Building Your Penetration Testing Lab Pt. 2

Truth Be told, Kali Linux has just about every tool we’ll need. However, there are a few additional programs that will be great for us to have.

First, we’ll install Tenable Security’s Nessus Home vulnerability scanner. This scanner is free for home use only (you’ll see a description of limitations on the Nessus website).

Use the following steps to install Nessus Home from within Kali:

  1. Open Applications> Internet> Iceweasel Web Browser and enter in the address bar. Complete the Register for an Activation Code information and click Register. (Use a real email address—you’ll need the activation code later.)
  2. Once you reach the Downloads page, choose the latest version of Nessus for the Linux Debian 32-bit platform and download it to your root directory (the default down- load location).
  3. Open a Linux terminal (click the terminal icon at the top of the Kali screen) to open a root prompt.
  • Enter ls to see a list of the files in your root directory. You should see the Nessus file that you just downloaded.
  • Enter dpkg -i followed by the name of the file you downloaded (you can type the first letter of the filename and press tab to use tab completion) and press enter to begin the install process. Installation may take a while as Nessus processes various plugins. Progress is shown by a line of hash symbols (#).

Selecting previously unselected package nessus.

(Reading database … 355024 files and directories currently installed.) Unpacking nessus (from Nessus-5.2.5-debian6_amd64.deb) …

Setting up nessus (5.2.5) …

nessusd (Nessus) 5.2.5 [build N25109]  for  Linux Copyright (C) 1998 – 2014 Tenable Network Security, Inc

Processing the Nessus plugins…

[###########                                                                                      ]

  • Once you’re returned to the root prompt with no errors, Nessus should be installed, and you should see a message like this.

All plugins loaded

Fetching the newest plugins from… Fetching the newest updates from…

Done. The Nessus server will start processing these plugins within a minute

nessusd (Nessus) 5.2.5 [build N25109]  for  Linux Copyright (C) 1998 – 2014 Tenable Network Security, Inc

Processing the Nessus plugins… [##################################################]

All plugins loaded

  • You can start nessusd by typing /etc/init.d/nessusd start

Then go to https://kali:8834/ to configure your scanner

  • Now enter the following to start Nessus.

root@kali:~# /etc/init.d/nessusd start

  • Open the URL https://kali:8834/ in the Iceweasel web browser. You should see a SSL certificate warning, similar to that in Figure 1-10.

  no t e        If you access Nessus from outside the Iceweasel browser in Kali, you will need to go to

https://<ipaddressofKali>:8834 instead.

Figure 1-10: Invalid SSL certificate warning

  • Expand I Understand the Risks and click Add Exception. Then click

Confirm Security Exception, as shown in Figure 1-11.

Figure 1-11: Confirming the security exception

  1. Click Get Started at the bottom left of the opening Nessus page and enter a username and password on the following page. I’ve chosen georgia:password for my example. If you choose something else, remember it because we’ll use Nessus in Chapter 6. (Note that I use poor passwords throughout this book, as will many clients you encounter. In production, you should use much better passwords than password.)
  2. At the next page, enter the activation code you received via email from Tenable Security.
  3. Once registered with Tenable Security, choose the option to download plugins (downloading will take some time). Once Nessus processes the plugins, it will initialize.

When Nessus finishes downloading plugins and configuring the soft- ware, you should see the Nessus login screen, as shown in Figure 1-12. You should be able to use the credentials for the account you created during setup to log in.

Figure 1-12: Login screen of the Nessus web interface

To close Nessus, just close its tab in the browser. We will come back to Nessus in Chapter 6.

Installing Additional Software

We’re not done yet. Follow these instructions to complete your Kali Linux install.

The Ming C Compiler

We need to install a cross compiler so we can compile C code to run on Microsoft Windows systems. The Ming compiler is included in the Kali Linux repositories but is not installed by default. Install it with this command.

root@kali:~# apt-get install mingw32


We’ll use the Hyperion encryption program to bypass antivirus software. Hyperion is not currently included in the Kali repositories. Download Hyperion with wget, unzip it, and compile it with the Ming cross compiler you installed in the previous step, as shown in Listing 1-2.

root@kali:~# wget

root@kali:~# unzip

Archive: creating: Hyperion-1.0/

creating: Hyperion-1.0/FasmAES-1.0/

root@kali:~# i586-mingw32msvc-c++ Hyperion-1.0/Src/Crypter/*.cpp -o hyperion.exe


Listing 1-2: Installing Hyperion


Veil-Evasion is a tool that generates payload executables you can use to bypass common antivirus solutions. Install Veil-Evasion Kali (see Listing 1-3) by first downloading it with the command wget. Next, unzip the downloaded file and change to the Veilmaster/setup directory. Finally, enter ./ and follow the default prompts.

root@kali:~# wget

–2015-11-26 09:54:10–


2015-11-26 09:54:14 (880 KB/s) – `’ saved [665425]

root@kali:~# unzip

Archive: 948984fa75899dc45a1939ffbf4fc0e2ede0c4c4

creating: Veil-Evasion-master/


inflating: Veil-Evasion-master/tools/ root@kali:~# cd Veil-Evasion-master/setup root@kali:~/Veil-Evasion-master/setup# ./


[Web]: | [Twitter]: @veilevasion


[*] Initializing Apt Dependencies Installation


Do you want to continue? [Y/n]? Y

snip— root@kali:~#

Listing 1-3: Installing Veil-Evasion


Ettercap is a tool for performing man-in-the-middle attacks. Before run- ning it for the first time, we need to make a couple of changes to its config- uration file at /etc/ettercap/etter.conf. Open its configuration file from a Kali root prompt in the nano editor.

root@kali:~# nano /etc/ettercap/etter.conf

First change the userid and groupid values to 0 so Ettercap can run with root privileges. Scroll down to where you see the following lines in the file. Replace whatever values you see following the equal signs (=) with a 0.


ec_uid = 0                                      #  nobody  is  the default

ec_gid = 0                                      #  nobody  is  the default

Now scroll down to the Linux section of the file and uncomment (remove the leading #  characters) before the two lines shown at u and v in Listing 1-4 to set Iptables firewall rules to redirect the traffic.


#         Linux


# if you use ipchains:

#redir_command_on = “ipchains -A input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT


#redir_command_off = “ipchains -D input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT


# if you use iptables:

uredir_command_on = “iptables -t nat -A PREROUTING -i %iface -p tcp –dport %port -j REDIRECT       –to-port %rport”

vredir_command_off = “iptables -t nat -D PREROUTING -i %iface -p tcp –dport %port -j REDIRECT       –to-port %rport”

Listing 1-4: Ettercap configuration file

Save and exit the file by pressing ctrl-X and then Y to save the changes.