WeepingDogel
Posts Tags Categories Friends About Me
English
WeepingDogel

Contents

Contents

Building the Perfect Penetration Testing Environment with Arch Linux

WeepingDogel avatarWeepingDogel  included in  category Penetration Testing
     1315 words   6 minutes 
Using Arch Linux + BlackArch repositories to build a penetration testing environment.

Arch Linux is a general-purpose x86_64 GNU/Linux distribution that uses a rolling release model, striving to provide users with the latest stable software.

Hehe, if you don’t roll for a long time, you might break your system~

A freshly installed Arch is just a basic system with nothing. Users can then install the software they need according to their own ideas and preferences, and through highly customizable configuration, create their ideal system. This is what makes Arch lovely and attractive. That’s also why Arch is one of my favorite distributions.

For more details about Arch Linux, please refer to the Arch Wiki.

About This Article

This article will demonstrate how to build the perfect penetration testing environment with Arch Linux. All operations are for tutorial demonstration purposes. Please operate according to your actual situation. Users who haven’t used Arch Linux before should operate with caution and carefully consult the Arch Wiki.

So, let’s begin!

This article will make extensive use of Arch Wiki hyperlinks for easier understanding of some content.

This article will not detail the installation process of Arch Linux. Please refer to the Arch Wiki to install Arch Linux and complete basic configuration.

Since some operations in penetration testing consume a lot of resources, please try to choose a lightweight desktop environment based on your needs. Using GNOME and KDE is not recommended here, as both consume a lot of resources and are not friendly to low-spec users.

  1. LXDE

    • Lightweight GTK desktop environment. Default window manager is OpenBox. One of the lightest desktop environments.

  2. LXQT

    • In 2013, PCMan started a project to port LXDE to Qt. So LXQT is essentially LXDE using Qt. Default window manager is still OpenBox. It’s even lighter than LXDE.

  3. xfce4

    • The desktop environment I’m currently using. Based on GTK+2. It’s the best-looking among lightweight desktop environments.

  4. i3wm

    • i3 is a dynamic tiling window manager inspired by wmii for developers and advanced users. i3’s stated goals include clearly readable documentation, comprehensive multi-monitor support, tree-based window management, and vim-like operation modes. — From Arch Wiki

  5. DIY your own desktop environment

    • You can use OpenBox, fluxbox, i3wm, etc., to DIY your own desktop environment through configuration.

This article will also use a custom desktop environment for demonstration.

OpenBox + xfce4-panel

After basic Arch Linux configuration is complete, you can start using it normally. But to install penetration testing tools, you need to add a BlackArch software repository.

BlackArch Linux is an Arch-based Linux distribution designed for system penetration testing and security research. BlackArch provides a self-starting DVD image containing multiple lightweight window managers and over a thousand specialized tools for penetration testing and computer forensic analysis.

BlackArch official website: blackarch.org

As mentioned above, BlackArch is an independent distribution based on Arch Linux, but we don’t need to install it — we just need to add its repository.

Here’s how to do it:

$ sudo nano /etc/pacman.conf # Edit pacman.conf

Add the following content at the end of the pacman.conf file:

[blackarch]
SigLevel = Optional TrustAll
Server = https://mirrors.ustc.edu.cn/blackarch/$repo/os/$arch

Then run:

$ sudo pacman -Syyu

If everything is fine, the BlackArch repository is now available.

First up is Nmap, a very commonly used scanning tool that can scan the target’s IP, ports, operating system, etc. during penetration testing.

$ sudo pacman -S nmap
$ nmap <target IP> # Simple scan
$ sudo nmap -O <target IP> # Scan target's operating system
$ sudo nmap -sP <target IP> # Ping scan

This scanning tool is cooler than Nmap, with nicer colors and very simple usage — even simpler than Metasploit.

$ sudo pacman -S xerosploit
$ sudo xerosploit

Then run help to see the built-in help documentation.

This command is used to look up domain records, such as CNAME, A records, etc. It’s included in the dnsutils package.

$ sudo pacman -S dnsutils

An internal network scanning tool that can check if there are active IPs within an IP range. It’s faster than nmap but can only be used on local networks.

$ sudo pacman -S nbtscan
  • Basic scan
$ sudo nbtscan -r 192.168.16.0/24

A packet capture tool that requires Java dependencies.

$ sudo pacman -S burpsuite

Burpsuite has a graphical interface. You can find usage tutorials through search engines.

A brute force cracking tool — Chinese name “九头蛇” (nine-headed snake). Very powerful.

$ sudo pacman -S hydra
  • Brute forcing SSH port
$ hydra -l <username> -P <password dictionary.txt> -v -e ns -t <threads> <target IP> ssh

A powerful password dictionary generator.

$ sudo pacman -S crunch

Special characters in Crunch:

'%' insert numbers
'@' insert lowercase letters
',' insert uppercase letters
'^' insert symbols

Generate all combinations of 1 to 8 characters from 26 lowercase letters:

$ crunch 1 8 >> 1.txt

Generate all combinations of 1 to 4 characters from the letters abcd:

$ crunch 1 4 abcd >> 2.txt

Generate all password combinations from elements “yale” and “test”:

$ crunch 4 5 -p yale test

This is the most important tool. Without it, internal network penetration testing cannot be fully conducted.

$ sudo pacman -S metasploit

After installation, run:

$ sudo msfconsole

When starting msf, do you see three error lines? This is caused by not connecting to the database.

$ sudo pacman -S postgresql

After installation, a new user called postgres will be created. We need to set a password for it.

$ sudo passwd postgres

Then initialize the database:

$ sudo su - postgres -c "initdb --locale en_US.UTF-8 -E UTF8 -D '/var/lib/postgres/data'"

After initialization, start the database:

$ sudo systemctl start postgresql

Next, switch to the postgres user:

$ sudo su postgres

Run psql:

$ psql

Create a new database user, for example msf4:

postgres=# CREATE USER msf4 WITH PASSWORD '123456';

Create the corresponding database:

postgres=# CREATE DATABASE msfdb OWNER msf4;

Grant all permissions to msf4:

postgres=# GRANT ALL PRIVILEGES ON DATABASE msfdb TO msf4;

Exit psql:

postgres=# \q

Create a Linux regular user with the same name as the database user, e.g., msf4:

$ sudo useradd msf4

Enter msf and connect to the database:

msf5> db_connect msf4:[email protected]/msfdb

Then check if the connection was successful:

msf5 > db_status
[*] Connected to msf3. Connection type: postgresql. Connection name: DFz5oEX3.

After successful connection, don’t forget to save and enable PostgreSQL auto-start:

msf5 > db_save
$ sudo systemctl enable postgresql

Refer to this article.

You can also find more tutorials through search engines.

A powerful web injection tool. Usage can be found through search engines.

$ sudo pacman -S sqlmap

A powerful DNS hijacking tool. It comes in command-line and graphical versions, but you can only install one, otherwise they’ll conflict.

Command-line version:

$ sudo pacman -S ettercap

Graphical version:

$ sudo pacman -S ettercap-gtk

What’s this doing here? Isn’t this for building websites? Haha, actually it’s used to assist Ettercap. When you hijack the target’s DNS, it will forcibly resolve to your IP, and Apache can run a static webpage (HTML) on your machine.

$ sudo pacman -S apache

Start Apache:

$ sudo systemctl start httpd

The web root directory is /srv/http/.

An ordinary Arch Linux system with the BlackArch repository imported can be considered a perfect penetration testing environment. The above are just common tools. The BlackArch repository contains thousands of tools — whatever you need, you can download and install via pacman.

Finally, thank you for visiting.

Updated on 2019-07-31
Read markdown
 NotesLinuxArch LinuxPenetration TestingHackers
 | Home