Category: Hacking

Posted on by

ms08-067 exploitation to hack Windows XP

Hello aspiring ethical hackers. In this article, we will see how to exploit ms08-067 vulnerability to hack Windows XP. As our readers may already know by now, ms08-067 is a vulnerability in Windows 2000, Windows Server 2003 and Windows XP.  It is a critical vulnerability that allows remote code execution on the target Windows system by sending a specially crafted RPC request to it.

New to Ethical Hacking?

Start your journey with The Beginner Ethical Hacker Starter Kit (2026 Edition).

Inside the free guide, you’ll learn:.

  • Ethical hacking fundamentals
  • Beginner cybersecurity roadmap
  • Essential hacking tools
  • Common vulnerabilities explained
Download the free starter kit and start learning ethical hacking today

This vulnerability doesn’t require any authentication or even user interaction on the target side. That’s the reason why it is ubiquitous in any ethical hacking course or tutorials.

In this article, we will do this with Metasploit. For this, we have chosen our target as Windows XP SP2 and our Attacker system as Kali Linux. Most of the Antivirus ended their support to Windows XP SP2 (Windows XP SP3 is the minimum supported version. Even Real world systems running Windows XP SP2 are running without Anti Virus.)

So Nmap scan revealed a Windows target as shown below.

Start Metasploit and load the ms08_067 module.

Want to Learn Ethical Hacking Step-by-Step?

If you’re serious about learning cybersecurity, a structured roadmap makes the journey much easier.

Download The Beginner Ethical Hacker Starter Kit (2026 Edition) and discover:

✔ The ethical hacking learning path
✔ Beginner-friendly security concepts
✔ Essential tools ethical hackers use
✔ The most common vulnerabilities explained

Get the free starter kit here

Set all the required options and use check command to see if the target is indeed vulnerable.

The target is indeed vulnerable. Now, execute the module as shown below.

ms08-067

As readers can see, we successfully got a meterpreter session with SYSTEM privileges.

Start Your Ethical Hacking Journey Today

Learning cybersecurity can feel overwhelming at first. The best way to start is with a clear roadmap and the right resources.

Download The Beginner Ethical Hacker Starter Kit (2026 Edition) and get instant access to:

✔ Ethical hacking fundamentals
✔ A beginner cybersecurity learning roadmap
✔ Essential hacking tools every beginner should know
✔ Common vulnerabilities explained simply

Get the free starter kit now and begin your ethical hacking journey
Posted on by

Beginners guide to packet sniffing

Hello, aspiring ethical hackers. In our previous blogpost, you learnt about Man in the Middle (MiTM) attack. In this blogpost, you will learn about packet sniffing. Data doesn’t only get hacked when it is saved on a computer or a hard disk. It also gets hacked when it is in transit between one system and another system over internet. For example, in 2008, the Heartland Payment Systems which is one of the world’s largest credit card payment processors was hacked by two Russian hackers. After gaining access, they placed sniffers within the Heartland system.  Using these sniffers, they collected 130 million credit card credentials.

New to Ethical Hacking?

Start your journey with The Beginner Ethical Hacker Starter Kit (2026 Edition).

Inside the free guide, you’ll learn:.

  • Ethical hacking fundamentals
  • Beginner cybersecurity roadmap
  • Essential hacking tools
  • Common vulnerabilities explained
Download the free starter kit and start learning ethical hacking today

What is Packet Sniffing?

Packet sniffing is an act or method of monitoring, gathering or collecting data or information while it is in transit from one system to another system (usually from client to server). Since data or information is transferred over internet in the form of small network packets, it is known as packet sniffing.

Types of Sniffing

Sniffing can be classified into two types. They are Passive sniffing and Active sniffing.

1. Passive Sniffing:

In this type of sniffing, we just observe or monitor the traffic going around the network. There is no need of injection of any additional traffic into the network. To do this, we should be able to view the traffic belonging to all the devices in the network. This is only possible when all the devices in the network are connected through a Network hub. In a network connected by a hub, all the devices can see the traffic sent to all other devices on the network.

2. Active Sniffing:

In this type of sniffing, additional traffic has to be injected into the network to begin sniffing. This type of sniffing is performed in network connected by a switch.

What is a Sniffer?

Packet sniffing can be performed using either software or hardware. The software or appliance used to perform sniffing is known as a sniffer.

Examples of software sniffers include Wireshark, Tcpdump, Windump, Ettercap, dsniff, Kismet, Driftnet and Network miner etc.

Want to Learn Ethical Hacking Step-by-Step?

If you’re serious about learning cybersecurity, a structured roadmap makes the journey much easier.

Download The Beginner Ethical Hacker Starter Kit (2026 Edition) and discover:

✔ The ethical hacking learning path
✔ Beginner-friendly security concepts
✔ Essential tools ethical hackers use
✔ The most common vulnerabilities explained

Get the free starter kit here

Examples of Sniffing attacks

1. Password Sniffing:

This is the simplest form of sniffing attack as in this type of sniffing, sniffers just collect the data in transit silently. Although, sniffers are looking to sniff on credentials. any data that is not encrypted before being transmitted between two devices can be sniffed on. For example, protocols like FTP, Telnet and HTTP etc. transmit all data including credentials in clear text. Learn more about password sniffing attack here.

2. DNS Cache Poisoning:

Also known as DNS poisoning or DNS spoofing, this attack involves poisoning the cache of a DNS server. A Domain Name Server (DNS) resolves host names to the IP addresses and vice versa. So, if a DNS cache is poisoned with malicious entries, any user trying to visit a genuine website may be redirected to a fake malicious website.

3. MAC Flooding:

In this type of sniffing attack, attacker sends a large amount of traffic to the network switch to fill the MAC address table using fake MAC addresses. When the MAC address table is full, the network switch behaves like a hub.

4. MAC Spoofing:

Also known as ARP spoofing or ARP poisoning, in this attack, the attacker tries to spoof the MAC address of another device like a switch. This results in all the devices on the networks thinking that attacker-controlled computer is the switch and start sending traffic to it.

5. TCP Session Hijacking:

In this sniffing technique, also known as Session Hijacking, attacker steals the user’s session ID and impersonates as that user.

6. JavaScript Card Sniffing:

In this type of sniffing attack, hackers take control of a website and make changes to the javascript by adding malicious lines of code to it. These changes are done to collect any valuable information, like credentials, credit card numbers and other information.

7. DHCP attacks:

In this attack, DHCP server is flooded by the attacker with fake DHCP requests to use all the allocated IP addresses for that network.

Next, learn about Wireshark, a versatile network analyzer and sniffer.

Start Your Ethical Hacking Journey Today

Learning cybersecurity can feel overwhelming at first. The best way to start is with a clear roadmap and the right resources.

Download The Beginner Ethical Hacker Starter Kit (2026 Edition) and get instant access to:

✔ Ethical hacking fundamentals
✔ A beginner cybersecurity learning roadmap
✔ Essential hacking tools every beginner should know
✔ Common vulnerabilities explained simply

Get the free starter kit now and begin your ethical hacking journey
Posted on by

EXOCET: Defense evasion tool

Hello aspiring ethical hackers. In our previous blogpost, you learnt about most popular antivirus bypass techniques used. In this article, you will learn about EXOCET – a  AV-evading, undetectable, payload delivery tool. EXOCET is a Crypter type malware dropper. A Crypter is a software that is used to make malware undetectable. It performs functions such as encrypting, obfuscating and manipulating the code of the malware to make it undetectable.

New to Ethical Hacking?

Start your journey with The Beginner Ethical Hacker Starter Kit (2026 Edition).

Inside the free guide, you’ll learn:.

  • Ethical hacking fundamentals
  • Beginner cybersecurity roadmap
  • Essential hacking tools
  • Common vulnerabilities explained
Download the free starter kit and start learning ethical hacking today

EXOCET is one such Crypter-type malware dropper that can be used to recycle easily detectable malware payloads. EXOCET achieves this by encrypting those malware files using AES-GCM (Galois/Counter Mode) and then create a dropper file for a majority of target architectures and platforms.

Written in Golang programming language, the steps involved in making malware undetectable by EXOCET are,

  1. It first takes malware that is easily detectable by Anti Virus engines as input.
  2. It then encrypts this easily detectable malware and produces it’s own Go file.
  3. This Go file can be cross-compiled to 99% of known architectures like Linux, Windows, Macs, Unix, Android and IPhone etc.
  4. Upon execution, the encrypted payload is written to the disk and immediately executed on the command line.

Let’s see how it works. For this we will be using Kali Linux. First, we need to install Golang on Kali as Exocet is a GO program.

Once Golang is successfully installed, clone the repository of Exocet from GitHub. It can be downloaded from here.

We need to install the EXOCET source files in golang.  We can do this using the command shown below.

Exocet is successfully installed. Now, let’s test it. We create a reverse shell payload with Msfvenom first.

We copy this payload to our target system which is Windows 10. The Windows Defender easily detects it (obviously) and classifies it as malware.

This is expected. Next, We copy this easily detectable payload to the directory of Exocet.

Then we run the following command using Exocet. This will create a new golang file called outputmalware.go.

Want to Learn Ethical Hacking Step-by-Step?

If you’re serious about learning cybersecurity, a structured roadmap makes the journey much easier.

Download The Beginner Ethical Hacker Starter Kit (2026 Edition) and discover:

✔ The ethical hacking learning path
✔ Beginner-friendly security concepts
✔ Essential tools ethical hackers use
✔ The most common vulnerabilities explained

Get the free starter kit here

Then we run the following command to create a Windows 64 bit payload.

av evasion

Our result is the exocet_payload.exe. We start a Metasploit listener on the attacker system and copy the Exocet payload to the target.

This time the payload goes undetected as shown below.

This is how we create AV evading payloads with EXOCET. Next learn about AV|ATOR, another tool that can create AV-evading payloads.

Start Your Ethical Hacking Journey Today

Learning cybersecurity can feel overwhelming at first. The best way to start is with a clear roadmap and the right resources.

Download The Beginner Ethical Hacker Starter Kit (2026 Edition) and get instant access to:

✔ Ethical hacking fundamentals
✔ A beginner cybersecurity learning roadmap
✔ Essential hacking tools every beginner should know
✔ Common vulnerabilities explained simply

Get the free starter kit now and begin your ethical hacking journey
Posted on by

Reverse shell WordPress: Multiple Methods

Hello aspiring ethical hackers. In our previous blogpost, you learnt how to enumerate WordPress. In this article, you will learn multiple methods to reverse shell WordPress. As you all might already know, WordPress is a popular open source Content Management System (CMS) based on PHP and MySQL or MariaDB as database. It started as a basic blogging tool in 2003 but now is used by over 532 million websites.

New to Ethical Hacking?

Start your journey with The Beginner Ethical Hacker Starter Kit (2026 Edition).

Inside the free guide, you’ll learn:.

  • Ethical hacking fundamentals
  • Beginner cybersecurity roadmap
  • Essential hacking tools
  • Common vulnerabilities explained
Download the free starter kit and start learning ethical hacking today

It is very important to learn about WordPress hacking in your ethical hacking career. After you enumerate a WordPress website and gain initial access to it using credentials we got during enumeration, the next step is a gaining a shell. In this article, we will show you multiple methods to do that. So, obviously this assumes that you have already obtained WordPress credentials and have access to the WordPress dashboard.

1. Reverse shell through vulnerable plugins

One of the reasons for the popularity of the WordPress CMS is its plugins. WordPress plugins are additional extensions that are used to extend the functionality of the WordPress CMS. WordPress has over 70,000 plugins. During pen testing, we can exploit these vulnerable plugins to reverse shell WordPress.
There are many vulnerable plugins which can be downloaded from websites like Exploit Database. We will use one such WordPress plugin Responsive Thumbnail slider version 1.0. This version of the plugin has an arbitrary file upload vulnerability which is used to upload malicious payload to the website. Since this target doesn’t have this vulnerable plugin installed, let’s upload this plugin ourselves and activate it.

Once the plugin is uploaded and activated, Metasploit can be used to exploit this vulnerable plugin. Start Metasploit and load the wp_responsive_thumbnail_slider_upload module as shown below.

Use check command to confirm if the target is indeed vulnerable.

After setting the credentials and executing the module, we get a meterpreter session on the target.

Here’s another famous WordPress plugin that can be exploited.

2. Reverse shell by editing WordPress theme

WordPress themes enhance the look of the WordPress websites. The content of these themes can be edited to upload a reverse shell on the target. For this tutorial, we will upload the infamous C99 webshell.

Here’s the 404.php page of the theme has been edited to copy the code of the C99 web shell into that page. Once the edited file is saved all that needs to be done is visiting that page.

With C99 shell on the target website, there are a number of options to play with.

Want to Learn Ethical Hacking Step-by-Step?

If you’re serious about learning cybersecurity, a structured roadmap makes the journey much easier.

Download The Beginner Ethical Hacker Starter Kit (2026 Edition) and discover:

✔ The ethical hacking learning path
✔ Beginner-friendly security concepts
✔ Essential tools ethical hackers use
✔ The most common vulnerabilities explained

Get the free starter kit here

3. Reverse shell by uploading a malicious plugin

Uploading a malicious plugin is another way of gaining a reverse shell on a WordPress website. GitHub has many options of these WordPress malicious plugins. Let’s use one of them named malicious WordPress plugin that can be downloaded from here.

After navigating into the “malicious-WordPress-plugin” directory, execute the wordpwn.py script. It will show the usage of the script.

wordpress reverse shell

Execute the script again by setting the LHOST, LPORT and by enabling the handler option. i.e the “Y” option. This will start a Metasploit handler.

By this time, a new file named “malicious.zip” is created in the “malicious-wordpress-plugin” directory.

Upload this plugin into WordPress and activate it just like any other plugin.

This newly uploaded web shell can be accessed from two URLs given below.

http://(target)/wp-content/plugins/malicious/wetw0rk_maybe.php
http://(target)/wp-content/plugins/malicious/QwertyRocks.php

In this specific instance, the web shell got executed by visiting the first URL. This will give us a meterpreter session on the already listening handler.

4. Reverse shell using Metasploit Framework

Here is another simple method to gain a reverse shell. Metasploit Framework has a module that uploads a reverse shell as payload once the WordPress credentials are known. Start Metasploit and load the exploit/unix/webapp/wp_admin_shell_upload module.

Set all the required options that includes credentials and execute the module.

This will give us a meterpreter session successfully. These are the four common methods using which we can reverse shell WordPress websites. You can decide your favorite method of gaining a reverse shell on WordPress. Next, learn how to enumerate Joomla, another popular CMS with Metasploit.

Start Your Ethical Hacking Journey Today

Learning cybersecurity can feel overwhelming at first. The best way to start is with a clear roadmap and the right resources.

Download The Beginner Ethical Hacker Starter Kit (2026 Edition) and get instant access to:

✔ Ethical hacking fundamentals
✔ A beginner cybersecurity learning roadmap
✔ Essential hacking tools every beginner should know
✔ Common vulnerabilities explained simply

Get the free starter kit now and begin your ethical hacking journey
Posted on by

Linux privilege escalation with SUID binaries

Hello, aspiring ethical hackers. In our previous blogpost, you learnt about various methods of Linux privilege escalation. In this article, you will learn in detail how to elevate privileges on Linux using SUID binaries.

New to Ethical Hacking?

Start your journey with The Beginner Ethical Hacker Starter Kit (2026 Edition).

Inside the free guide, you’ll learn:.

  • Ethical hacking fundamentals
  • Beginner cybersecurity roadmap
  • Essential hacking tools
  • Common vulnerabilities explained
Download the free starter kit and start learning ethical hacking today

What is SUID?

SUID is a shortcut for Set User ID. This is a special permission that can be assigned to Linux executables. When a SUID permission is assigned to a executable or binary, it runs with the privileges of the file’s owner when executed, rather than the user who executed it. For example, when a user with root privileges assigns SUID permission to a Linux binary and a user with low privileges executes that binary, it runs with root privileges and not with privileges of that user with low privileges.

This can be exploited to gain a root shell or perform actions with root privileges on the target Linux system. With the concept of SUID understood, let’s see how binaries with this bit set can be found. One way to find them is by using find command as shown below.

find / -perm -u=s -type f 2>/dev/null
setuid privilege escalation


Here are some examples of gaining root privileges by exploiting Linux binaries with SUID bit set.

1. bash

2. csh

3. env

4. nice

5. node

6. setarch

7. stdbuf

8. strace

9. taskset

Want to Learn Ethical Hacking Step-by-Step?

If you’re serious about learning cybersecurity, a structured roadmap makes the journey much easier.

Download The Beginner Ethical Hacker Starter Kit (2026 Edition) and discover:

✔ The ethical hacking learning path
✔ Beginner-friendly security concepts
✔ Essential tools ethical hackers use
✔ The most common vulnerabilities explained

Get the free starter kit here

10. tclsh

11. time

12. timeout

13. unshared

14. xargs

15. php

16. expect

17. find

18. python

19. flock

20. gdb

21. ionice

22. logsave

23. make

These are some examples of Linux privilege escalation by exploiting SETUID bit. Next, learn how to elevate privileges on a Linux system using cron jobs.

Start Your Ethical Hacking Journey Today

Learning cybersecurity can feel overwhelming at first. The best way to start is with a clear roadmap and the right resources.

Download The Beginner Ethical Hacker Starter Kit (2026 Edition) and get instant access to:

✔ Ethical hacking fundamentals
✔ A beginner cybersecurity learning roadmap
✔ Essential hacking tools every beginner should know
✔ Common vulnerabilities explained simply

Get the free starter kit now and begin your ethical hacking journey