Category: Uncategorized

Posted on by 3 Comments

Beginners guide to Arcanus Framework

Hello aspiring ethical hackers. In our previous blogpost, you learnt what is a payload and about what is a payload generator. In this blogpost, you will learn about one of the payload generators, Arcanus Framework. Arcanus is a customized payload generator that can generate payloads which are undetectable by almost all of the antiviruses (till date ). This could be very useful in penetration testing.

Let’s see how to use Arcanus Framework. To install this tool on Kali Linux, we need to install golang. Install Golang and then clone the Arcanus repository from Github as shown below.

Arcanus1

Navigate to the ARCANUS directory created and view its contents. We should see a file ARCANUS_x86. Let’s first generate a Windows payload. We will generate a x_86 payload. First change its permissions as shown below.

Arcanus2

Next run this file. You should see an ARCANUS logo as shown below.

Arcanus3

You will see five options as shown below. Since we are generating a Windows payload, we will choose option 2.

Image explaining Windows hacking with Arcanus framework

It will prompt you to set the attacker system’s IP address ( in our case the address of Kali Linux ) and a port on which you want to start a listener for the reverse shell. Enter the values and hit “Enter”.

Arcanus5

It will generate the payload and automatically start a listener as shown below.

Arcanus6

The payload will be generated with the name “payload.exe” as shown below in the ARCANUS directory.

Arcanus7

Next we need to send this payload to the victim using Social engineering. When the target user clicks on the payload we sent, we will get a shell on the target system as shown below.

Arcanus8

That’ s all in Windows hacking with Arcanus. Now let’s see how to generate a payload for Linux target. Select the option 3 since we are generating a Linux payload.

Arcalin1

The rest of the steps are same as generating a Windows payload. Enter your IP address (Kali Linux in this case) and the listening port as shown below.

Arcalin2

It will generate the payload in the same directory start to automatically listen for a reverse shell as shown below.

Arcalin3

Send the generated payload to our victim. When he executes it, we should get a shell on his system as shown below.

Arcanus4
Posted on by 2 Comments

Beginners guide to Backdoor attack

Hello, aspiring ethical hackers. In our previous blogpost, you learnt about the importance of maintaining access in ethical hacking or pen test. In this blogpost, you will learn about backdoor attack, one of the ways of maintaining access in a network.

What is a backdoor attack?

A backdoor attack is a hacking attack in which a hacker gains unauthorized access of a system, network or application. For better understanding of a backdoor, let’s see some real-world examples.

1. Linux XZ Utils:

In March 2024, a software developer named Andres Freand discovered a backdoor in Versions 5.6.0 and 5.6.1 of the popular Linux utility XZ utils. This backdoor allows an attacker remote code execution capabilities.

2. Backdoor in WordPress plugins:

In March 2014, several backdoors were discovered in the unlicensed copies of WordPress plugins. These backdoors were inserted as obfuscated JavaScript code and they silently created an admin account in the database.

1. Backdoor in Samsung Android devices:

In January 2014, several Samsung Android products were discovered to be having a backdoor. This backdoor provided remote access to the data stored on these products.

Now, that you have understood what a backdoor is, let’s see an example of backdooring a Windows executable. For this we will be using a tool named Cypher. Cypher is a simple tool to automatically add shellcode to PE files. PE files means portable executable files.

But what is shellcode? It is a list of carefully crafted instructions that can be executed once the code is injected into a running application. So in simple terms, Cypher allows us to add shellcode to portable executable files like…. well it can be any Windows executable. Usually we use shellcode to get a remote shell or create a backdoor shell on our target system. Cypher even allows us to get the powerful meterpreter shell.

Now let us see how to backdoor an exe with this tool. First, let us git clone this tool into Kali Linux using commands as shown below.

Cypher1

Make sure you are in the same directory where cypher is cloned. It gives information on how to create different types of payloads. Let us add a reverse meterpreter shell using the command shown below.

Cypher2

Now let us see all the options we specified.

addShell.py : syntax of Cypher

-f : the ‘f’ option stands for file. This is to specify the portable executable into which we want to create our backdoor. Remember that some executables are packed and don’t allow writing shell code. Test and use accordingly. Here, I’m using plink.exe located on my Desktop.

-t : the target OS for which you want to create this backdoor for. These include four options: 0,1,2,3. These are for Windows 7 32bit, Windows 7 64 bit, Windows 8.1 64bit and Windows 10 64bit respectively. Here I have specified it as 1 since I’m testing it on Windows 7 64bit OS.

-d : offset. This is nothing but distance between the point where we are trying to enter our shellcode to the point where we are exactly placing our shellcode. Even if you don’t understand that sentence above, let me tell you why it’s important. The success of injecting our shellcode into an executable is that the executable should work fine even after we inject our backdoor. The exe shouldn’t crash. By default, this value is set to four. But if your exe is crashing, set it to a greater value( I set it to 10) as I did above.

-H : attacker’s IP address. In our case, IP address of Kali Linux.

-P : the port on which we want our shell back.

-p : Mind the lowercase. This stands for payload we want to set. ‘1’ stands for Windows/meterpreter/reverse_http. The other options are,

0 – windows/shell/reverse_tcp, 2- Windows/meterpreter/reverse_http + PrependMigrate, 3- Windows/meterpreter/reverse_https, 4- Windows/meterpreter/reverse_https + PrependMigrate

After setting all the options, hit on Enter. The payload will be created with the same name but end with _evil as shown below. Now send the package to the victim using social engineering.

windows hacking with cypher

Now to listen to our reverse shell, we need a listener. Open Metasploit and create a reverse_http listener as shown below.

Cypher4

Set the required options like IP address and port. Note that they should be same as we specified while we added shell code to the file. Type run command. The exploit should hang on as shown below.

Cypher5

Now when our victim clicks on the file we sent, we should get a meterpreter reverse shell as shown below.

Cypher6

This was all about Backdoor attack. Before you perform a backdoor attack, you have to gain access to the system or network or application. Learn about Windows hacking.

Posted on by 4 Comments

How to spoof your IP address in Kali Linux

Kali Linux is the most advanced penetration testing distribution with a number of tools. While using these tools a measure of anonymity is required. Today we are going to see how to spoof your IP address in Kali Linux. First, check your IP address by visiting any website which shows your IP address (http://www.whatismyip.com). Then go to the site www.vpnbook.com.

Download the Euro1 Server OpenVPN certificate bundle as shown below. Note down the username and password given. We will need it in later steps.

Kalivpn1

When you click on the download link, the following window opens. Since it is a zip package, system will prompt whether to open it with unzip ( the default option ). Click on “OK”.

Kalivpn2

Open the terminal and navigate to the directory where the contents of the zip archive have been unzipped. Type the command “ls” to see the unzipped files. We are going to use the vpnbook-euro1-udp53.ovpn package.

Kalivpn3

OpenVPN has been installed by default in the Kali Linux distribution. Type the command “openvpn vpnbook-euro1-udp53.ovpn” to start the process.

spoof your ip address in kali linux

The installation starts. Enter the username and password we noted above when prompted.

Kalivpn5

After a short time, the process is completed. Check your IP address again. If everything goes well, your IP address will be changed.

Posted on by 2 Comments

Configure UrlScan on IIS7.5 and IIS8

UrlScan is a security tool used to restrict types of HTTP requests that IIS will process. It is a simple tool which is very helpful in blocking harmful requests to the server. It seemingly supports only IIS 5.1, IIS 6.0, and IIS 7.0 on Windows Vista and Windows Server 2008. It has been deprecated since IIS 7.5 and IIS 8. It is said that Microsoft has included the features of UrlScan in request filtering option for IIS 7.5 and IIS 8. But it definitely is not a match for the simplicity of UrlScan. Today I am going to show you how to configure UrlScan in IIS 7.5 and IIS8. (IIS 7.5 is available in Windows server 2008 R2 and IIS 8 is available in Windows Server 2012 and Windows 8 ).

I am going to configure this in Windows server 2012 i.e IIS 8 but do not worry the configuration steps are similar in IIS 7.5. First and foremost install Web Platform Installer in your machine. This will help us to install all the components we require in simple steps. From web platform installer, select component IIS 6 metabase compatibility. This is compulsory to install URLscan.

Urlscan1

Then, select IIS ISAPI Filters. (ISAPI filters may already be installed in IIS 7.5 ).

Urlscan2

Click on Install. You are shown a review of components you selected to install. Click on I accept.

Urlscan3

The components are installed and will show you a Finish screen. Click on Finish.

Urlscan4

We are all set to install UrlScan. Download Urlscan and click on the msi package. On the window, select the option “I select the terms of license agreement” and click on “Install”.

Urlscan5

The installation is very quick. Once it finishes,click on “Finish”.

Urlscan6

Now open IIS Manager. Click on ISAPI filters.

Urlscan7

If everything went well, we should see a filter already set like below.

Urlscan8

Click on it. We can see that there is already a filter named URLscan 3.1 linking to the executable urlscan.dll.

urlscan

Before configuring UrlScan, let’s try a little banner grabbing to check whether UrlaScan is working or not. For this, we will use tool Idserve to fingerprint the server on which we have configured UrlScan. (www.shunya.com is fictional website i set on my server ).

Urlscan10

We can see that the version is Microsoft-IIS/8.0. Now let’s go to the configuration file of urlscan (urlscan.ini) to make some changes to it. It is located by default at “C:WindowsSystem32inetservurlscan”and change the value of “RemoveServerHeader” to “1” from “0”. Save the file.

Urlscan11

Now let’s again try to banner grab using Idserve. Restart the web server.

urlscan

We can see that the server version has not been disclosed hence our UrlScan is working successfully. Hope it was helpful.

Posted on by 1 Comment

How to hide an exe file in a Jpeg

I have been searching for a way to send an executable file to someone and make him to execute it. Sending the exe directly is not feasible. So let’s see how to hide an exe file in a jpeg and test its feasibility. First of all, create a new directory namedtestand download some images and name them similarly. I downloaded images of a popular Tollywood actress. The plan is to lure the victim into falling in the trap. I did this on a Windows 7 machine.

Expeg1

Go to Folder Options”, go to View tab”,deselect ‘ Hide extensions for known file types‘ and select option Show hidden files, folders and drives. This will allow us to see the extensions of the files we are working with.

Expeg2

Open Notepad, type the following text and save it with the extension .bat”. What the following code does is it creates a new user named “hacker” with password “abc123″ in the Windows machine this code gets executed.

Expeg3

Download BAT to EXE converter and convert the batch file we just created to an exe.

Expeg4
Expeg5

Rename the file “samy.exe” to “samy_3.jpg”. Windows will prompt a warning. Ignore it.

Expeg6

Right click on the file “samy_3.jpg”, drag it a little and leave. Select ‘Create Shortcuts here’. We are creating a shortcut for the file samy_3.jpg.

Expeg7

Rename the shortcut to “samy_0.jpg”.Whatever the name you give make sure that the shortcut is clicked first and not the exe file.

Expeg8

Right click on “samy_0.jpg” and select Properties. In the “Start in” column delete the entire text. In the “Target:” column type “C:Windowssystem32cmd.exec samy_3.jpg.” This will run the file samy_3.jpg when clicked on the samy_0.jpg.

Expeg9

Click on “Change Icon” tab. Replace the text inside with “%SystemRoot%system32SHELL32.dll”and click on “OK”.

Expeg10

Compress all files into zip archive with the name “samy unseen.zip”. Remember that name should be attractive enough to lure the victim into clicking the images.

how to hide an exe file in a jpeg

OK, package is ready. Now the bigger challenge is to send the package to the victim’s computer. I tried to mail the package to the victim but it didn’t work out.

Expeg12

So I suggest you to find your own way of sending it to the victim. To test if the package will work on the victim’s system or not openCMD” and type the command “net user” before executing the image. It will show us all the users on the system.

Expeg13

Then click on the image samy_0.jpg. Open “CMD” and type the “net user” command again.

Expeg14

A new user named hacker has been created. So the trick worked.