Can I install Metasploitable 2 on a machine other than the one running Kali Linux?

I use a kind of POTATO LAPTOP with highly limited resources so when I installed Kali Linux I simply ruled out the idea of using a Virtual Machine (running an OS on an OS is resource-heavy, isnt it?).
Now, I want to install Metaspoitable 2:
1. Can I install it without a VM? (Probably I could not and maybe I should not)
2. Since I can not install Kali on my laptop in a VM (i don’t want many kali, that’s again a waste of space and resources), is there a VM that could be installed in a installed (not in VM) Kali LInux system? (like running metasploitable in VM along with Kali Linux as the base OS) – Maybe that does not make sense at all 🙁

How to reset MariaDB into a “fresh install” state?

I had InnoDB corruption and managed to start the server in read only mode and perform a fresh backup using innodb_force_recovery=5.

This way of starting the service puts the databases in read only mode, even deletion is disallowed.

Is there an official procedure to reset the whole server into a fresh installed (or at least “empty”) version?

And in case there isn’t, then what are the correct uninstall/reinstall steps to make sure there will be no remaining residues of data that could generate problems in the future?

How to install sslstrip to kali linux 2019.4

when i try to install sslstrip using pip install sslstrip i get the following error—>

pip install sslstrip DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won’t be maintained after that date. A future version of pip will drop support for Python 2.7.
Collecting sslstrip Requirement already satisfied: Twisted==13.1.0 in /usr/local/lib/python2.7/dist-packages (from sslstrip) (13.1.0) Collecting pyOpenSSL==0.13.1 (from sslstrip) Using cached https://files.pythonhosted.org/packages/78/a2/51d260c5659b5db40af767ac3d518ba9f7c02c6d7c42cbff9c663f9c3556/pyOpenSSL-0.13.1.tar.gz Requirement already satisfied: zope.interface>=3.6.0 in /usr/lib/python2.7/dist-packages (from Twisted==13.1.0->sslstrip) (4.6.0) Building wheels for collected packages: pyOpenSSL Building wheel for pyOpenSSL (setup.py) … error Complete output from command /usr/bin/python2.7 -u -c “import setuptools, tokenize;file=’/tmp/pip-install-F5bvfG/pyOpenSSL/setup.py’;f=getattr(tokenize, ‘open’, open)(file);code=f.read().replace(‘\r\n’, ‘\n’);f.close();exec(compile(code, file, ‘exec’))” bdist_wheel -d /tmp/pip-wheel-s2yXfX –python-tag cp27: running bdist_wheel running build running build_py creating build creating build/lib.linux-x86_64-2.7 creating build/lib.linux-x86_64-2.7/OpenSSL copying OpenSSL/init.py -> build/lib.linux-x86_64-2.7/OpenSSL copying OpenSSL/tsafe.py -> build/lib.linux-x86_64-2.7/OpenSSL copying OpenSSL/version.py -> build/lib.linux-x86_64-2.7/OpenSSL creating build/lib.linux-x86_64-2.7/OpenSSL/test copying OpenSSL/test/init.py -> build/lib.linux-x86_64-2.7/OpenSSL/test copying OpenSSL/test/util.py -> build/lib.linux-x86_64-2.7/OpenSSL/test copying OpenSSL/test/test_crypto.py -> build/lib.linux-x86_64-2.7/OpenSSL/test copying OpenSSL/test/test_rand.py -> build/lib.linux-x86_64-2.7/OpenSSL/test copying OpenSSL/test/test_ssl.py -> build/lib.linux-x86_64-2.7/OpenSSL/test running build_ext building ‘OpenSSL.crypto’ extension creating build/temp.linux-x86_64-2.7 creating build/temp.linux-x86_64-2.7/OpenSSL creating build/temp.linux-x86_64-2.7/OpenSSL/crypto x86_64-linux-gnu-gcc -pthread -fno-strict-aliasing -Wdate-time -D_FORTIFY_SOURCE=2 -g -fdebug-prefix-map=/build/python2.7-07FOaN/python2.7-2.7.17=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -I/usr/include/python2.7 -c OpenSSL/crypto/crypto.c -o build/temp.linux-x86_64-2.7/OpenSSL/crypto/crypto.o OpenSSL/crypto/crypto.c: In function ‘crypto_sign’: OpenSSL/crypto/crypto.c:626:16: error: storage size of ‘md_ctx’ isn’t known 626 | EVP_MD_CTX md_ctx; | ^~~~~~ OpenSSL/crypto/crypto.c: In function ‘crypto_verify’: OpenSSL/crypto/crypto.c:673:16: error: storage size of ‘md_ctx’ isn’t known 673 | EVP_MD_CTX md_ctx; | ^~~~~~ error: command ‘x86_64-linux-gnu-gcc’ failed with exit status 1


Failed building wheel for pyOpenSSL Running setup.py clean for pyOpenSSL Failed to build pyOpenSSL Installing collected packages: pyOpenSSL, sslstrip Found existing installation: pyOpenSSL 19.1.0 Uninstalling pyOpenSSL-19.1.0: Successfully uninstalled pyOpenSSL-19.1.0 Running setup.py install for pyOpenSSL … error Complete output from command /usr/bin/python2.7 -u -c “import setuptools, tokenize;file=’/tmp/pip-install-F5bvfG/pyOpenSSL/setup.py’;f=getattr(tokenize, ‘open’, open)(file);code=f.read().replace(‘\r\n’, ‘\n’);f.close();exec(compile(code, file, ‘exec’))” install –record /tmp/pip-record-moz8x4/install-record.txt –single-version-externally-managed –compile: running install running build running build_py creating build creating build/lib.linux-x86_64-2.7 creating build/lib.linux-x86_64-2.7/OpenSSL copying OpenSSL/init.py -> build/lib.linux-x86_64-2.7/OpenSSL copying OpenSSL/tsafe.py -> build/lib.linux-x86_64-2.7/OpenSSL copying OpenSSL/version.py -> build/lib.linux-x86_64-2.7/OpenSSL creating build/lib.linux-x86_64-2.7/OpenSSL/test copying OpenSSL/test/init.py -> build/lib.linux-x86_64-2.7/OpenSSL/test copying OpenSSL/test/util.py -> build/lib.linux-x86_64-2.7/OpenSSL/test copying OpenSSL/test/test_crypto.py -> build/lib.linux-x86_64-2.7/OpenSSL/test copying OpenSSL/test/test_rand.py -> build/lib.linux-x86_64-2.7/OpenSSL/test copying OpenSSL/test/test_ssl.py -> build/lib.linux-x86_64-2.7/OpenSSL/test running build_ext building ‘OpenSSL.crypto’ extension creating build/temp.linux-x86_64-2.7 creating build/temp.linux-x86_64-2.7/OpenSSL creating build/temp.linux-x86_64-2.7/OpenSSL/crypto x86_64-linux-gnu-gcc -pthread -fno-strict-aliasing -Wdate-time -D_FORTIFY_SOURCE=2 -g -fdebug-prefix-map=/build/python2.7-07FOaN/python2.7-2.7.17=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -I/usr/include/python2.7 -c OpenSSL/crypto/crypto.c -o build/temp.linux-x86_64-2.7/OpenSSL/crypto/crypto.o OpenSSL/crypto/crypto.c: In function ‘crypto_sign’: OpenSSL/crypto/crypto.c:626:16: error: storage size of ‘md_ctx’ isn’t known 626 | EVP_MD_CTX md_ctx; | ^~~~~~ OpenSSL/crypto/crypto.c: In function ‘crypto_verify’: OpenSSL/crypto/crypto.c:673:16: error: storage size of ‘md_ctx’ isn’t known 673 | EVP_MD_CTX md_ctx; | ^~~~~~ error: command ‘x86_64-linux-gnu-gcc’ failed with exit status 1

---------------------------------------- 

Rolling back uninstall of pyOpenSSL Moving to /usr/local/lib/python2.7/dist-packages/OpenSSL/ from /usr/local/lib/python2.7/dist-packages/~penSSL Moving to /usr/local/lib/python2.7/dist-packages/pyOpenSSL-19.1.0.dist-info/ from /usr/local/lib/python2.7/dist-packages/~yOpenSSL-19.1.0.dist-info Command “/usr/bin/python2.7 -u -c “import setuptools, tokenize;file=’/tmp/pip-install-F5bvfG/pyOpenSSL/setup.py’;f=getattr(tokenize, ‘open’, open)(file);code=f.read().replace(‘\r\n’, ‘\n’);f.close();exec(compile(code, file, ‘exec’))” install –record /tmp/pip-record-moz8x4/install-record.txt –single-version-externally-managed –compile” failed with error code 1 in /tmp/pip-install-F5bvfG/pyOpenSSL/

install postgresql without creating instance (for use with repmgr)

I’m trying to get REPMGR setup, and I’m following the steps at https://repmgr.org/docs/current/quickstart-standby-preparation.html to get the standby setup.

I noticed it warns On the standby, do not create a PostgreSQL instance. However I believe this happens automatically with how I installed Postgres

wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add - echo "deb http://apt.postgresql.org/pub/repos/apt/ `lsb_release -cs`-pgdg main" |sudo tee  /etc/apt/sources.list.d/pgdg.list sudo apt update sudo apt -y install postgresql-12 postgresql-client-12 

because when I try to clone the primary onto the standby as mentioned in https://repmgr.org/docs/current/quickstart-standby-clone.html
$ repmgr -h node1 -U repmgr -d repmgr -f /etc/repmgr.conf standby clone --dry-run

I get

postgres@empty2:~$   repmgr -h 192.168.1.102 -U repmgr -d repmgr -f /etc/repmgr.conf standby clone --dry-run NOTICE: destination directory "/var/lib/postgresql/12/main" provided ERROR: specified data directory "/var/lib/postgresql/12/main" appears to contain a running PostgreSQL instance HINT: ensure the target data directory does not contain a running PostgreSQL instance 

Now I’m just ASSUMING that this is because the database instance was created when I installed postgres on the standby. and I’m also ASSUMING that I can just delete everything in the data directory on the standby, and everything will work ok…

But (assuming my assumptions are correct….) what is the correct way to install postgres12 without creating an instance and the corresponding data files?

How to install SQL Server 2017 Express in “Quiet Simple” mode without an extraction folder?

I need to install SQL Server 2017 Express with as little user interaction as possible. I am using the SQLEXPR_x64_ENU.exe setup file that I found a Microsoft download for.

Currently I can do exactly what I want with 2012 by using the following parameters:

/FEATURES="SQL, Tools" /QS /IACCEPTSQLSERVERLICENSETERMS /ADDCURRENTUSERASSQLADMIN=1 /ACTION="Install" /ERRORREPORTING=0 /INSTANCENAME="MyDB" 

In 2012 this works great, however I am trying to now do the same in 2017. The problem I have is that it creates an extraction folder called “SQLEXPR_x64_ENU” in the same directory as the install. This is not desirable.

Question: Is there anyway to prevent this extraction folder from being used, so that it functions that same as the 2012 setup?

Alternatively, one of the following solutions would be acceptable:

  • Allow the user to select the extraction location – like it does with default install (non-quiet) – but still ensure /QS mode for the rest of the setup
  • Have the extraction folder automatically deleted after setup (it wouldn’t be so bad if it cleaned up it’s mess after it was finished)

Delta Search staying in system even after clean install

The picture is of a Dell KB522 multimedia keyboard. I have just made a clean installation of my system with windows 10 and installed chrome with ublock. By pressing the “internet” key (the multimedia key above F1), my default browser will open. Now, this is getting tricky.

If my default browser is Edge, it will open edge as many times as I press this internet key.

If my default browser is chrome, it will open chrome one time with a blank tab but as soon as I hit this internet key a second time, chrome will navigate to delta-search dot com.

The drivers for the keyboard are the default keyboard driver from windows. Adware removal tool by TSA will find only the history entry and cache of delta-search after I hit the internet key mutiple times in chrome.

Question is, where does it come from? Is my chrome/google account the problem?

This is already happening for years. I switched my setup several times over the years, even had a complete hardware switch where I went from AMD to Intel but the kind of keyboard is the same.

Dell KB522

How detectable is malicious code run by programs that download and then install the main file?

There are many programs (free or otherwise) where the user is asked to download a small installer file, which may display the EULA to the user or do some other user registration, which then downloads the latest version of the main program (much larger, and often consists of many files) to install the software.

There are many instances where this is legitimate, and it seems to be popular with mainstream software packages like ADOBE or Microsoft products, and it makes sense to use this approach to handle the installation of software, but if I download a 15MB installer program for some audio processing program and scan it on VirusTotal and it says nothing is detected, but then when I run it the program says it needs to download 150MB, it completely avoids the detection, doesn’t it?

The downloaded software may even be different each time, and likely will be because of version changes and updates.

So I should then scan the newly downloaded files before running them, shouldn’t I?

Is it common for programs to be set up so that they download a malicious file from a server and then run it within its own program? And does that get detected as malicious?

Theoretically, If you know the hash of a program one intends to install and you generate another file that hashes to that value what could you do?


If I know the hash of a program you intend to install is d306c9f6c5…, if I generate some other file that hashes to that value, I could wreak all sorts of havoc. – from https://nakamoto.com/hash-functions/

Theoretically, If you know the hash of a program one intends to install and you generate another file that hashes to that value what could you do?