kanishka10, Author at Hackercool Magazine

Posted on August 27, 2016November 25, 2024 by kanishka10

Beginners guide to Hercules Framework

Hello, aspiring ethical hackers. In our previous blogpost, you learnt what are payload generators. In this blogpost, you will learn about a payload generator that enables you bypass Antivirus on the target system. This is Hercules framework. HERCULES is a customizable payload generator that can bypass antivirus software. Let’s see how it works.

Let’s start by cloning Hercules framework from github as shown below.

After cloning, a new directory with name HERCULES will be created. Move into that directory and do a “ls”. We should see a file named “Setup”. First change the permissions of this file using chmod as shown below. Once we get execute permissions on the Setup file, execute the file using command “./Setup“.

The setup automatically installs Hercules as shown below and

successfully ends as shown below. You have successfully installed Hercules framework in Kali Linux.

Type command “HERCULES” to start the framework. It’s interface looks like below. In this part, let’s generate a payload. Enter option “1”.

Image explaining about the usage of Hercules Framework for Windows exploitation

Select what type of payload you want to create. There are four payloads as shown below. I am choosing the first one. You can choose appropriately.

After we select the type of payload we want to create, we need to enter some options. Let us see the options it provides. LHOST and LPORT are self explanatory. Choosing Persistence function adds our running binary to Windows startup registry so that we can have persistent access to the target. Since we have already know how to create a persistent backdoor we will not enable it here.

Migration function triggers a loop that tries to migrate to a remote process. UPX ( Ultimate Packer for executables ) is an open source executable packer. To those newbies who have no idea what packers are, they are used to compress the executables. Software vendors also use them to obfuscate the code. We will see more about packers in our future howtos.

Concerning this howto, remember that enabling migration, persistence and UPX functions may increase the chances of your payload being detected by Antivirus.

Here I have only enabled the UPX function so the packing process begins as shown below.

Once the packing process is over, your final binary file is stored with the name you have given to it. I named it as “res”.

Next start the listener on Metasploit as shown below and send the binary file to our target. Once he clicks on our executable file, we will get the meterpreter session as shown below.

That’s how we use Hercules for generating Fully UnDetectable (FUD) payloads. Learn how to create FUD payloads using Veil Framework.

Posted on August 18, 2016November 18, 2024 by kanishka10 — 6 Comments

Beginners guide to Backdoor

Hello, aspiring ethical hackers. In our previous blogpost on maintaining access, you learnt the importance of maintaining persistence on target networks in hacking or a pen test. In this blogpost, you will learn about backdoor, one of the techniques used to maintain access on a target network.

What is a backdoor?

A backdoor is any method or technique other than the conventional method that that gives us continuous access to our target system, software or network.

According to Wikipedia, “A backdoor is typically a covert method of bypassing normal authentication or encryption in a computer, product, embedded device (e.g. a home router), or its embodiment (e.g. part of a cryptosystem, algorithm, chipset, or even a “homunculus computer”—a tiny computer-within-a-computer such as that found in Intel’s AMT technology).

Next question is why we need to create a backdoor? Once we gain access to a network (or after privilege escalation), there are chances that our intrusion is detected and security measure applied. Once this happens, our access to the target is lost. That’s why we need to create a backdoor.

Now, since you have understood what is a backdoor and its importance, let’s see an example of a backdoor. What better example than using Metasploit framework to demonstrate this. Metasploit has an inbuilt feature for creating a backdoor within meterpreter called persistence module. This method comes to use after gaining a meterpreter session on a Windows system. After gaining a meterpreter session on the target system, run the command given below.

run persistence -h

It will show you all the options we can set for our backdoor. All the options are self explanatory in the image given below.

Now I want my backdoor to start as soon as the system starts. So I chose ‘X’ option. After starting, I want it to make connection attempt to my attacker system every three seconds, so I kept the interval(i) as 3. The port on which connection should be made is 443. The option (r) is remote system’s IP address i.e the IP of the system to which the connection should be made.

Remember this script will be installed on the target system. Run the script. As you can see, the file is installed in the autorun.

Image explaining how to Backdoor Windows with Metasploit

Now it’s time to start a listener on our attacker system. It can be done as shown below.

Change the options accordingly as we set in the persistence script and start the handler. If the system is live, we will get the meterpreter shell as shown below.

Posted on August 15, 2016November 13, 2024 by kanishka10 — 6 Comments

Beginners guide to hash cracking

Hello aspiring ethical hackers. In our previous blogpost on cryptography, apart from learning the uses of encryption in cybersecurity, you learnt about various encryption techniques. One such method is hashing. In this article, you will learn about hash cracking.

The process of cracking a password hash is known as hash cracking. In ethical hacking, you will definitely encounter password hashes. You will have to learn how to crack these hashes to be able to move forward in pen testing or Red teaming. For example, let’s say you encounter NewsP Free News Script 1.4.7 software in the target network. This particular version of software had a credential disclosure vulnerability as shown below. The only thing that stops me from accessing the website is the password in encrypted format.

Image explaining how to crack hash es with kali linux

The first step in cracking hashes is to identify the type of hash we are trying to crack. We can identify a hash type using a tool named hash-identifier. This tool is installed by default on Kali. Open a terminal and type command given below.

hash-identifier

Enter the hash we need to identify as shown above and hit ENTER. It will show the possible hash type as shown below. In our case, it is MD5 hash or a variant of it.

We can also use another tool “hashid” for hash identification. It’s syntax is as shown below.

hashid <hash>

Since now we know that the hash type is Md5, it’s time to crack the hash. We will use a tool called ‘findmyhash’. This tool tries to crack the hash by using various online hash crackers available. To use this tool, we need to specify the hash type ( which we already know ) and hash after it as shown below.

findmyhash <hash type> -h <hash>

After successfully cracking the hash, it will display us the password as shown below. In our case, the password is admin.

Posted on August 13, 2016November 8, 2024 by kanishka10 — 3 Comments

Beginners guide to Arcanus Framework

Hello aspiring ethical hackers. In our previous blogpost, you learnt what is a payload and about what is a payload generator. In this blogpost, you will learn about one of the payload generators, Arcanus Framework. Arcanus is a customized payload generator that can generate payloads which are undetectable by almost all of the antiviruses (till date ). This could be very useful in penetration testing.

Let’s see how to use Arcanus Framework. To install this tool on Kali Linux, we need to install golang. Install Golang and then clone the Arcanus repository from Github as shown below.

Navigate to the ARCANUS directory created and view its contents. We should see a file ARCANUS_x86. Let’s first generate a Windows payload. We will generate a x_86 payload. First change its permissions as shown below.

Next run this file. You should see an ARCANUS logo as shown below.

You will see five options as shown below. Since we are generating a Windows payload, we will choose option 2.

Image explaining Windows hacking with Arcanus framework

It will prompt you to set the attacker system’s IP address ( in our case the address of Kali Linux ) and a port on which you want to start a listener for the reverse shell. Enter the values and hit “Enter”.

It will generate the payload and automatically start a listener as shown below.

The payload will be generated with the name “payload.exe” as shown below in the ARCANUS directory.

Next we need to send this payload to the victim using Social engineering. When the target user clicks on the payload we sent, we will get a shell on the target system as shown below.

That’ s all in Windows hacking with Arcanus. Now let’s see how to generate a payload for Linux target. Select the option 3 since we are generating a Linux payload.

The rest of the steps are same as generating a Windows payload. Enter your IP address (Kali Linux in this case) and the listening port as shown below.

It will generate the payload in the same directory start to automatically listen for a reverse shell as shown below.

Send the generated payload to our victim. When he executes it, we should get a shell on his system as shown below.

Posted on August 9, 2016March 21, 2024 by kanishka10 — 3 Comments

Webshell attack with msfvenom

Hello aspiring hackers. In our previous howtos, we saw about different shells like the infamous c99 shell, web shells in Kali Linux and Weevely. In this howto, we will see how to perform webshell attack with Metasploit. We will be getting a meterpreter shell on the website.

One of the wonderful features of Metasploit is creating payloads as per requirement. Using msfvenom, we can create binaries for Windows, MAC and Linux. We can also create shell payloads for websites in different formats like php, asp , javascript and asp. In future howto’s we will definitely learn more about msfvenom but for this howto, we will create a php payload.

As you can see below, I have created a php payload named “shell.php” with the metasploit payload option “php/meterpreter_reverse_tcp”. This gives us a reverse php meterpreter shell. The “lhost” option is our attacker system’s IP address and “lport” the port on which we want php meterpreter shell back.

Image explaining webshell attack with metasploit

After the shell is successfully created, let’s start a listener with Metasploit as shown below. Remember to set the same payload we set while creating the payload.

Set the lhost and lport as shown below. They should match with the values in the shell we created. Type command “run” to start the listener.

Now you need to find a site vulnerable to file upload. For this howto, I’m using my own vulnerable webapp “Vulnerawa”. To know more about Vulnerawa go here. Vulnerawa has a file upload vulnerability in its careers page.

Go to its file upload page and upload the shell. That shouldn’t be a big problem.

Now go to the shell we just uploaded through the website. Normally its located in the uploads directory ( In real websites, you need to locate it ). The shell will look like below.

In the listener we started an the attacker system, we should have already got the meterpreter shell. Happy hacking.

That is how we perform webshell attack with Metasploit.

Author: kanishka10