Category: Uncategorized

Hello aspiring ethical hackers. In our previous blogpost, you learnt everything about the power of meterpreter. However, in real-world, you are not so lucky to get a meterpreter session every time. Most of the times, you will get a normal command shell. Don’t worry. you can upgrade command shell to meterpreter. The good thing is we can do it from Metasploit only.

In this blogpost, we will be showing you how to do this. First thing we need to do after getting a normal command shell is to background the current command shell by hitting CTRL+Z. Be careful not to press “CTRL+C”. That will completely abort the session altogether. If it happened by mistake ( like it happened to me below), select “no” when it asks whether to abort a session. Then hit CTRL+Z and select Yes. Your session has been sent to background. Remember the session number. In our case, this is 3.B

Next, load the shell_to_meterpreter module as shown below. We need only one option for this module to work. The session id of the session we just sent to background and I told you to remember.

Specify the session id and run the exploit as shown below. We will get the meterpreter session.

Type command “sessions -l” to see all our sessions as shown below.

We can load the meterpreter session as shown below.

If you found that helpful. Please check out my monthly magazine. That is how we upgrade normal shell to meterpreter. Learn how to change x86 meterpreter to x64 and vice versa.

Hello, aspiring ethical hackers. In our previous blogpost on maintaining access, you learnt the importance of maintaining persistence on target networks in hacking or a pen test. In this blogpost, you will learn about backdoor, one of the techniques used to maintain access on a target network.

What is a backdoor?

A backdoor is any method or technique other than the conventional method that that gives us continuous access to our target system, software or network.

According to Wikipedia, “A backdoor is typically a covert method of bypassing normal authentication or encryption in a computer, product, embedded device (e.g. a home router), or its embodiment (e.g. part of a cryptosystem, algorithm, chipset, or even a “homunculus computer”—a tiny computer-within-a-computer such as that found in Intel’s AMT technology).

Next question is why we need to create a backdoor? Once we gain access to a network (or after privilege escalation), there are chances that our intrusion is detected and security measure applied. Once this happens, our access to the target is lost. That’s why we need to create a backdoor.

Now, since you have understood what is a backdoor and its importance, let’s see an example of a backdoor. What better example than using Metasploit framework to demonstrate this. Metasploit has an inbuilt feature for creating a backdoor within meterpreter called persistence module. This method comes to use after gaining a meterpreter session on a Windows system. After gaining a meterpreter session on the target system, run the command given below.

run persistence -h

It will show you all the options we can set for our backdoor. All the options are self explanatory in the image given below.

Now I want my backdoor to start as soon as the system starts. So I chose ‘X’ option. After starting, I want it to make connection attempt to my attacker system every three seconds, so I kept the interval(i) as 3. The port on which connection should be made is 443. The option (r) is remote system’s IP address i.e the IP of the system to which the connection should be made.

Remember this script will be installed on the target system. Run the script. As you can see, the file is installed in the autorun.

Now it’s time to start a listener on our attacker system. It can be done as shown below.

Change the options accordingly as we set in the persistence script and start the handler. If the system is live, we will get the meterpreter shell as shown below.

Hello aspiring ethical hackers. In our previous blogpost, you learnt what is a payload and about what is a payload generator. In this blogpost, you will learn about one of the payload generators, Arcanus Framework. Arcanus is a customized payload generator that can generate payloads which are undetectable by almost all of the antiviruses (till date ). This could be very useful in penetration testing.

Let’s see how to use Arcanus Framework. To install this tool on Kali Linux, we need to install golang. Install Golang and then clone the Arcanus repository from Github as shown below.

Navigate to the ARCANUS directory created and view its contents. We should see a file ARCANUS_x86. Let’s first generate a Windows payload. We will generate a x_86 payload. First change its permissions as shown below.

Next run this file. You should see an ARCANUS logo as shown below.

You will see five options as shown below. Since we are generating a Windows payload, we will choose option 2.

It will prompt you to set the attacker system’s IP address ( in our case the address of Kali Linux ) and a port on which you want to start a listener for the reverse shell. Enter the values and hit “Enter”.

It will generate the payload and automatically start a listener as shown below.

The payload will be generated with the name “payload.exe” as shown below in the ARCANUS directory.

Next we need to send this payload to the victim using Social engineering. When the target user clicks on the payload we sent, we will get a shell on the target system as shown below.

That’ s all in Windows hacking with Arcanus. Now let’s see how to generate a payload for Linux target. Select the option 3 since we are generating a Linux payload.

The rest of the steps are same as generating a Windows payload. Enter your IP address (Kali Linux in this case) and the listening port as shown below.

It will generate the payload in the same directory start to automatically listen for a reverse shell as shown below.

Send the generated payload to our victim. When he executes it, we should get a shell on his system as shown below.

Hello, aspiring ethical hackers. In our previous blogpost, you learnt about the importance of maintaining access in ethical hacking or pen test. In this blogpost, you will learn about backdoor attack, one of the ways of maintaining access in a network.

What is a backdoor attack?

A backdoor attack is a hacking attack in which a hacker gains unauthorized access of a system, network or application. For better understanding of a backdoor, let’s see some real-world examples.

1. Linux XZ Utils:

In March 2024, a software developer named Andres Freand discovered a backdoor in Versions 5.6.0 and 5.6.1 of the popular Linux utility XZ utils. This backdoor allows an attacker remote code execution capabilities.

2. Backdoor in WordPress plugins:

In March 2014, several backdoors were discovered in the unlicensed copies of WordPress plugins. These backdoors were inserted as obfuscated JavaScript code and they silently created an admin account in the database.

1. Backdoor in Samsung Android devices:

In January 2014, several Samsung Android products were discovered to be having a backdoor. This backdoor provided remote access to the data stored on these products.

Now, that you have understood what a backdoor is, let’s see an example of backdooring a Windows executable. For this we will be using a tool named Cypher. Cypher is a simple tool to automatically add shellcode to PE files. PE files means portable executable files.

But what is shellcode? It is a list of carefully crafted instructions that can be executed once the code is injected into a running application. So in simple terms, Cypher allows us to add shellcode to portable executable files like…. well it can be any Windows executable. Usually we use shellcode to get a remote shell or create a backdoor shell on our target system. Cypher even allows us to get the powerful meterpreter shell.

Now let us see how to backdoor an exe with this tool. First, let us git clone this tool into Kali Linux using commands as shown below.

Make sure you are in the same directory where cypher is cloned. It gives information on how to create different types of payloads. Let us add a reverse meterpreter shell using the command shown below.

Now let us see all the options we specified.

addShell.py : syntax of Cypher

-f : the ‘f’ option stands for file. This is to specify the portable executable into which we want to create our backdoor. Remember that some executables are packed and don’t allow writing shell code. Test and use accordingly. Here, I’m using plink.exe located on my Desktop.

-t : the target OS for which you want to create this backdoor for. These include four options: 0,1,2,3. These are for Windows 7 32bit, Windows 7 64 bit, Windows 8.1 64bit and Windows 10 64bit respectively. Here I have specified it as 1 since I’m testing it on Windows 7 64bit OS.

-d : offset. This is nothing but distance between the point where we are trying to enter our shellcode to the point where we are exactly placing our shellcode. Even if you don’t understand that sentence above, let me tell you why it’s important. The success of injecting our shellcode into an executable is that the executable should work fine even after we inject our backdoor. The exe shouldn’t crash. By default, this value is set to four. But if your exe is crashing, set it to a greater value( I set it to 10) as I did above.

-H : attacker’s IP address. In our case, IP address of Kali Linux.

-P : the port on which we want our shell back.

-p : Mind the lowercase. This stands for payload we want to set. ‘1’ stands for Windows/meterpreter/reverse_http. The other options are,

0 – windows/shell/reverse_tcp, 2- Windows/meterpreter/reverse_http + PrependMigrate, 3- Windows/meterpreter/reverse_https, 4- Windows/meterpreter/reverse_https + PrependMigrate

After setting all the options, hit on Enter. The payload will be created with the same name but end with _evil as shown below. Now send the package to the victim using social engineering.

Now to listen to our reverse shell, we need a listener. Open Metasploit and create a reverse_http listener as shown below.

Set the required options like IP address and port. Note that they should be same as we specified while we added shell code to the file. Type run command. The exploit should hang on as shown below.

Now when our victim clicks on the file we sent, we should get a meterpreter reverse shell as shown below.

This was all about Backdoor attack. Before you perform a backdoor attack, you have to gain access to the system or network or application. Learn about Windows hacking.

Kali Linux is the most advanced penetration testing distribution with a number of tools. While using these tools a measure of anonymity is required. Today we are going to see how to spoof your IP address in Kali Linux. First, check your IP address by visiting any website which shows your IP address (http://www.whatismyip.com). Then go to the site www.vpnbook.com.

Download the Euro1 Server OpenVPN certificate bundle as shown below. Note down the username and password given. We will need it in later steps.

When you click on the download link, the following window opens. Since it is a zip package, system will prompt whether to open it with unzip ( the default option ). Click on “OK”.

Open the terminal and navigate to the directory where the contents of the zip archive have been unzipped. Type the command “ls” to see the unzipped files. We are going to use the vpnbook-euro1-udp53.ovpn package.

OpenVPN has been installed by default in the Kali Linux distribution. Type the command “openvpn vpnbook-euro1-udp53.ovpn” to start the process.

The installation starts. Enter the username and password we noted above when prompted.

After a short time, the process is completed. Check your IP address again. If everything goes well, your IP address will be changed.

Join The Hackercool Community to get our latest updates on Blog posts, Offers and Discount Coupons

Email*

Name

I accept the terms and conditions