Breaking News

The Magical Code Injection Rainbow (MCIR) in Metasploitable2

The Magical Code Injection Rainbow (MCIR) a Web-based training projects

Dan Crowley, a data security aficionado and independent resheacher with Trustwave, has composed and brought forth five exceptionally amazing training suites. His Web-based training projects are easy to explore and come with different testing levels. His most recent creation is a pound up of his web mentors crushed into one advanced play area called, the Magical Code

 

Injection Rainbow (MCIR). MCIR is included the accompanying modules:

  • SQLol – a SQL injection preparing stage that takes into account customization of white and listed characters and successions focused on a test based stage to prepare the fundamental skills important to test and defeat SQL efforts to establish safety.
  • XMLmao – Like Sqlol, Xmlmao is a configurable XML injection training environment.
  • Shelol – A configurable operating System shell training environment for command injection.
  • XSSmh – Cross site scripting training tool.
  • CryptOMG – CryptOMG is a configurable catch the flag style web application designed to exploit normal imperfections in the usage of cryptography. More Information: https://github.com/SpiderLabs/MCIR

Installation Of MCIR

Go into Network setting in Metasploitable2 machine and put network Adapter Attached to: Bridge Adapter. Launch the Metasploitable2 machine And Run the following command to reset the network interface:

$sudo ifdown eth0

$sudo ifup eth0

Or

$sudo ifconfig eth0 down

$sudo ifconfig eth0 up

Magical Code Injection Rainbow (MCIR) 1

After run this command you have to give the password of user (msfadmin). Check to make sure the new IP address has been set.

$ifconfig eth0

Modify the nameservers in /etc/resolve.conf

$sudo nano /etc/resolve.conf

Magical Code Injection Rainbow (MCIR) 2

 

Set the IP Address of the name server to gateway on your network, then press Ctel+X to exit, save the file by using “y” and hit enter.

Test the Internet connectivity.

Ping www.google.com

If connectivity is established. The Next step Download the Magical Code injection Rainbow from GitHub.com.

$wget https://codeload.github.com/SpiderLab/MCIR/zip/master

Magical Code Injection Rainbow (MCIR) 3

The downloaded file is a ZIP container. Uncompress the master file by using following command.

$unzip master

Move the MCIR folder into Web-Server place.

$sudo mv MCIR-master /var/www/mcir

Magical Code Injection Rainbow (MCIR) 4

Edit the Metasploitable2 web page for access easily

$cd /var/www

$ sudo nano index.php

Magical Code Injection Rainbow (MCIR) 5

Add the MCIR to the list on the web page as in show in Figure.
Again go in the setting Wizerd and select Network in left menu bar then change the Attached to: Host-only Adapter. Click Ok to save changes and exit. Finally reset the network adapter card on Virtual machine of Metasploitable2.

$sudo ifdown eth0

$sudo ifup eth0

Check the IP address on the eth0 Network Interface Card.
$ifconfig eth0
Launch the Kali Linux Virtual machine, And open web browser and navigate to:
http://{IP_address_of_metasploitable2_virtual_machine}/

Magical Code Injection Rainbow (MCIR) feature

About Vijay Kumar

Ethical Hacking & Penetration Testing Trainer, For more detail view My Profile

Check Also

Search engine for hackers, and it lists every device on the net

Meet Censys, a Shodan like search engine for hackers. Last month the security consultants at the …

2 comments

  1. andremilke@gmail.com'
    ANDRE MILKE DOS SANTOS

    HI,
    I am trying to do what is here, but I have some problems. There was certifications errors and it is not possible to do.
    Could you help me?
    The error is:
    Unable to get local issuer certificate

    Regards

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Watch Dragon ball super