting ==

traceroute www.google.com
nmap -v --traceroute 104.210.194.254
ping www.pluralsight.com -c 3
hping3 -S www.pluralsight.com -p 80 -c 3
nmap -T4 -sn www.pluralsight.com -v
nmap -T4 -v -PN -n -sS --top-ports 100 --max-parallelism 10 -oA nmapSYN 104.210.194.254
nmap -T4 -v -PN -n -sA --top-ports 100 --max-parallelism 10 -oA nmapSYN 104.210.194.254
nmap -T5 -v -PN -A -oA nmapComplete 104.210.194.254

== Website Penetration Testing ==

wafw00f http://www.ethicalhackingblog.com
lbd http://www.ethicalhackingblog.com
apt-get install httrack
httrack "http://192.168.0.107/multillidae" (maquina com metasploitable linux) -O "/tmp/httrack" -v
sslscan http://www.ethicalhackingblog.com
wpscan -u 192.168.0.108 (maquina com wordpress vulneravel) --enumerate vp
wpscan -u 192.168.0.108 (maquina com wordpress vulneravel) --enumerate u
wpscan -u 192.168.0.108 (maquina com wordpress vulneravel) --wordlist /usr/share/wordlists/rockyou.txt --username admin

	== Installation and Configuration ==

	leafpad kali_update.sh
	apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y
	chmod +x kali_update.sh
	./kali_update.sh
	apt-get install [package]
	dpkg -l \| grep [package]
	apt-cache show [package]
	apt-get remove [package]
	leafpad /etc/apt/sources.list
	apt-get install preload
	apt-get install bleachbit
	apt-get install bum
	apt-get install gnome-do
	apt-get install apt-file
	apt-get install scrub
	apt-get install shutter
	apt-get install figlet

	leafpad /root/.bashrc
	add in the end:
	figlet goodhacking.org

	cd /etc/ssh
	mkdir [bakcup_folder] (keys_backup_ssh)
	mv ssh_host_* [bakcup_folder]
	dpkg-reconfigure openssh-server

	service ssh start
	netstat -antp
	service ssh stop

	apt-get install tor
	leafpad /etc/proxychains.conf
	Disable strict_chain
	Enable dynamic_chain
	Add the socks5 proxy at the end:
	socks5 127.0.0.1 9050

	service tor start
	service tor status

	iceweasel www.whatismyip.com
	proxychains iceweasel www.whatismyip.com

	chkrootkit

	== Information Gathering ==

	www.exploit-db.com
	dnsstuff.com

	metagoofil -d goodhacking.org -t doc -o temp -f goodhacking.org.html
	theharvester --help
	theharvester -d ethicalhackingblog.com -b google -l 100
	whois ethicalhackingblog.com
	fierce -dns ethicalhackingblog.com
	dmitry -winsepfbo ethicalhackingblog.com
	git clone https://github.com/leebaird/discover.git
	cd discover
	./discover.sh

	apt-get install recon-ng
	recon-ng
	show modules
	load infodb (loads ipinfodb, doesnt care for exact name)
	show info
	//set
	//run
	back
	workspaces add mysite
	add domains ethicalhackingblog.com
	load bing_domain_web
	run
	load brute_hosts
	run
	show hosts
	load hosts-hosts/resolve
	run
	show hosts
	load hosts-hosts/reverse_resolve
	run
	load ipinfodb
	run
	(you need to register in ipinfodb.com)
	keys add ipinfodb <paste_key_here>
	keys list
	show hosts
	load html
	show options
	set creator gus
	set customer mywebsite
	run


	== External Pentesting ==

	traceroute www.google.com
	nmap -v --traceroute 104.210.194.254
	ping www.pluralsight.com -c 3
	hping3 -S www.pluralsight.com -p 80 -c 3
	nmap -T4 -sn www.pluralsight.com -v
	nmap -T4 -v -PN -n -sS --top-ports 100 --max-parallelism 10 -oA nmapSYN 104.210.194.254
	nmap -T4 -v -PN -n -sA --top-ports 100 --max-parallelism 10 -oA nmapSYN 104.210.194.254
	nmap -T5 -v -PN -A -oA nmapComplete 104.210.194.254

	== Website Penetration Testing ==

	wafw00f http://www.ethicalhackingblog.com
	lbd http://www.ethicalhackingblog.com
	apt-get install httrack
	httrack "http://192.168.0.107/multillidae" (maquina com metasploitable linux) -O "/tmp/httrack" -v
	sslscan http://www.ethicalhackingblog.com
	wpscan -u 192.168.0.108 (maquina com wordpress vulneravel) --enumerate vp
	wpscan -u 192.168.0.108 (maquina com wordpress vulneravel) --enumerate u
	wpscan -u 192.168.0.108 (maquina com wordpress vulneravel) --wordlist /usr/share/wordlists/rockyou.txt --username admin