How to install Google Chrome Browser on Kali Linux

Objective

The objective is to install Google Chrome web browser on Kali Linux. See an appendix for a possible issue troubleshooting.

Requirements

Privileged access to your Kali Linux installation or Live system is required.

Difficulty

EASY

Conventions

• # - requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
• $ - requires given linux commands to be executed as a regular non-privileged user

Instructions

Download Google Chrome

To start, use wget command to download a latest Google Chrome debian package:

# wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb

Install Google Chrome

The easiest way to install google chrome on you Kali Linux is to by use of gdebi which will automatically download all depended packages. First, install gdebi:

# apt install gdebi-core

Once ready, install the actual google chrome package:

# gdebi google-chrome-stable_current_amd64.deb

Start Google Chrome

To start Google Chrome, open up a terminal and run google-chrome command:

$ google-chrome --no-sandbox

Appendix

No sandbox

ERROR:zygote_host_impl_linux.cc(89)] Running as root without --no-sandbox is not supported.

To avoid this error simply start the Google Chrome browser by using a --no-sandbox switch:

# google-chrome --no-sandbox

Illegal Instruction

The Illegal Instruction error message appears when running the google-chrome command as privileged root user. Since by default Kali Linux's default user is root, we need to create a dummy non-privileged user eg. linuxconfig, and use this user to start Google Chrome browser:

# useradd -m -d /home/linuxconfig linuxconfig
# su linuxconfig -c google-chrome

Package libappindicator1 is not installed

dpkg: dependency problems prevent configuration of google-chrome-stable:
 google-chrome-stable depends on libappindicator1; however:
  Package libappindicator1 is not installed.

To resolve Google Chrome's dependencies problems use gdebi to install Google Chrome's debian package. See above.

Ahıska Türklerinin sürgün edilişinin 73. yıldönümü

Ahıska Türkleri, 1944’te Sovyet lideri Stalin tarafından kapalı yük trenleri içinde vatanlarından Orta Asya’ya sürgüne yollanmış bir topluluktur. Stalin liderliğindeki Sovyetler Birliği, 14 Kasım 1944'te Gürcistan’ın Ahıska bölgesinde yaşayan on binlerce Ahıskalı Türk’ü ''sınır güvenliğini tehdit ettikleri'' gerekçesiyle sürgün etmiştir. Bugün bu Türklerin tarif edilmez acılar çektiği, yerlerinden sürüldüğü, açlıkla ve ölümle imtihanının 73. yıldönümü.

11 Firefox Add-ons a Hacker Must Have

11 Firefox Add-ons a Hacker Must Have 1. Tamper Data Tamper data is a great tool to view and modify HTTP/HTTPS headers and post parameters. We can alter each request going from our machine to the destination host with this. It helps in security testing web applications by modifying POST parameters. It can be used in performing XSS and SQL Injection attacks by modifying header data. Add Tamper data to Firefox: https://addons.mozilla.org/en-us/firefox/addon/tamper-data/ 2. Firebug Firebug is a nice add-on that integrates a web development tool inside the browser. With this tool, you can edit and debug HTML, CSS, and JavaScript live on any webpage to see the effect of changes. It helps while analyzing JS files to find XSS vulnerabilities. It’s a very helpful add-on for finding DOM based XSS for security testing professionals. Add Firebug to your browser: https://addons.mozilla.org/en-US/firefox/addon/firebug/ 3. Hackbar Hackbar is a simple penetration tool for Firefox. It helps in testing simple SQL injection and XSS holes. You cannot execute standard exploits but you can easily use it to test whether or not vulnerability exists. You can also manually submit form data with GET or POST requests. It also has encryption and encoding tools. Most of the time, this tool helps while testing XSS vulnerability with encoded XSS payloads. It also supports keyboard shortcuts to perform various tasks. I am sure most people in the security field already know about this tool. Hackbar is mostly used in finding POST XSS vulnerabilities because it can send POST data manually to any page you like. With the ability to manually send POST form data, you can easily bypass client side validations. If your payload is being encoded at client side, you can use an encoding tool to encode your payload and then perform the attack. If the application is vulnerable to XSS, I am sure you will find the vulnerability with the help of the Hackbar add-on to Firefox browser. Add Hackbar to Firefox: https://addons.mozilla.org/en-US/firefox/addon/hackbar/ 4. Cookies Manager Cookie Manager is one of the greatest tools ever created. Using this tool you can actually play with cookies. You can alter almost every cookie using this tool. You can use Cookies Manager to view, edit, and create new cookies. It also displays extra information about cookies, allowing you to edit multiple cookies at once and backup/restore them. Add Cookies Manager to Firefox: https://addons.mozilla.org/en-US/firefox/addon/cookies-manager-plus/ 5. NoScript No Script add-on is greatness beyond imagination. With this tool, you can monitor each and every script running on a website; you can block any of the scripts and see what each script actually does. But this add-on is for experts, newbies will face problems using this. Note: If you are testing XSS, HTTPS header modifications, or Injection attacks on any website, you need to disable this plugin first because it will block your efforts. Add NoScript to Firefox: https://addons.mozilla.org/en-us/firefox/addon/noscript/ 6. Grease Monkey Grease Monkey is the counter part to NoScript, its function is the exact opposite of Noscript. We use Noscript to block scripts and GreaseMonkey to run them. It allows you to customize the way a web page displays or behaves by using small bits of JavaScript. Add Grease Monkey to Firefox: https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/ 7. User Agent Switcher User Agent Switcher adds a one-click user agent switch to the browser, along with a menu and tool bar button. Whenever you want to switch the user agent, use the browser button. User Agent add-on helps in spoofing the browser while performing an attack. Add User Agent Switcher to Firefox: https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher/ 8. CryptoFox CryptoFox is an encryption or decryption tool for Mozilla Firefox. It supports most of the available encryption algorithms so you can easily encrypt or decrypt data with supported encryption algorithms. This add-on comes with dictionary attack support to crack MD5 cracking passwords. Although it hasn’t always had great reviews, it works satisfactorily. Add CryptoFox to Firefox: https://addons.mozilla.org/en-US/firefox/addon/cryptofox/ 9. SQL Inject Me SQL Inject Me is another nice Firefox add-on used to find SQL injection vulnerabilities in web applications. This tool does not exploit vulnerabilities but displays their existence. SQL injection is one of the most harmful web application vulnerabilities, it can allow attackers to view, modify, edit, add, or delete records in a database. This tool sends escape strings through form fields and searches database error messages. If it finds a database error message, it marks the page as vulnerable. Hackers can use this tool for SQL injection testing. Add SQL Inject Me to Firefox: https://addons.mozilla.org/en-us/firefox/addon/sql-inject-me/ 10. XSS ME Cross Site Scripting is the most common web application vulnerability. This add-on is incredibly useful for detecting XSS vulnerabilities in web applications. XSS-Me is used to find reflected XSS vulnerabilities from a browser. It scans all forms of the page, and then performs an attack on selected pages with pre-defined XSS payloads. After the scan is complete, it lists all the pages that rendered a payload, and may be vulnerable to XSS attack. Then, you can manually test the web page to determine whether or not the vulnerability exists. Add XSS ME to Firefox: https://addons.mozilla.org/en-us/firefox/addon/xss-me/ 11. Passive Recon Last but not the least, Passive Recon is an information gathering tool. Passive Recon provides information security professionals the ability to perform “packetless” discoveries of target resources utilizing publicly available information. It gathers information in the same manner as DnsStuff tool, available on backtrack. Add PassiveRecon to Firefox: https://addons.mozilla.org/en-US/firefox/addon/passiverecon/ That’s all for today. I hope you’re enjoying your journey towards becoming a Professional Hacker. Have fun! Keep learning.

Website Information Gathering with Red Hawk on Kali.

Welcome back hackers and pentesters to a tutorial on an all in one information gathering, and vulnerability analysis with a linux tool called Red Hawk. Recon and mapping out our target is a key step before we begin to hack or exploit anything. This tool helps automate this by seeing what our targeted site is running and if there are any exploits for it. Lets install it from our terminal and change to its directory, and then run it: git clone github.com/Tuhinshubhra/RED_HAWK Then change to red hawk directory: cd RED_HAWK Now lets run it: php rhawk.php

Now enter your website and hit enter. Then specify between whether it uses http or https. We now have options of what we would like red hawk to search for. we are going to go with option one. As mapping out our target site is one of the first steps in pentesting, using red hawk can easily help speed up this process by having these tools in one place.

As you can see red hawk has scanned our target site. From these we learned the target site does not use cloudflare ddos protection, runs Pepyaka version 1.13.10 ect. This is all useful information for mapping out target and from there trying to find ways we can attack. To use it agin just enter php rhawk.php from the same terminal. if you closed it change directories to RED_HAWK/ agin. Thats all for today folks, get to scanning !

Oracle Java 8 was released yesterday and it can be installed in Debian by using the WebUpd8 Java PPA repository.

Usually, the packages available in Launchpad PPAs don't support Debian because they are built against specific Ubuntu libraries, but since the WebUpd8 Oracle Java PPA contains just an installer, it works on Debian too.

Using this PPA repository, you'll be able to install Oracle Java 8 (which includes both JRE8 and JDK8) in Debian for both 32bit and 64bit as well as ARM (ARM v6/v7 Hard Float ABI - there's no JDK 8 ARM Soft Float ABI archive available for download on Oracle's website).

The installer automatically downloads and installs Oracle JDK8, but no actual Java files are available in our repository (that's not allowed by the Oracle Java license).

For Ubuntu / Linux Mint installation instructions, see: Install Oracle Java 8 In Ubuntu Via PPA Repository [JDK8]

Install Oracle Java 8 (both JDK8 and JRE8) in Debian

Tested on Debian Wheezy but it should work with any Debian version

To add the WebUpd8 Oracle Java PPA repository and install Oracle Java 8 in Debian, use the following commands:

su -
echo "deb http://ppa.launchpad.net/webupd8team/java/ubuntu xenial main" | tee /etc/apt/sources.list.d/webupd8team-java.list
echo "deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu xenial main" | tee -a /etc/apt/sources.list.d/webupd8team-java.list
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EEA14886
apt-get update
apt-get install oracle-java8-installer
exit

And that's it, Oracle Java 8 should now be installed and you should get automatic updates for future Oracle Java 8 versions, under Debian.

-----------------------------------------------------------
Update October 20, 2016:

Previously, this package would increment the Java priority to make it default. The oracle-java8-installer package now sets the Java priority to 1081, and that may or may not set it as default, depending on other Java packages you may have installed (for instance, if Java 7 is also installed, Java 8 becomes default, but if Java 9 is installed, Java 8 doesn't become default).

To make Java 8 default, you must install the "oracle-java8-set-default" package (which configures the Java environment variables and sets it as default), which I added as a "Recommended" package to "oracle-java8-installer".

For instance, in Ubuntu, recommended packages are automatically installed, so "oracle-java8-set-default" should be installed when installing "oracle-java8-installer". In Linux Mint on the other hand, recommended packages are not installed by default, so you must install this package manually if you want to set Oracle Java 8 as default.

So, if you want to set Oracle Java 8 as default, no matter what other Java versions are installed, make sure that you install the oracle-java8-set-default package (which, again, should be automatically installed with the main Oracle Java Installer package in Ubuntu, but not in Linux Mint):

sudo apt-get install oracle-java8-set-default

If you don't want to make Oracle Java 8 default (it might still be set as default, depending on what other Java versions you may have installed), install the oracle-java8-installer with "--no-install-recommends":

sudo apt-get install --no-install-recommends oracle-java8-installer

Note: removing the oracle-java8-set-default package does not undo all the changes (I have yet to find a way to do this properly). If you don't want to set it as default, remove both oracle-java8-installer and oracle-java8-set-default packages, and then install oracle-java8-installer with "--no-install-recommends" (like mentioned above).

-----------------------------------------------------------

Tip: if you're behind a firewall / router that blocks some of the redirects required to download the Oracle Java archive, you can download the JDK tar.gz archive manually and place it under /var/cache/oracle-jdk8-installer - then, installing the "oracle-java8-installer" package will use the local archive instead of trying it to download it itself.

After installing Oracle Java and the "oracle-java8-set-default" package, you can check out the Java version on your system by using these commands:

java -version

This should display something like this:

java version "1.8.0_111"
Java(TM) SE Runtime Environment (build 1.8.0_111-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.111-b14, mixed mode)

Or:

javac -version

Which should display something like this:

javac 1.8.0_111

For how to install Oracle Java 7 in Debian, see THIS article.

For Oracle Java 9, see THIS article.

How to accept the Oracle JDK8 license automatically

The Oracle Java 8 installer requires you to accept the Oracle license before the installation begins. If for some reason you want to accept the license automatically, you can use the following command:

echo oracle-java8-installer shared/accepted-oracle-license-v1-1 select true | sudo /usr/bin/debconf-set-selections

Update: if the command above doesn't work, use the following (thanks to Adam!):

echo oracle-java8-installer shared/accepted-oracle-licence-v1-1 boolean true | sudo /usr/bin/debconf-set-selections