This article will outline some of the most commonly recommended configurations set to Parrot OS after installation. I will keep updating this article as I find new tools or processes to include in the list.
Display:
Firstly the screen resolution needs to be adjusted to match the current monitor.
Verifying some permissions first:
sudo usermod -aG sudo amgit
Shared Folder Access:
Next is the shared Vbox permissions (making sure we can access the host shared folder): sudo adduser amgit vboxsf
This permissions error won't change until the server is restarted, after the restart, we should have access to the shared folder.
Updating Parrot:
It's important to make sure Parrot is using the correct repositories when updating the OS or download tools, to view the current repositories:
cat /etc/apt/sources.list.d/parrot.list
Make any required changes and when ready:
sudo apt update -y && sudo apt full-upgrade -y && sudo apt autoremove -y && sudo apt autoclean -y
This may take some time and once it's finished the operating system, tools and applications should all be updated/upgraded.
Tools:
There are a few different useful tools:
TOR Browser: sudo apt install torbrowser-launcher
git clone https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite.git
LinPeas is a Linux enumeration and local privilege escalation script. Very useful once a remote shell is established.
sudo apt install seclists
SecLists is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.
tree -d /usr/share/seclists/
/usr/share/seclists/
├── Discovery
│ ├── DNS
│ ├── Infrastructure
│ ├── SNMP
│ └── Web-Content
│ ├── CMS
│ ├── SVNDigger
│ │ ├── cat
│ │ │ ├── Conf
│ │ │ ├── Database
│ │ │ ├── Language
│ │ │ └── Project
│ │ └── context
│ ├── URLs
│ └── Web-Services
├── Fuzzing
│ └── Polyglots
├── IOCs
├── Miscellaneous
├── Passwords
│ ├── Common-Credentials
│ ├── Cracked-Hashes
│ ├── Default-Credentials
│ ├── Honeypot-Captures
│ ├── Leaked-Databases
│ ├── Malware
│ ├── Permutations
│ ├── Software
│ └── WiFi-WPA
├── Pattern-Matching
├── Payloads
│ ├── Anti-Virus
│ ├── File-Names
│ ├── Images
│ ├── PHPInfo
│ └── Zip-Bombs
├── Usernames
│ ├── Honeypot-Captures
│ └── Names
└── Web-Shells
├── FuzzDB
├── JSP
├── laudanum-0.8
│ ├── asp
│ ├── aspx
│ ├── cfm
│ ├── jsp
│ │ └── warfiles
│ │ ├── META-INF
│ │ └── WEB-INF
│ └── php
├── PHP
└── WordPress
53 directories
Install Wine:
Wine is used to execute windows executables on a Linux machine. This will become useful, especially working with HTB challenges.
sudo apt-get install wine
Cherry Tree is my preferred tool for note-taking, I am trying others at the moment - but I always seem to go back to CherryTree.
sudo apt install cherrytree
Terminator is my preference when it comes to terminals. I find it easier to use, especially with the number of shortcuts and right-click-paste features.
sudo apt install terminator
