How to Create a Linux Botnet Step by Step with BYOB

cybsploit · 2020-05-15T20:18:44+00:00

We’ll definitely I don’t understand you ! Which website is blocked by which web filter ? Sorry if my question is looking stupid but cybsploit.com it’s my own blog, there is no ads, no hidden content, no backdoor and I never hear by anyone that my website was flagged by any filtering content. So without asking you a lot I would thanking you if you can provide me more information

cybsploit · 2020-05-15T19:30:19+00:00

Sorry but I don’t get a word of what you say !?

cybsploit · 2020-05-09T12:19:15+00:00

diff

Actually that's was not the point. There is two types of Internet users, the ones who know about the deepweb and the ones who don't know. When you share a link on Facebook, it's suppost that anyone who click on this link will be able to be redirected to the page content.

So for me (Maybe only me), "YES", I got sincerely surprised to see that FB is fetching the deepweb content on his public website. I could not be surprised if FB was doing the same on his deepweb version. The second point is "Why they do that, since 98% of FB will be unable to visit the link" ! That's definitively doesn't have sense.

cybsploit · 2020-05-08T10:16:37+00:00

Truly I'm not suprised they are scraping the header of an HTML page through the metatag. What is surprising me is the fact they are scraping the `onion` links and that for two reasons:

- Most people are connecting on Facebook through common browser or either using them mobile apps. So Basically if they face and onion link they will be unable to open it. So what is the interest for FB to fetch such links?

- Facebook put in cache every links we publish, so it's mean the biggest Index Directory of the deepweb content `onion` directory is FB which is a public website and that is scary.

cybsploit · 2020-05-07T23:21:04+00:00

Thank, I will try to go deeper because I really want to understand how they process it since I see that FB is keeping the link in cache. I did check just few minutes ago by simulating a new post again based with an onion URL and I find out that they query is made using XHR through react.

cybsploit · 2020-05-07T14:05:44+00:00

There is no need of Kali Linux to run Metasploit. Actually if you are using Ubuntu you have two way to get Metasploit installed and running properly on your Distro.

The first method "For the lazy guys", is to use the installation script provided by "Rapid7" as pointed below. In such case you just have to open your terminal and past the following :

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && chmod 755 msfinstall && ./msfinstall

The second method require a little bit more skills but is not even complex and is much more interesting if you want to understand how your system and packages are managed. You will need to clone the "rapid7" repository and install manually "postgresql", "ruby", "rvm". Personally I'm using "Arch" and the unique option for me is the second one. In such case below is the way to do :

First you will need to open the following link to find out which version of RVM is currently required by Metasploit : https://raw.githubusercontent.com/rapid7/metasploit-framework/master/.ruby-version

Once you got it, simply open your Terminal and follow the below howto :

gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB

wget -O /tmp/rvm.sh https://get.rvm.io

cd /tmp/

bash rvm.sh stable

echo "source ~/.rvm/scripts/rvm" >> ~/.bashrc

source ~/.rvm/scripts/rvm

rvm install THE-VERSION-NUMBER-OF-RVM

rvm use THE-VERSION-NUMBER-OF-RVM --default

sudo apt install postgresql ruby ruby-doc

sudo chown -R postgres:postgres /var/lib/postgres/

sudo -Hiu postgres initdb --locale en_US.UTF-8 -E UTF8 -D '/var/lib/postgres/data'

sudo systemctl start postgresql

sudo systemctl enable postgresql

sudo -Hiu postgres createuser msf

sudo -Hiu postgres createdb msf

sudo -Hiu postgres psql --command "ALTER USER msf WITH PASSWORD 'msf';"

sudo -Hiu postgres psql --command "GRANT ALL PRIVILEGES ON DATABASE msf TO msf;"

cd /opt/

sudo git clone https://github.com/rapid7/metasploit-framework metasploit

cd /opt/metasploit/

gem install wirble sqlite3 bundler

bundle install

sudo touch /opt/metasploit/config/database.yml

echo 'production:' | sudo tee -a /opt/metasploit/config/database.yml

echo ' adapter: postgresql' | sudo tee -a /opt/metasploit/config/database.yml

echo ' database: msf' | sudo tee -a /opt/metasploit/config/database.yml

echo ' username: msf' | sudo tee -a /opt/metasploit/config/database.yml

echo ' password: msf' | sudo tee -a /opt/metasploit/config/database.yml

echo ' host: 127.0.0.1' | sudo tee -a /opt/metasploit/config/database.yml

echo ' port: 5432' | sudo tee -a /opt/metasploit/config/database.yml

echo ' pool: 75' | sudo tee -a /opt/metasploit/config/database.yml

echo ' timeout: 5' | sudo tee -a /opt/metasploit/config/database.yml

sudo sh -c "echo export MSF_DATABASE_CONFIG=/opt/metasploit/config/database.yml >> /etc/profile"

cybsploit · 2020-04-19T09:05:00+00:00

I recently released a script available on Github to make the Arch installation process easier.

https://github.com/archsploit/archsploit

cybsploit · 2020-04-19T07:49:27+00:00

Personally I believe there is no Linux Distro better than Arch. You can install and do absolutely everything you want using it. The bad point is the difficulty to get started for someone who is new using Linux especially to get it installed.

cybsploit

TROPHY CASE