How to Use Null Byte to Study to Become a Professional Hacker

Many newbie hackers, new to both hacking and Null Byte, have written me in recent weeks asking where and how they should begin their hacking studies here. I'd like to dedicate this tutorial on how to use Null Byte to systematically study hacking, so that you too can "Hack Like a Pro."

 

 

Getting Started

Probably first and foremost, you must install Kali Linux, a Linux distribution designed specifically for hacking. It has hundreds of hacking tools. You can install Kali either as a dual boot system (you can choose to boot into Windows or Kali) or as a Virtual Machine. See how to install Kali on your computer or portable device for further help.
Second, you need to understand Linux. Nearly all of the hacks are using Linux and for good reason. If you are wondering why we need to use Linux rather than Windows, read this article on why every hacker should know and use Linux. To gain a minimal mastery of Linux, you should read my 23-part "Linux Basics for the Aspiring Hacker" series. After mastering those skills, you are ready to begin to study hacking.
In addition, if you are wondering what skills you need to become a hacker, check out "The Essential Skills to Becoming a Master Hacker" for more info.

Finding Specific Articles

If you are interested in a specific subject, such as, say, "how to DoS a Wi-Fi access point," you can use the search function at the top of the page. If you only want articles from Null Byte, first make sure that you're in the Null Byte world, then enter something such as "DoS Wi-Fi" into the text field, similar to how you would search using Google on the Internet.

Find a Hacking Series

I have developed several series on specific hacking subjects that you can follow to build your knowledge and skills. Among the most popular is the aforementioned "Linux Basics for the Aspiring Hacker," but I have series on reconnaissance, password cracking, Wi-Fi hacking, forensics, Metasploit, scripting, and more. You can find the links to all of the series by clicking on the "How-To" button at the top of the page in the Null Byte world.
Here are the links to the most popular series.

• Linux Basics
• Reconnaissance
• Wi-Fi Hacking
• Password Cracking
• Digital Forensics and Digital Forensics with Kali
• Metasploit Basics
• Database Hacking
• Scripting for Hackers

Hacking for Newbies

For those of you who need a systematic approach for hacking, take a look at the article titled "Hacking for Newbies." It walks you through the hacking process with references to the appropriate articles.

Advanced Hacking

I recently began a new series for the more advanced hackers titled "How to Build Your Own Exploits." Keep in mind that this is not for the uninitiated. You should have extensive experience in hacking, scripting, and a programming language or two.
Soon, I will be developing a series on Mobile Hacking and VoIP Hacking that should also prove useful and interesting.
I hope this article helps those of you new to Null Byte and those of you who have been part of this community for awhile but were not certain how to navigate through all this information.
If you have any questions on a topic unrelated to this article, please use the Forum to ask them instead of PMing me. There is a big community here, and you are likely to receive a more immediate answer using the Forum.

null-byte

Cách xóa thư mục windows.old trong win 7 8 8.1 10 đơn giản

Windows.old trong ổ C là gì?

Windows.old là 1 thư mục xuất hiện khi chúng ta cài lại windows nhưng không tiền hành format ổ hệ thống(thường là ổ C), hoặc khi cài windows trực tiếp từ ổ cứng. Tùy theo từng máy mà file này có thể lớn hay nhỏ. Đây là 1 thư mục giúp backup lại những dữ liệu của hệ điều hành trước, nên nếu bạn còn quên chưa copy file nào qua ổ E hoặc D thì có thể vào thư mục này để lấy sau khi cài lại windows.

Tuy nhiên sau khi backup hết dữ liệu rồi thì các bạn cũng nên xóa thư mục này đi vì nó không cần thiết và tốn khá nhiều dung lượng của ổ C. Nếu sử dụng phương pháp bình thường delete file này thì hệ thống sẽ không cho phép bạn làm điều đó. Mà phải xóa thông qua công cụ của windows hoặc bằng lệnh.

Trong bài này vforum.vn sẽ hướng dẫn các bạn cách xóa thư mục windows.old này trên cả windows 7 8 8.1 XP win 10(vì cách làm giống hệt nhau) bằng 2 phương pháp.

Cách 1: Xóa windows.old bằng công cụ Disk Cleanup có sẵn của windows.

Đây là cách đơn giản nhất mà bạn không cần phải dùng lệnh gì và cũng có thể dễ dàng nhớ thao tác để sử dụng cho lần sau, thay vì dùng những dòng lệnh khá khó nhớ.

Trước tiên vào My Computer click chuột phải vào ổ đĩa C(hoặc ổ đĩa bạn cài windows có chưa windows.old) chọn Properties

Tại đây sẽ có 1 công cụ Disk Cleanup ở ngay phần biểu đồ dung lượng click chọn: Disk Cleanup

Sau khi hệ thống quét trong giây lát các bạn tiếp tục click vào phần Clean up system files

Lần này sau khi quét xong những file thừa trong windows sẽ được công cụ này phát hiện và gợi ý cho người dùng. Tuy nhiên không phải file nào các bạn cũng xóa được. Mà chỉ nên check vào phần: Previous Windows installion(s) --> Đây chỉ là phần phiên bản windows trước đó tức là file windows.old

Tiến hành chọn OK để hệ thống xóa file và vào ổ C để kiểm tra lại kết quả xem con không.


2. Xóa windows old sử dụng dòng lệnh CMD
Có 1 cách thứ 2 khá đơn giản, tuy nhiên các bạn sẽ phải sử dụng dòng lệnh. Mở CMD lên với quyền Administrator bằng cách search cmd và click chuột phải chọn Run as adminitrator.

Đây là hướng dẫn trên win 7, trên windows 8 8.1 10 cũng làm tương tự

Sau khi mở được CMD tiến hành copy dòng lệnh

RD /S /Q %SystemDrive%\windows.old

Sau đó click chuột phải vào CMD(chứ không Ctrl+V được) chọn Paste để dán dòng lệnh này vào thay vì phải đánh.

Nhấn OK để hệ thống xử lý

Và kiểm tra lại thư mục windows.old của bạn đã được xóa chưa.

vforum

The History of SQL Injection, the Hack That Will Never Go Away

One of the hackers suspected of being behind the TalkTalk breach, which led to the personal details of at least 150,000 people being stolen, used a vulnerability discovered two years before he was even born.
That method of attack was SQL injection (SQLi), where hackers typically enter malicious commands into forms on a website to make it churn out juicy bits of data. It’s been used to steal the personal details of World Health Organization employees,grab data from the Wall Street Journal, and hit the sites of US federal agencies.

“It’s the most easy way to hack,” the pseudonymous hacker w0rm, who was responsible for the Wall Street Journal hack, told Motherboard. The attack took only a “few hours.”
But, for all its simplicity, as well as its effectiveness at siphoning the digital innards of corporations and governments alike, SQLi is relatively easy to defend against.
So why, in 2015, is SQLi still leading to some of the biggest breaches around?
SQLi was possibly first documented by Jeff Forristal in the hacker zine Phrack. Back then, Forristal went by the handle rain.forest.puppy, but he’s now CTO of mobile security at cybersecurity vendor Bluebox security.

“According to Microsoft, what you’re about to read is not a problem, so don’t worry about doing anything to stop it.”

SQL, or Structured Query Language, is a programming language used to manage databases. In essence, it’s used when a website needs to call up a piece of information from its database, either to process it or present it to a user.
But Forristal had found that typing certain commands would force a server to reveal information stored on it. “People can possibly piggyback SQL commands,” he wrote.
In the December 1998 issue of Phrack, Forristal wrote about a series of issues with a version of Microsoft SQL server. When Forristal’s fellow researcher told Microsoft of the problems, “their answer was, well, hilarious,”he wrote. “According to them, what you’re about to read is not a problem, so don’t worry about doing anything to stop it.”
Today, over 15 years after it was first publicly disclosed, SQLi repeatedly sits at the number one spot of vulnerabilities in the OWASP Top 10 report, which is released every three years by the Open Web Application Security Project (OWASP) Foundation,a non-profit that monitors the threats that websites face.

“SQL injection is always the number one risk. That is a reflection of just how many incidents are out there, as well as other factors that keep it very high up there,” Troy Hunt, founder of breach site haveibeenpwned.com, told Motherboard in a phone interview.
“When you go to a webpage, and you make a request, that parses part of the data in the request back to a server,” Hunt said. “For example, you read a news article, and the news article, in the address bar it has, “id=1”, and that gives you news article number 1, and then you get another one with ID 2.”
But, “with a SQLi attack, an attacker changes that ID in the address bar to something that forces the database to do something it’s not meant to do,” Hunt said, such as returning a piece of private data.
An individual attack might just return one piece or section of info, so an attacker is likely to “repeat it it over and over and over again, as many times as is necessary, so they get every piece of data from the database,” Hunt said.
Naturally, that’s going to be quite time consuming. So, a hacker might use tools that automate the process instead. Those include Havij, which “is popular amongst script kiddies as it’s for Windows and has a [graphical user interface],” Mustafa Al-Bassam, a security researcher and former LulzSec hacker, told Motherboard in an online chat.
Another commonly used piece of software is sqlmap. “It crawls the pages on the website, similar to how a search engine crawler might, looks for input forms on the website, and submits the forms with inputs that might cause a MySQL syntax error,” Al-Bassam added.
When the attacker is looking for a target to hit in the first place, that’s just as simple to automate too.

Image: sqlmap

“They would use Google to search for URLs that are known to be typically associated with scripts that are vulnerable to SQL injection,” Al-Bassam said. “They would typically have a script that goes through all the URLs and tests them automatically to see if they’re vulnerable.”
“You could teach a 4-year-old to do it,” Al-Bassam added, summing up how incredibly easy the whole process is. Indeed, Hunt has uploaded a video of him teaching his 3-year-old son how to carry out an SQLi attack with Havij.
“You put the URL in, here’s all the data out,” Hunt told Motherboard. There are also ample YouTube tutorialson how to carry out an SQLi attack.
The thing is, there are solutions ready to be deployed by website developers to stop SQLi attacks and the unnecessary leaking of customers data or corporate details. And those solutions have been around for years.
One of those is the adoption of “prepared statements”: when SQL commands controlling the database can’t be directly dictated by a user’s input.

If the solutions are fairly straight forward, why are SQLi-based attacks still happening?

“The benefit of prepared statements is that they set the semantics of a query so that any incoming data can’t surprise the developer by including syntax that changes a query intended to retrieve a single row into a query that extracts data from arbitrary tables,” Mike Shema, senior manager, software development engineer from Yahoo!, told Motherboard in an email.
Another is to “use SQL libraries that take care of input sanitization for them,” Al-Bassam suggested. This, in short, scrubs any data entered by the user to remove any potential malicious parts of it.
So, if SQLi is so easy that literally a child could do it, and the solutions are fairly straight forward, why are SQLi-based attacks still happening?
“Any serious programmer should know about SQLi, but there’s a massive shortage of programmers, so companies hire anyone even if they don’t have the right training or experience to mitigate basic vulnerabilities,” Al-Bassam suggested. On top of this, “they’re often put under pressure by their managers to develop functional software rather than secure software.”
Shema from Yahoo! echoed this, and said that “Sometimes small apps with a narrow feature set just need to be written quickly,” meaning that the developers might bypass some of the mitigations for each attacks, despite them being relatively straight forward to implement.
Hunt was slightly less forgiving, and didn’t agree that it was because of pressure from higher management. Instead, he lamented about the large number of tutorials available to web developers online that, instead of providing decent advice, detail how to make systems that are vulnerable to SQLi. “I’ve seen multiple tutorials come up this year that have got blatant SQL injection risks in them,” he said.
So just as script kiddies continue to share their SQLi tutorials on YouTube, there is parallel information sharing going on with website developers. “We’ve got this ability for anyone to stand up, and share their knowledge, and not always get it right,” Hunt said.
Ultimately, the responsibility of the security of these sites, and the data they contain, boils down to web developers themselves. That means SQLi and the breaches it causes will remain, at least for a little while longer.

MurderDeathKill Tool – DoSing Wireless Networks with MDK3

Many of us heard about DDoS attacks ( Distributed Denial-of-service attack ), MDK3 is just that, DoS attack tool, but it is focused on 802.11 service denial.
MDK3 stands for Murder Death Kill 3. And it’s a tool that definitely lives up to its name. Because it’s designed specifically for WLAN environments, MDK3 does a marvelous job at crushing wireless network access by sending floods of traffic all at once. The flood of traffic prevents others from being able to connect.

Imagine you are a CEO of a small business. You’re traveling for work, and connected to the hotel’s WiFi connection. It’s vital that you get some information send out tonight. But what happens when your competitor is sitting in the room next door, and he’s slamming your laptop with mdk3 packets? You won’t be able to get anything done, that’s what. You may lose important contracts as a result. Your business may suffer. So now you see just how dangerous denial of service attacks can be. They don’t destroy data or steal it, but they are perfect tools for reputation assassination.
As a prerequisite, make sure your wireless adapter is in packet injecting mode, otherwise this won’t work right at all.

To put the wifi adapter into packet injecting mode, look at the link above or use the syntax below to get an idea:

airmon-ng start <wireless interface>

 Let’mdk3 usages test our wireless AP, named “WiFi hacking” against wireless DoS attacks. MDK3 is installed by default in the latest versions of Back Track and Kali Linux. To access the tool from Back Track 5 R3, go to Applications -> Back Track -> Stress Testing -> WLAN Stress Testing. Select MDK3 from the list. To access it from Kali Linux, MDK3 should launch with the help menu already printed on the screen. Be sure to go through the list of test modes one by one. Don’t be a shitty security professional, be a damn good one. KNOW how this stuff works. Because while MDK3 is an awesome proof-of-concept tool, it does not have a man page and the help options are somewhat limited. You’re pretty much on your own with this tool. But embrace it and learn this tool the old fashioned way, by trial and error. More verbose help is available by running:

mdk3 –fullhelp

 
SSID Flooding with MDK3
One neat trick that MDK3 can do is SSID flooding, or beacon flooding. What this means is that MDK3 can broadcast hundreds or even thousands of fake access points. Others that are in the area will see all of these fake access points when they go to search for WiFi access points to connect to. As you can probably see, SSID flooding is not denial of service. However, this is still a pretty cool trick. Potentially, you could set up a dedicated computer with a wireless access point and have MDK3 running in SSID flooding mode at all times. You could, in effect, hide your legitimate wireless access point in a sea of fake access points. A sort of security through obscurity to prevent WiFi hacking attacks.

Here is the syntax to enable simple SSID flooding (MDK3 will generate random fake access point names:

mdk3 <interface> b -c 1

Just replace <interface> with the name of your wireless interface. Remember, usually it’s mon0.
The b option tells MDK3 to use beacon/SSID flooding mode.
-c1 tells MDK3 to broadcast all the fake access points on channel 1. (To better hide the fact these are all fake access points, you can try running multiple instances of MDK3 and specify a different channel each time. So we did a few example runs, using 2 beacon flood commands, both gave us great results:

mdk3 mon0 b 

 

and

mdk3 mon0 b -n HaCoder

Authentication Flooding with MDK3
Moving on to MDK3’s actual DOS options, you will first look at authentication flooding, then conclude with deauthentication flooding. The idea behind authentication flooding is simple. Too many authentication requests at one time may cause the wireless access point to freeze up and perhaps stop working entirely ( until someone reboots the thing, that is ).

I will warn you that in my experience, authentication flooding doesn’t always work. Most wireless access points are robust enough to handle an authentication flood from one instance of MDK3. (However, if you had multiple laptops running authentication floods this may work.)

Deauthentication flooding works MUCH better ( that’s why I am saving it for last ) and it doesn’t require the resources that authentication flooding does. So let’s look at authentication flooding. A simple command to do authentication flooding is:

mdk3 <interface> a -a <ap_mac address>

All you need is the AP’s MAC address as you can see above.

Deauthentication Flooding with MDK3
The DoS WiFi hacking technique that works best uses deauthenticate requests rather than faking authentication requests.

mdk3 <interface> d -b blacklist_file

Again, the only thing you need is the target access point’s MAC address. Save that MAC address in a text file and specify it after the -b option. This will sent deauth packets to any and all clients connected to the access point specified in the file. ( You can add more MAC addresses to deauth if you are evaluating multiple APs in range. )

hacoder

Công cụ giải mã mật khẩu miễn phí từ các Password Manager

Một cách tốt nhất giúp người dùng có thể bảo vệ an toàn tài khoản trực tuyến của mình là sử dụng các công cụ quản lý mật khẩu Password Manager. Tuy nhiên, những công cụ tưởng chừng mạnh mẽ này lại trở nên vô dụng nếu tồn tại malware có thể giải mã được mật khẩu mà chúng đang lưu trữ.

Các nhà nghiên cứu vừa mới phát hành một công cụ hacking KeeFarce – có tác dụng giải mã toàn bộ tên người dùng, mật khẩu lưu trữ bởi trình quản lý mật khẩu khá phổ biến KeePass và ghi ra một file.  Hacker thực thi công cụ KeeFarce trên máy tính người dùng đã đăng nhập và mở khóa cơ sở dữ liệu KeePass. Trong điều kiện này, KeeFarce có thể giải mã toàn bộ mật khẩu đã từng lưu trữ.

KeeFarce lấy mật khẩu thông qua kĩ thuật DLL (Dynamic Link Library) injection,  cho phép ứng dụng bên thứ ba giả mạo tiến trình của một ứng dụng khác. Mã độc sẽ được gọi và xuất những nội dung trong cơ sở dữ liệu ra.

Với KeeFarce chỉ dùng để tấn công KeePass, tin tặc còn có thể tạo ra nhiều phần mềm tương tự với các Password Manager khác. Các nhà nghiên cứu cảnh báo rằng hiện tại không có công cụ quản lý mật khẩu nào có thể an toàn trên máy tính đã lây nhiễm malware.

Password Manager vừa có ích lợi vừa có những rủi ro nhất định, người dùng cần hiểu và nắm vững khi sử dụng công cụ này.

Cracking password in Kali Linux using John the Ripper

John the Ripper is a free password cracking software tool. Initially developed for the Unix operating system, it now runs on fifteen different platforms (eleven of which are architecture-specific versions of Unix, DOS, Win32, BeOS, and OpenVMS). It is one of the most popular password testing and breaking programs as it combines a number of password crackers into one package, autodetects password hash types, and includes a customizable cracker. It can be run against various encrypted password formats including several crypt password hash types most commonly found on various Unix versions (based on DES, MD5, or Blowfish), Kerberos AFS, and Windows NT/2000/XP/2003 LM hash. Additional modules have extended its ability to include MD4-based password hashes and passwords stored in LDAP, MySQL, and others. Cracking password in Kali Linux using John the Ripper is very straight forward. In this post, I will demonstrate that.

John the Ripper is different from tools like Hydra. Hydra does blind brute-forcing by trying username/password combinations on a service daemon like ftp server or telnet server. John however needs the hash first. So the greater challenge for a hacker is to first get the hash that is to be cracked. Now a days hashes are more easily crackable using free rainbow tables available online. Just go to one of the sites, submit the hash and if the hash is made of a common word, then the site would show the word almost instantly. Rainbow tables basically store common words and their hashes in a large database. Larger the database, more the words covered.

One of the modes John the Ripper can use is the dictionary attack. It takes text string samples (usually from a file, called a wordlist, containing words found in a dictionary or real passwords cracked before), encrypting it in the same format as the password being examined (including both the encryption algorithm and key), and comparing the output to the encrypted string. It can also perform a variety of alterations to the dictionary words and try these. Many of these alterations are also used in John’s single attack mode, which modifies an associated plaintext (such as a username with an encrypted password) and checks the variations against the hashes.

John also offers a brute force mode. In this type of attack, the program goes through all the possible plaintexts, hashing each one and then comparing it to the input hash. John uses character frequency tables to try plaintexts containing more frequently used characters first. This method is useful for cracking passwords which do not appear in dictionary wordlists, but it takes a long time to run.

John the Ripper uses a 2 step process to cracking a password. First it will use the passwd and shadow file to create an output file. Next, you then actually use dictionary attack against that file to crack it. In short, John the Ripper will use the following two files:

/etc/passwd
/etc/shadow

Cracking password using John the Ripper

In Linux, password hash is stored in /etc/shadow file. For the sake of this exercise, I will create a new user names john and assign a simple password ‘password’ to him.
I will also add john to sudo group, assign /bin/bash as his shell. There’s a nice article I posted last year which explains user creating in Linux in great details. It’s a good read if you are interested to know and understand the flags and this same structure can be used to almost any Linux/Unix/Solaris operating system. Also, when you create a user, you need their home directories created, so yes, go through creating user in Linux post if you have any doubts. Now, that’s enough mambo jumbo, let’s get to business.
First let’s create a user named john and assign password as his password. (very secured..yeah!)

root@kali:~# useradd -m john -G sudo -s /bin/bash
root@kali:~# passwd john
Enter new UNIX password: <password>
Retype new UNIX password: <password>
passwd: password updated successfully
root@kali:~#

Unshadowing password

Now that we have created our victim, let’s start with unshadow commands.

   

The unshadow command will combine the extries of /etc/passwd and /etc/shadow to create 1 file with username and password details. When you just type in unshadow, it shows you the usage anyway.

root@kali:~# unshadow
Usage: unshadow PASSWORD-FILE SHADOW-FILE
root@kali:~# unshadow /etc/passwd /etc/shadow > /root/johns_passwd

I’ve redirected the output to /root/johns_passwd file because I got the ticks for organizing things. Do what you feel like here.

Cracking process with John the Ripper

At this point we just need a dictionary file and get on with cracking. John comes with it’s own small password file and it can be located in /usr/share/john/password.lst. I’ve showed the size of that file using the following command.

root@kali:~# ls -ltrah /usr/share/john/password.lst

You can use your own password lists too or download a large one from Internet (there’s lots of dictionary file in terabyte size).

root@kali:~# john --wordlist=/usr/share/john/password.lst /root/johns_passwd 
Created directory: /root/.john
Warning: detected hash type "sha512crypt", but the string is also recognized as "crypt"
Use the "--format=crypt" option to force loading these as that type instead
Using default input encoding: UTF-8
Loaded 2 password hashes with 2 different salts (sha512crypt, crypt(3) $6$ [SHA512 128/128 SSE2 2x])
Will run 2 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
password         (john)
1g 0:00:00:06 DONE (2015-11-06 13:30) 0.1610g/s 571.0p/s 735.9c/s 735.9C/s modem..sss
Use the "--show" option to display all of the cracked passwords reliably
Session completed
root@kali:~#

 

Looks like it worked. So we can now use john –show  option to list cracked passwords. Note that it’s a simple password that existed in the dictionary so it worked. If it wasn’t a simple password, then you would need a much bigger dictionary and lot longer to to crack it.

root@kali:~# john --show /root/johns_passwd 
john:password:1000:1001::/home/john:/bin/bash

1 password hash cracked, 1 left
root@kali:~#

John the Ripper advanced commands:

Now that we have completed the basics of John the Ripper and cracked a password using it, it’s possibly time to move on to bigger and more complex things. For that you should check the documentation on cracking MODES and examples of John the Ripper usage.

blackmoreops

Install fonts on Linux – Debian, Ubuntu, Kali, Mint – Microsoft TrueType core and many more

Installing fonts is important for those who are multilingual or want to spice up their screen. Many websites uses different fonts and without having to install fonts on Linux, you wont see those, you will see a flat boring default font. I will also show how to reconfigure your fontconfig so that it looks better on your CRT or LCD screen.
This posts shows how you can install fonts and configure them on the following Linux Operating systems:

1. Debian Linux
2. Ubuntu Linux
3. Linux Mint
4. Kali Linux
5. Any Debian or Ubuntu Variant such as Elementary OS

The basic – Microsoft TrueType core Fonts

This package allows for easy installation of the Microsoft True Type Core Fonts for the Web including:

  Andale Mono
  Arial Black
  Arial (Bold, Italic, Bold Italic)
  Comic Sans MS (Bold)
  Courier New (Bold, Italic, Bold Italic)
  Georgia (Bold, Italic, Bold Italic)
  Impact
  Times New Roman (Bold, Italic, Bold Italic)
  Trebuchet (Bold, Italic, Bold Italic)
  Verdana (Bold, Italic, Bold Italic)
  Webdings

You will need an Internet connection to download these fonts if you don’t already have them.

 NOTE: the package ttf-liberation contains free variants of the Times, Arial and Courier fonts. It’s better to use those instead unless you specifically need one of the other fonts from this package.

Install instructions:

First of all let’s check if we even have those fonts in our repositories. I use Kali Linux which is a variant of Debian Linux. If you’re using Kali, you need to add the default official repositories.
Let’s do an apt-cache search:

root@kali:~# apt-cache search ttf-mscorefonts-installer 
ttf-mscorefonts-installer - Installer for Microsoft TrueType core fonts

That means we are good to go. If not, follow the link above to add official repositories for Kali Linux (or if you’re using Debian Linux or Ubuntu Linux (or even Linux Mint variants), go and add official repositories for that.)
Now install Microsoft TrueType core using a single command:

root@kali:~# 
root@kali:~# apt-get install ttf-mscorefonts-installer

(output below)
[shell collapse=”true”]Reading package lists… Done
Building dependency tree     
Reading state information… Done
The following NEW packages will be installed:
  ttf-mscorefonts-installer
0 upgraded, 1 newly installed, 0 to remove and 87 not upgraded.
Need to get 0 B/33.3 kB of archives.
After this operation, 127 kB of additional disk space will be used.
Preconfiguring packages …
Selecting previously unselected package ttf-mscorefonts-installer.
(Reading database … 360406 files and directories currently installed.)
Unpacking ttf-mscorefonts-installer (from …/ttf-mscorefonts-installer_3.4+nmu1_all.deb) …
Processing triggers for fontconfig …
Setting up ttf-mscorefonts-installer (3.4+nmu1) …These fonts were provided by Microsoft "in the interest of cross-
platform compatibility".  This is no longer the case, but they are
still available from third parties.
You are free to download these fonts and use them for your own use,
but you may not redistribute them in modified form, including changes
to the file name or packaging format.
–2014-07-31 11:12:53–  http://downloads.sourceforge.net/corefonts/andale32.exe
Resolving downloads.sourceforge.net (downloads.sourceforge.net)… 216.34.181.59
Connecting to downloads.sourceforge.net (downloads.sourceforge.net)|216.34.181.59|:80… connected.
HTTP request sent, awaiting response… 301 Moved Permanently
Location: http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/andale32.exe [following] –2014-07-31 11:12:54–  http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/andale32.exe
Reusing existing connection to downloads.sourceforge.net:80.
HTTP request sent, awaiting response… 302 Found
Location: http://aarnet.dl.sourceforge.net/project/corefonts/the%20fonts/final/andale32.exe [following] –2014-07-31 11:12:54–  http://aarnet.dl.sourceforge.net/project/corefonts/the%20fonts/final/andale32.exe
Resolving aarnet.dl.sourceforge.net (aarnet.dl.sourceforge.net)… 202.158.214.107, 2001:388:30bc:cafe::c0de
Connecting to aarnet.dl.sourceforge.net (aarnet.dl.sourceforge.net)|202.158.214.107|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 198384 (194K) [application/octet-stream] Saving to: `./andale32.exe’
     0K ………. ………. ………. ………. ………. 25%  220K 1s
    50K ………. ………. ………. ………. ………. 51%  563K 0s
   100K ………. ………. ………. ………. ………. 77%  767K 0s
   150K ………. ………. ………. ………. …       100%  778K=0.4s
2014-07-31 11:12:55 (443 KB/s) – `./andale32.exe’ saved [198384/198384]
–2014-07-31 11:12:55–  http://downloads.sourceforge.net/corefonts/arialb32.exe
Resolving downloads.sourceforge.net (downloads.sourceforge.net)… 216.34.181.59
Connecting to downloads.sourceforge.net (downloads.sourceforge.net)|216.34.181.59|:80… connected.
HTTP request sent, awaiting response… 301 Moved Permanently
Location: http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/arialb32.exe [following] –2014-07-31 11:12:55–  http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/arialb32.exe
Reusing existing connection to downloads.sourceforge.net:80.
HTTP request sent, awaiting response… 302 Found
Location: http://aarnet.dl.sourceforge.net/project/corefonts/the%20fonts/final/arialb32.exe [following] –2014-07-31 11:12:56–  http://aarnet.dl.sourceforge.net/project/corefonts/the%20fonts/final/arialb32.exe
Resolving aarnet.dl.sourceforge.net (aarnet.dl.sourceforge.net)… 202.158.214.107, 2001:388:30bc:cafe::c0de
Connecting to aarnet.dl.sourceforge.net (aarnet.dl.sourceforge.net)|202.158.214.107|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 168176 (164K) [application/octet-stream] Saving to: `./arialb32.exe’
     0K ………. ………. ………. ………. ………. 30%  271K 0s
    50K ………. ………. ………. ………. ………. 60%  580K 0s
   100K ………. ………. ………. ………. ………. 91%  814K 0s
   150K ………. ….                                       100%  765K=0.4s
2014-07-31 11:12:56 (469 KB/s) – `./arialb32.exe’ saved [168176/168176]
–2014-07-31 11:12:56–  http://downloads.sourceforge.net/corefonts/arial32.exe
Resolving downloads.sourceforge.net (downloads.sourceforge.net)… 216.34.181.59
Connecting to downloads.sourceforge.net (downloads.sourceforge.net)|216.34.181.59|:80… connected.
HTTP request sent, awaiting response… 301 Moved Permanently
Location: http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/arial32.exe [following] –2014-07-31 11:12:57–  http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/arial32.exe
Reusing existing connection to downloads.sourceforge.net:80.
HTTP request sent, awaiting response… 302 Found
Location: http://aarnet.dl.sourceforge.net/project/corefonts/the%20fonts/final/arial32.exe [following] –2014-07-31 11:12:57–  http://aarnet.dl.sourceforge.net/project/corefonts/the%20fonts/final/arial32.exe
Resolving aarnet.dl.sourceforge.net (aarnet.dl.sourceforge.net)… 202.158.214.107, 2001:388:30bc:cafe::c0de
Connecting to aarnet.dl.sourceforge.net (aarnet.dl.sourceforge.net)|202.158.214.107|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 554208 (541K) [application/octet-stream] Saving to: `./arial32.exe’
     0K ………. ………. ………. ………. ……….  9%  271K 2s
    50K ………. ………. ………. ………. ………. 18%  497K 1s
   100K ………. ………. ………. ………. ………. 27%  777K 1s
   150K ………. ………. ………. ………. ………. 36%  786K 1s
   200K ………. ………. ………. ………. ………. 46%  799K 1s
   250K ………. ………. ………. ………. ………. 55%  784K 0s
   300K ………. ………. ………. ………. ………. 64%  770K 0s
   350K ………. ………. ………. ………. ………. 73%  801K 0s
   400K ………. ………. ………. ………. ………. 83%  783K 0s
   450K ………. ………. ………. ………. ………. 92%  800K 0s
   500K ………. ………. ………. ………. .         100%  798K=0.8s
2014-07-31 11:12:58 (640 KB/s) – `./arial32.exe’ saved [554208/554208]
–2014-07-31 11:12:58–  http://downloads.sourceforge.net/corefonts/comic32.exe
Resolving downloads.sourceforge.net (downloads.sourceforge.net)… 216.34.181.59
Connecting to downloads.sourceforge.net (downloads.sourceforge.net)|216.34.181.59|:80… connected.
HTTP request sent, awaiting response… 301 Moved Permanently
Location: http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/comic32.exe [following] –2014-07-31 11:12:59–  http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/comic32.exe
Reusing existing connection to downloads.sourceforge.net:80.
HTTP request sent, awaiting response… 302 Found
Location: http://aarnet.dl.sourceforge.net/project/corefonts/the%20fonts/final/comic32.exe [following] –2014-07-31 11:12:59–  http://aarnet.dl.sourceforge.net/project/corefonts/the%20fonts/final/comic32.exe
Resolving aarnet.dl.sourceforge.net (aarnet.dl.sourceforge.net)… 202.158.214.107, 2001:388:30bc:cafe::c0de
Connecting to aarnet.dl.sourceforge.net (aarnet.dl.sourceforge.net)|202.158.214.107|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 246008 (240K) [application/octet-stream] Saving to: `./comic32.exe’
     0K ………. ………. ………. ………. ………. 20%  269K 1s
    50K ………. ………. ………. ………. ………. 41%  499K 0s
   100K ………. ………. ………. ………. ………. 62%  822K 0s
   150K ………. ………. ………. ………. ………. 83%  770K 0s
   200K ………. ………. ………. ……….           100%  769K=0.5s
2014-07-31 11:13:00 (517 KB/s) – `./comic32.exe’ saved [246008/246008]
–2014-07-31 11:13:00–  http://downloads.sourceforge.net/corefonts/courie32.exe
Resolving downloads.sourceforge.net (downloads.sourceforge.net)… 216.34.181.59
Connecting to downloads.sourceforge.net (downloads.sourceforge.net)|216.34.181.59|:80… connected.
HTTP request sent, awaiting response… 301 Moved Permanently
Location: http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/courie32.exe [following] –2014-07-31 11:13:00–  http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/courie32.exe
Reusing existing connection to downloads.sourceforge.net:80.
HTTP request sent, awaiting response… 302 Found
Location: http://aarnet.dl.sourceforge.net/project/corefonts/the%20fonts/final/courie32.exe [following] –2014-07-31 11:13:01–  http://aarnet.dl.sourceforge.net/project/corefonts/the%20fonts/final/courie32.exe
Resolving aarnet.dl.sourceforge.net (aarnet.dl.sourceforge.net)… 202.158.214.107, 2001:388:30bc:cafe::c0de
Connecting to aarnet.dl.sourceforge.net (aarnet.dl.sourceforge.net)|202.158.214.107|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 646368 (631K) [application/octet-stream] Saving to: `./courie32.exe’
     0K ………. ………. ………. ………. ……….  7%  267K 2s
    50K ………. ………. ………. ………. ………. 15%  597K 1s
   100K ………. ………. ………. ………. ………. 23%  801K 1s
   150K ………. ………. ………. ………. ………. 31%  785K 1s
   200K ………. ………. ………. ………. ………. 39%  798K 1s
   250K ………. ………. ………. ………. ………. 47%  769K 1s
   300K ………. ………. ………. ………. ………. 55%  784K 0s
   350K ………. ………. ………. ………. ………. 63%  801K 0s
   400K ………. ………. ………. ………. ………. 71%  740K 0s
   450K ………. ………. ………. ………. ………. 79%  767K 0s
   500K ………. ………. ………. ………. ………. 87%  756K 0s
   550K ………. ………. ………. ………. ………. 95%  784K 0s
   600K ………. ………. ………. .                    100%  791K=1.0s
2014-07-31 11:13:02 (662 KB/s) – `./courie32.exe’ saved [646368/646368]
–2014-07-31 11:13:02–  http://downloads.sourceforge.net/corefonts/georgi32.exe
Resolving downloads.sourceforge.net (downloads.sourceforge.net)… 216.34.181.59
Connecting to downloads.sourceforge.net (downloads.sourceforge.net)|216.34.181.59|:80… connected.
HTTP request sent, awaiting response… 301 Moved Permanently
Location: http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/georgi32.exe [following] –2014-07-31 11:13:02–  http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/georgi32.exe
Reusing existing connection to downloads.sourceforge.net:80.
HTTP request sent, awaiting response… 302 Found
Location: http://aarnet.dl.sourceforge.net/project/corefonts/the%20fonts/final/georgi32.exe [following] –2014-07-31 11:13:03–  http://aarnet.dl.sourceforge.net/project/corefonts/the%20fonts/final/georgi32.exe
Resolving aarnet.dl.sourceforge.net (aarnet.dl.sourceforge.net)… 202.158.214.107, 2001:388:30bc:cafe::c0de
Connecting to aarnet.dl.sourceforge.net (aarnet.dl.sourceforge.net)|202.158.214.107|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 392440 (383K) [application/octet-stream] Saving to: `./georgi32.exe’
     0K ………. ………. ………. ………. ………. 13%  268K 1s
    50K ………. ………. ………. ………. ………. 26%  585K 1s
   100K ………. ………. ………. ………. ………. 39%  822K 1s
   150K ………. ………. ………. ………. ………. 52%  775K 0s
   200K ………. ………. ………. ………. ………. 65%  811K 0s
   250K ………. ………. ………. ………. ………. 78%  768K 0s
   300K ………. ………. ………. ………. ………. 91%  787K 0s
   350K ………. ………. ………. …                  100%  829K=0.6s
2014-07-31 11:13:04 (610 KB/s) – `./georgi32.exe’ saved [392440/392440]
–2014-07-31 11:13:04–  http://downloads.sourceforge.net/corefonts/impact32.exe
Resolving downloads.sourceforge.net (downloads.sourceforge.net)… 216.34.181.59
Connecting to downloads.sourceforge.net (downloads.sourceforge.net)|216.34.181.59|:80… connected.
HTTP request sent, awaiting response… 301 Moved Permanently
Location: http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/impact32.exe [following] –2014-07-31 11:13:04–  http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/impact32.exe
Reusing existing connection to downloads.sourceforge.net:80.
HTTP request sent, awaiting response… 302 Found
Location: http://aarnet.dl.sourceforge.net/project/corefonts/the%20fonts/final/impact32.exe [following] –2014-07-31 11:13:05–  http://aarnet.dl.sourceforge.net/project/corefonts/the%20fonts/final/impact32.exe
Resolving aarnet.dl.sourceforge.net (aarnet.dl.sourceforge.net)… 202.158.214.107, 2001:388:30bc:cafe::c0de
Connecting to aarnet.dl.sourceforge.net (aarnet.dl.sourceforge.net)|202.158.214.107|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 173288 (169K) [application/octet-stream] Saving to: `./impact32.exe’
     0K ………. ………. ………. ………. ………. 29%  261K 0s
    50K ………. ………. ………. ………. ………. 59%  593K 0s
   100K ………. ………. ………. ………. ………. 88%  802K 0s
   150K ………. ………                                  100%  789K=0.4s
2014-07-31 11:13:05 (467 KB/s) – `./impact32.exe’ saved [173288/173288]
–2014-07-31 11:13:05–  http://downloads.sourceforge.net/corefonts/times32.exe
Resolving downloads.sourceforge.net (downloads.sourceforge.net)… 216.34.181.59
Connecting to downloads.sourceforge.net (downloads.sourceforge.net)|216.34.181.59|:80… connected.
HTTP request sent, awaiting response… 301 Moved Permanently
Location: http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/times32.exe [following] –2014-07-31 11:13:06–  http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/times32.exe
Reusing existing connection to downloads.sourceforge.net:80.
HTTP request sent, awaiting response… 302 Found
Location: http://aarnet.dl.sourceforge.net/project/corefonts/the%20fonts/final/times32.exe [following] –2014-07-31 11:13:06–  http://aarnet.dl.sourceforge.net/project/corefonts/the%20fonts/final/times32.exe
Resolving aarnet.dl.sourceforge.net (aarnet.dl.sourceforge.net)… 202.158.214.107, 2001:388:30bc:cafe::c0de
Connecting to aarnet.dl.sourceforge.net (aarnet.dl.sourceforge.net)|202.158.214.107|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 661728 (646K) [application/octet-stream] Saving to: `./times32.exe’
     0K ………. ………. ………. ………. ……….  7%  267K 2s
    50K ………. ………. ………. ………. ………. 15%  571K 1s
   100K ………. ………. ………. ………. ………. 23%  796K 1s
   150K ………. ………. ………. ………. ………. 30%  788K 1s
   200K ………. ………. ………. ………. ………. 38%  779K 1s
   250K ………. ………. ………. ………. ………. 46%  805K 1s
   300K ………. ………. ………. ………. ………. 54%  751K 1s
   350K ………. ………. ………. ………. ………. 61%  838K 0s
   400K ………. ………. ………. ………. ………. 69%  785K 0s
   450K ………. ………. ………. ………. ………. 77%  777K 0s
   500K ………. ………. ………. ………. ………. 85%  806K 0s
   550K ………. ………. ………. ………. ………. 92%  784K 0s
   600K ………. ………. ………. ………. ……    100%  790K=1.0s
2014-07-31 11:13:07 (669 KB/s) – `./times32.exe’ saved [661728/661728]
–2014-07-31 11:13:07–  http://downloads.sourceforge.net/corefonts/trebuc32.exe
Resolving downloads.sourceforge.net (downloads.sourceforge.net)… 216.34.181.59
Connecting to downloads.sourceforge.net (downloads.sourceforge.net)|216.34.181.59|:80… connected.
HTTP request sent, awaiting response… 301 Moved Permanently
Location: http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/trebuc32.exe [following] –2014-07-31 11:13:08–  http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/trebuc32.exe
Reusing existing connection to downloads.sourceforge.net:80.
HTTP request sent, awaiting response… 302 Found
Location: http://aarnet.dl.sourceforge.net/project/corefonts/the%20fonts/final/trebuc32.exe [following] –2014-07-31 11:13:08–  http://aarnet.dl.sourceforge.net/project/corefonts/the%20fonts/final/trebuc32.exe
Resolving aarnet.dl.sourceforge.net (aarnet.dl.sourceforge.net)… 202.158.214.107, 2001:388:30bc:cafe::c0de
Connecting to aarnet.dl.sourceforge.net (aarnet.dl.sourceforge.net)|202.158.214.107|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 357200 (349K) [application/octet-stream] Saving to: `./trebuc32.exe’
     0K ………. ………. ………. ………. ………. 14%  271K 1s
    50K ………. ………. ………. ………. ………. 28%  119K 2s
   100K ………. ………. ………. ………. ………. 43%  496K 1s
   150K ………. ………. ………. ………. ………. 57%  359K 1s
   200K ………. ………. ………. ………. ………. 71% 3.04M 0s
   250K ………. ………. ………. ………. ………. 86%  747K 0s
   300K ………. ………. ………. ………. ……..  100%  791K=1.0s
2014-07-31 11:13:09 (353 KB/s) – `./trebuc32.exe’ saved [357200/357200]
–2014-07-31 11:13:09–  http://downloads.sourceforge.net/corefonts/verdan32.exe
Resolving downloads.sourceforge.net (downloads.sourceforge.net)… 216.34.181.59
Connecting to downloads.sourceforge.net (downloads.sourceforge.net)|216.34.181.59|:80… connected.
HTTP request sent, awaiting response… 301 Moved Permanently
Location: http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/verdan32.exe [following] –2014-07-31 11:13:10–  http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/verdan32.exe
Reusing existing connection to downloads.sourceforge.net:80.
HTTP request sent, awaiting response… 302 Found
Location: http://aarnet.dl.sourceforge.net/project/corefonts/the%20fonts/final/verdan32.exe [following] –2014-07-31 11:13:10–  http://aarnet.dl.sourceforge.net/project/corefonts/the%20fonts/final/verdan32.exe
Resolving aarnet.dl.sourceforge.net (aarnet.dl.sourceforge.net)… 202.158.214.107, 2001:388:30bc:cafe::c0de
Connecting to aarnet.dl.sourceforge.net (aarnet.dl.sourceforge.net)|202.158.214.107|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 351992 (344K) [application/octet-stream] Saving to: `./verdan32.exe’
     0K ………. ………. ………. ………. ………. 14%  273K 1s
    50K ………. ………. ………. ………. ………. 29%  550K 1s
   100K ………. ………. ………. ………. ………. 43%  757K 0s
   150K ………. ………. ………. ………. ………. 58%  807K 0s
   200K ………. ………. ………. ………. ………. 72%  805K 0s
   250K ………. ………. ………. ………. ………. 87%  783K 0s
   300K ………. ………. ………. ………. …       100%  797K=0.6s
2014-07-31 11:13:11 (589 KB/s) – `./verdan32.exe’ saved [351992/351992]
–2014-07-31 11:13:11–  http://downloads.sourceforge.net/corefonts/webdin32.exe
Resolving downloads.sourceforge.net (downloads.sourceforge.net)… 216.34.181.59
Connecting to downloads.sourceforge.net (downloads.sourceforge.net)|216.34.181.59|:80… connected.
HTTP request sent, awaiting response… 301 Moved Permanently
Location: http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/webdin32.exe [following] –2014-07-31 11:13:12–  http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/webdin32.exe
Reusing existing connection to downloads.sourceforge.net:80.
HTTP request sent, awaiting response… 302 Found
Location: http://aarnet.dl.sourceforge.net/project/corefonts/the%20fonts/final/webdin32.exe [following] –2014-07-31 11:13:12–  http://aarnet.dl.sourceforge.net/project/corefonts/the%20fonts/final/webdin32.exe
Resolving aarnet.dl.sourceforge.net (aarnet.dl.sourceforge.net)… 202.158.214.107, 2001:388:30bc:cafe::c0de
Connecting to aarnet.dl.sourceforge.net (aarnet.dl.sourceforge.net)|202.158.214.107|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 185072 (181K) [application/octet-stream] Saving to: `./webdin32.exe’
     0K ………. ………. ………. ………. ………. 27%  266K 0s
    50K ………. ………. ………. ………. ………. 55%  576K 0s
   100K ………. ………. ………. ………. ………. 82%  835K 0s
   150K ………. ………. ……….                      100%  794K=0.4s
2014-07-31 11:13:12 (484 KB/s) – `./webdin32.exe’ saved [185072/185072]
andale32.exe: OK
Extracting cabinet: andale32.exe
  extracting fontinst.inf
  extracting andale.inf
  extracting fontinst.exe
  extracting AndaleMo.TTF
  extracting ADVPACK.DLL
  extracting W95INF32.DLL
  extracting W95INF16.DLL
All done, no errors.
arialb32.exe: OK
Extracting cabinet: arialb32.exe
  extracting fontinst.exe
  extracting fontinst.inf
  extracting AriBlk.TTF
All done, no errors.
arial32.exe: OK
Extracting cabinet: arial32.exe
  extracting FONTINST.EXE
  extracting fontinst.inf
  extracting Ariali.TTF
  extracting Arialbd.TTF
  extracting Arialbi.TTF
  extracting Arial.TTF
All done, no errors.
comic32.exe: OK
Extracting cabinet: comic32.exe
  extracting fontinst.inf
  extracting Comicbd.TTF
  extracting Comic.TTF
  extracting fontinst.exe
All done, no errors.
courie32.exe: OK
Extracting cabinet: courie32.exe
  extracting cour.ttf
  extracting courbd.ttf
  extracting courbi.ttf
  extracting fontinst.inf
  extracting couri.ttf
  extracting fontinst.exe
All done, no errors.
georgi32.exe: OK
Extracting cabinet: georgi32.exe
  extracting fontinst.inf
  extracting Georgiaz.TTF
  extracting Georgiab.TTF
  extracting Georgiai.TTF
  extracting Georgia.TTF
  extracting fontinst.exe
All done, no errors.
impact32.exe: OK
Extracting cabinet: impact32.exe
  extracting fontinst.exe
  extracting Impact.TTF
  extracting fontinst.inf
All done, no errors.
times32.exe: OK
Extracting cabinet: times32.exe
  extracting fontinst.inf
  extracting Times.TTF
  extracting Timesbd.TTF
  extracting Timesbi.TTF
  extracting Timesi.TTF
  extracting FONTINST.EXE
All done, no errors.
trebuc32.exe: OK
Extracting cabinet: trebuc32.exe
  extracting FONTINST.EXE
  extracting trebuc.ttf
  extracting Trebucbd.ttf
  extracting trebucbi.ttf
  extracting trebucit.ttf
  extracting fontinst.inf
All done, no errors.
verdan32.exe: OK
Extracting cabinet: verdan32.exe
  extracting fontinst.exe
  extracting fontinst.inf
  extracting Verdanab.TTF
  extracting Verdanai.TTF
  extracting Verdanaz.TTF
  extracting Verdana.TTF
All done, no errors.
webdin32.exe: OK
Extracting cabinet: webdin32.exe
  extracting fontinst.exe
  extracting Webdings.TTF
  extracting fontinst.inf
  extracting Licen.TXT
All done, no errors.
All fonts downloaded and installed.
root@kali:~#
[/shell]

Note: If you’re behind a proxy server or TOR network, this install might not work, it seems you must be directly connected to Internet.

Similar font package you can also install
Here’s a list of other fonts that you can install, follow is a list of package names, that means you can use

apt-get install <package-name>

to install these

    ttf-liberation
    fonts-liberation
    ttf-uralic
    fonts-uralic
    ttf-root-installer
    ttf-freefont
    ttf-dustin
    ttf-linux-libertine
    fonts-linuxlibertine
    fonts-dustin
    ttf-staypuft

For example:

apt-get install ttf-staypuft

More ways to install fonts (XORG) on Debian, Ubuntu or other Debian (i.e. Kali Linux) based systems

Sometimes you download  .ttf file (a font file) and you want to install it directly. In that case, copy the font file to one of the following directory.

The fonts can be copied in one of this directories:

1. /usr/share/fonts
2. /usr/share/X11/fonts
3. /usr/local/share/fonts
4. ~/.fonts

Here’s how the directories work.
If you want the fonts for everyone on the system (i.e. in a multiuser environment) then put them on /usr/share/fonts.

If you only want the fonts for yourself, then put them on ~.fonts directory of your home folder.
Once you’ve copied the files in correct places, issue the following command to which will read and cache all installed fonts from these directories.

root@kali:~# fc-cache -fv

[shell collapse=”true”] /usr/share/fonts: caching, new cache contents: 0 fonts, 5 dirs
/usr/share/fonts/X11: caching, new cache contents: 0 fonts, 4 dirs
/usr/share/fonts/X11/Type1: caching, new cache contents: 75 fonts, 0 dirs
/usr/share/fonts/X11/encodings: caching, new cache contents: 0 fonts, 1 dirs
/usr/share/fonts/X11/encodings/large: caching, new cache contents: 0 fonts, 0 dirs
/usr/share/fonts/X11/misc: caching, new cache contents: 59 fonts, 0 dirs
/usr/share/fonts/X11/util: caching, new cache contents: 0 fonts, 0 dirs
/usr/share/fonts/cmap: caching, new cache contents: 0 fonts, 5 dirs
/usr/share/fonts/cmap/adobe-cns1: caching, new cache contents: 0 fonts, 0 dirs
/usr/share/fonts/cmap/adobe-gb1: caching, new cache contents: 0 fonts, 0 dirs
/usr/share/fonts/cmap/adobe-janan2: caching, new cache contents: 0 fonts, 0 dirs
/usr/share/fonts/cmap/adobe-japan1: caching, new cache contents: 0 fonts, 0 dirs
/usr/share/fonts/cmap/adobe-korea1: caching, new cache contents: 0 fonts, 0 dirs
/usr/share/fonts/opentype: caching, new cache contents: 0 fonts, 1 dirs
/usr/share/fonts/opentype/cantarell: caching, new cache contents: 2 fonts, 0 dirs
/usr/share/fonts/truetype: caching, new cache contents: 0 fonts, 8 dirs
/usr/share/fonts/truetype/droid: caching, new cache contents: 18 fonts, 0 dirs
/usr/share/fonts/truetype/freefont: caching, new cache contents: 12 fonts, 0 dirs
/usr/share/fonts/truetype/liberation: caching, new cache contents: 16 fonts, 0 dirs
/usr/share/fonts/truetype/lyx: caching, new cache contents: 10 fonts, 0 dirs
/usr/share/fonts/truetype/msttcorefonts: caching, new cache contents: 60 fonts, 0 dirs
/usr/share/fonts/truetype/ttf-dejavu: caching, new cache contents: 21 fonts, 0 dirs
/usr/share/fonts/truetype/ttf-liberation: caching, new cache contents: 16 fonts, 0 dirs
/usr/share/fonts/truetype/ttf-staypuft: caching, new cache contents: 1 fonts, 0 dirs
/usr/share/fonts/type1: caching, new cache contents: 0 fonts, 1 dirs
/usr/share/fonts/type1/gsfonts: caching, new cache contents: 35 fonts, 0 dirs
/usr/X11R6/lib/X11/fonts: skipping, no such directory
/usr/local/share/fonts: caching, new cache contents: 0 fonts, 0 dirs
/root/.fonts: caching, new cache contents: 61 fonts, 0 dirs
/var/cache/fontconfig: cleaning cache directory
/root/.fontconfig: not cleaning non-existent cache directory
fc-cache: succeeded
root@kali:~#
[/shell] Now if you want to list all installed and cached fonts on your system, you need to use fc-list command.Sample output below:

root@kali:~# fc-list

[shell collapse=”true”] /usr/share/fonts/truetype/msttcorefonts/comicbd.ttf: Comic Sans MS:style=Bold,Ne
greta,tučné,fed,Fett,Έντονα,Negrita,Lihavoitu,Gras,Félkövér,Grassetto,Vet,Halvfe
t,Pogrubiony,Negrito,Полужирный,Fet,Kalın,Krepko,Lodia
/root/.fonts/Ubuntu_Bold_Italic.ttf: Ubuntu:style=Bold Italic,Negreta cursiva,fe
d kursiv,Fett Kursiv,Negrita Cursiva,Lihavoitu Kursivoi,Gras Italique,Grassetto
Corsivo,Vet Cursief,Halvfet Kursiv,Pogrubiona kursywa,Negrito Itálico,Fet Kursiv
,Lodi etzana
/usr/share/fonts/X11/Type1/lmtti10.pfb: LMMono10:style=Italic
/usr/share/fonts/truetype/droid/DroidNaskh-Bold.ttf: Droid Sans:style=Bold
/root/.fonts/Neuropolitical.ttf: Neuropolitical,Neuropolitical Rg:style=Regular
/root/.fonts/AvantGarde_LT_Medium.ttf: AvantGarde LT Medium:style=Regular
/usr/share/fonts/truetype/ttf-dejavu/DejaVuSans-Oblique.ttf: DejaVu Sans:style=O
blique
/usr/share/fonts/X11/Type1/lmtko10.pfb: LMMonoLt10:style=BoldOblique
/usr/share/fonts/X11/Type1/s050000l.pfb: Standard Symbols L:style=Regular
/usr/share/fonts/truetype/msttcorefonts/comic.ttf: Comic Sans MS:style=Regular,N
ormal,obyčejné,Standard,Κανονικά,Normaali,Normál,Normale,Standaard,Normalny,Обыч
ный,Normálne,Navadno,Arrunta
/usr/share/fonts/X11/Type1/lmbo10.pfb: LMRomanDemi10:style=Oblique
/usr/share/fonts/truetype/ttf-dejavu/DejaVuSans-BoldOblique.ttf: DejaVu Sans:sty
le=Bold Oblique
/root/.fonts/Zekton.ttf: Zekton:style=Regular
/root/.fonts/Michroma.ttf: Michroma:style=Regular&lt;&lt;&lt;&lt;&lt;output truncated&gt;&gt;&gt;&gt;&gt;&gt;
[/shell]

Configuring Fonts on Linux

Now if you want to reconfigure or configure hows fonts are displayed on your system, you use the following command:

root@kali:~# dpkg-reconfigure fontconfig-config

It will present you with  a series of options where you select what you want.
The first option is if you want Native, Autohinter or None tuning for your fonts.

I’ve selected Native on the above screen and pressed Ok.
On the next screen, it will ask you whether you want to enable subpixel rendering for screen.


Obviously we want that, it makes fonts look a lot better on flat (LCD) screen, at the sametime if you’re using a CRT screen, it might break a few things. So automatic is the way to go. (in my personal case, I should’ve chosed Always and I am using a LCD screen, the choice is yours to make). Press Ok to move to the next screen.

The last screen was asking me whether I want to enable bitmapped fonts by default. I selected Yes … (duh! I wasn’t actually sure, but heck, I can come back anytime and run the dpkg reconfigure command to fix any problems. So why not? )

Choose your option and press Enter.

Do fonts on your screen looks better now?

Downloading and installing a font

During my search I came across this great website that contains free fonts.http://www.dafont.com/
So I decided I want to download a Gothic Font for fun.

root@kali:~# wget http://img.dafont.com/dl/?f=old_london -O old_london.zip

Please note that I used -O old_london.zip file as the output name. It’s because the website doesn’t provide a direct link to the file.


Uncompress the file:

root@kali:~# ls
Desktop  Downloads  old_london.zip  Work
root@kali:~# unzip old_london.zip 
Archive:  old_london.zip
  inflating: OldLondon.ttf           
  inflating: OldLondonAlternate.ttf  
  inflating: Olondon_.otf            
  inflating: Olondona.otf            
root@kali:~#

Move the font files (*.ttf) to /usr/share/fonts folder.

root@kali:~# mv OldLondon.ttf OldLondonAlternate.ttf /usr/share/fonts/
root@kali:~#

Rebuild your font cache.

root@kali:~# fc-cache -f
root@kali:~#

Confirm that the files exists in font cache now.

root@kali:~# fc-list | grep OldLondon
/usr/share/fonts/OldLondon.ttf: Old London:style=Regular
/usr/share/fonts/OldLondonAlternate.ttf: Old London Alternate:style=Regular
root@kali:~#

So now that we have fonts and all, lets type to see how it really looks like:

It reads

blackMORE Ops
Welcome to the 
Temple of the King
(A song title from Rainbow in case you're wondering)

Conclusion:

The best take from this post would be installing new fonts. I think this solves font config for any Linux distributions. Enjoy and try out some interesting fonts.

blackmoreops

Đánh giá bảo mật Pentest (Penetration Testing) là gì?

 

Là hình thức kiểm tra hệ thống CNTT của bạn có thể bị tấn công hay không, bằng cách giả lập các vụ tấn công thử nghiệm tạo ra. Có thể hiểu một cách đơn giản Penetration Testing ( Pentest ) chính là đánh giá độ an toàn bằng cách tấn công vào hệ thống . Vulnerability Assessment là quá trình xem xét lại các dịch vụ và hệ thống để tìm ra các vấn đề an ninh tiềm tàng hoặc dò tìm các dấu vết khi hệ thống bị tổn thương. Người thực hiện một thử nghiệm xâm nhập được gọi là kiểm tra xâm nhập hoặc pentester.

Khi thâm nhập thử nghiệm cần phải có sự cho phép của người sở hữu hệ thống. Nếu không, bạn sẽ là hacking hệ thống, và đó là bất hợp pháp. Nói cách khác: Sự khác biệt giữa thử nghiệm thâm nhập và hack là  bạn có sự cho phép của chủ sở hữu hệ thống .

Để hiểu rõ hơn về Pentest, trước tiên cần phải biết các khái niệm bảo mật cơ bản sau:

Lỗ hổng (Vulnerabilities)

Vulnerabilities là lỗ hổng bảo mật trong một phần của phần mềm, phần cứng hoặc hệ điều hành, cung cấp một góc tiềm năng để tấn công  hệ thống. Một lỗ hổng có thể đơn giản như mật khẩu yếu hoặc phức tạp như lỗi tràn bộ đệm hoặc các lỗ hổng SQL injection.

Khai thác (exploits)

Để tận dụng lợi thế của một lỗ hổng, thường cần một sự khai thác, một chương trình máy tính nhỏ và chuyên môn cao mà lý do duy nhất là để tận dụng lợi thế của một lỗ hổng cụ thể và để cung cấp truy cập vào một hệ thống máy tính. Khai thác thường cung cấp một tải trọng (payloads) đến mục tiêu hệ thống và cung cấp cho kẻ tấn công truy cập vào hệ thống.

Trọng tải (payloads)

Tải trọng (payloads) là các thành phần của phần mềm cho phép  kiểm soát một hệ thống máy tính sau khi nó đang được khai thác lỗ hổng ,thường gắn liền với vài giao khai thác (exploits).

Phương pháp sử dụng trong pentest.

Hộp đen (Black box)

Tấn công từ ngoài vào (black box Pen Test): các cuộc tấn công được thực hiện mà không có bất kỳ thông tin nào, pentester sẽ đặt mình vào vị trí của những tin tặc mũ đen và cố gắng bằng mọi cách để thâm nhập vào được mạng nội, ngoại của khách hàng.

Pentester sẽ mô phỏng một cuộc tấn công thực sự vào ứng dụng ,quá trình thử nghiệm bao gồm một loạt các lỗ hổng bảo mật ở cấp ứng dụng được xác định bởi OWASP và WASC, nhắm mục tiêu các lỗ hổng bảo mật nguy hiểm tiềm tàng trong ứng dụng của khách hàng . Quá trình thử nghiệm sẽ tiết lộ các lỗ hổng, thiệt hại khai thác tiềm năng và mức độ nghiêm trọng.

Hộp trắng (White box)

Tấn công từ trong ra (white box Pen Test): là các thông tin về mạng nội bộ và ngoại sẽ được cung cấp bởi khách hàng và Pentester sẽ đánh giá an ninh mạng dựa trên đó.

Điều quan trọng là cho các tổ chức để xác định rủi ro và mối đe dọa của họ xuất phát từ đâu Nếu doanh nghiệp cảm nhận được nó đến từ các nhân viên, khách hàng hoặc đối tác thương mại, nó có thể có lợi để tiến hành một thử nghiệm hộp Penetration trắng. Nhân viên, khách hàng và các đối tác thương mại có kiến thức về thông tin của doanh nghiệp. Họ có thể biết rằng Doanh Nghiệp  có một Intranet hoặc Extranet, trang web, và họ cũng có thể có các thông tin cho phép họ để đăng nhập vào hệ thống. Họ có thể biết nhân viên làm việc trong tổ chức, cơ cấu quản lý, các ứng dụng chạy trong môi trường. Tất cả các thông tin này có thể được sử dụng để khởi động các cuộc tấn công nhắm mục tiêu nhiều hơn đối với một cơ sở hạ tầng, mà có thể không được xác định là một phần của một sự tham gia thử nghiệm Black Box.

Hộp xám (Gray box)

Kiểm định hộp xám (Gray-box hay Crystal-box): Giả định như tin tặc được cung cấp tài khoản một người dùng thông thường và tiến hành tấn công vào hệ thống như một nhân viên của doanh nghiệp.

Những hạng mục trong PenTest

1. Đánh giá cơ sở hạ tầng mạng

·        Đánh giá cấu trúc mạng.

·        Đánh giá các biện pháp bảo mật được thiết lập.

·        Đánh giá việc tuân thủ các tiêu chuẩn.

·        Đánh giá các hệ thống như: firewall: Cấu hình, cấu trúc, quản trị, vá lỗi bảo mật, ghi nhật ký, chính sách, khả năng sẵn sàng…

·        Đánh giá thiết bị phát hiện và phòng chống xâm nhập IPS: Cấu hình, khả năng phát hiện xâm nhập, cấu trúc, quản trị, vá lỗi bảo mật, ghi nhật ký, chính sách, khả năng sẵn sàng…

·        Đánh giá thiết bị VPN:  Cấu hình, quản trị, chính sách truy nhập, nhật ký…

·        Đánh giá Router/ Switch: Cấu hình, xác thực, cấp quyền, kiểm soát truy nhập, nhật ký….

·        ..

2. Đánh giá hệ thống máy chủ

·        Máy chủ Windows và Linux:

·        Đánh giá phiên bản, cập nhật, cấu hình các dịch vụ, vá lỗi, chính sách tài khoản và mật khẩu, chính sách ghi nhật ký, rà soát cấp quyền…

·        Khả năng dự phòng, cân bằng tải, cơ sở dử liệu phân tán.

·        ...

3. Đánh giá ứng dụng web

·        Đánh giá từ bên  ngoài: Dùng các công cụ chuyên dụng tấn công thử nghiệm, từ đó phát hiện ra các lỗ hổng như: Lỗi tràn bộ đệm, SQL injection, Xss, upload, Url bypass và các lổ hổng ứng dụng khác

·        Đánh giá từ bên trong: Kiểm tra mã nguồn web nhằm xác định các vấn đề về xác thực, cấp quyền, xác minh dữ liệu, quản lý phiên, mã hóa…

·        ...

Tiêu chuẩn thực hiện Pentest

Pentest cần được thực hiện trên cơ sở tuân thủ các tiêu chuẩn quốc tế về đánh giá an ninh bảo mật cho hệ thống như sau:

Đánh giá ứng dụng Web – OWASP (Open-source Web Application Security Project):  OWASP là một chuẩn mở cho phép tổ chức/DN tiến hành xây dựng, phát triển, duy trì hoạt động của các ứng dụng trên nền tảng web một cách bảo mật nhất. Quá trình đánh giá dựa trên các tiêu chí đã được cộng đồng bảo mật xác nhận. OWASP bao gồm 10 lỗ hổng được đánh giá một cách chi tiết và cập nhật thường xuyên với thực tế các nguy cơ mà một ứng dụng web thường gặp.

Đánh giá mạng và hệ thống – OSSTMM (Open Source Security Testing Methodology Manual): OSSTMM là một chuẩn mở cung cấp phương pháp kiểm tra bảo mật một hệ thống đang hoạt động của doanh nghiệp. Từ phiên bản 3.0, OSSTMM đưa ra phương pháp kiểm định cho hầu hết các thành tố trong hệ thống như: con người, hạ tầng vật lý, mạng không dây, truyền thông và các mạng sử dụng truyền dữ liệu.

3stone