Category: Uncategorized

Posted on by

Shellcode Injection with Metasploit

Shellcode Injection Module is a Metasploit module which as its name suggests, injects shellcode into the target Windows system on which we already have access. In our previous article, we have learnt what is shellcode and how it is created. Shellcode is a bit assembly code or machine language and it plays a very important role in cyber security. Typically shellcode is used in offensive penetration testing.

Let’ s see how this module works. Get a meterpreter session on a Windows system. Background the current session and load the post windows shellcode inject module as shown below.

Shellcodeinject2

We will use Donut tool to create a shellcode of the mimikatz program. Mimikatz is a tool used to experiment with Windows security. Its known to extract plaintext passwords and kerberos tickets from memory. It can also perform pass-the-hash, pass-the-ticket or build Golden tickets.

Shellcodeinject6

Set the SESSION ID and other options given below.

Shellcodeinject7

Set the interactive option to TRUE . We need to do this so that we are not taken directly to the mimikatz shell. We also need to set the correct target architecture.

Shellcodeinject9

After all the options are set, we need to just execute the module as shown below.

shellcode injection with Metasploit
Shellcodeinject10

That’s all about the Metasploit Shellcode Injection Module.

If you liked this article you can Learn advanced ethical hacking tutorials in our Monthly Magazine. Enjoy Free for 3 months.

Posted on by

Installing MATE Desktop in Kali Linux

Hello readers. Today our readers will learn about installing mate desktop in Kali Linux. You all know the first release of Kali Linux this year, Kali Linux 2020.1 has been released in the month of January. The latest version brought many changes like not giving root user by default and some new tools. The most distinct change it brought is a single installer image for installation. Earlier we had different installation images for different desktop environments which include GNOME, KDE etc.
With 2020.1 release, there will be a single installation image for all these and users would have to select the desktop environment he/she needs while installing. The information about different desktop environments and their pros and cons can be seen here.

Today we will see a tutorial on how to install MATE Desktop environment in Kali Linux 2020.1. MATE Desktop although looks old fashioned is light and has a simple interface. Here’s how to install MATE desktop environment in Kali Linux 2020.1. We have performed this tutorial from a X11 terminal but all these commands can be run from any other desktop environment’s terminal. Power on the Kali 2020.1 virtual machine and login (since there is no root user you should login as a user you created or the default user:password i.e kali:kali).

Open a terminal and using nano open the file /etc/apt/sources.list. with sudo

Mate2

Add these two lines of code to the file and save it.
deb http://kali.download/kali kali-rolling main non-free contrib
deb-src http://kali.download/kali kali-rolling main non-free contrib

Mate3

To save the file hit CTRl+X and when it prompts select “Yes”.Run command sudo apt-get update

Mate4

Now everything is ready to install MATE desktop. Run the command given below.
sudo apt-get install mate-core mate-desktop-environment-extra mate-desktop-environment-extras

installing mate desktop in kali

When the system prompts you for permission to install MATE and its related software, type “Y”.

Mate5

The installation will take some time to finish. After the installation is finished, restart the system (the command is sudo reboot or reboot if you are doing it from terminal). Once the system reboots and takes you to the login screen, before logging in click on the “settings” icon beside the “Signin” button. There you will see all the desktop environments present on the system right now. Select MATE and then login.

Mate6 1024x575 1

Installing MATE desktop has been successfully finished with this.

Liked this article? Learn advanced ethical hacking tutorials in our Monthly Magazine. Enjoy Free for 3 months.

Posted on by

Meterpreter archmigrate module

Hello aspiring ethical hackers. In our previous blogpost, you learnt all about the meterpreter payload. In this blogpost, you will learn about the archmigrate module of Metasploit. This module checks if the meterpreter architecture is the same as the Operating System architecture (OS) and if it’s incompatible it spawns a new process with the correct architecture and migrates into that process. It is a POST module.

What is architecture? As we all know there are two main system architectures 32bit and 64bit. Sometimes, we happen to select a 32bit meterpreter payload for a 64bit target system.

Sometimes there may be compatibility issues if we get a 32bit meterpreter session on a 64bit machine and vice versa. This is the exact scenario in which this module is helpful. To overcome the problems of incompatibility, we need to get a new 64bit meterpreter session or just use the archmigrate module to create a new process with the same architecture as the target OS and migrate to that process. Let’s see how this module works.

To use this module, we need to background the current meterpreter session using command “background”. Then load the archmigrate exploit as shown below. Type command “show options” to have a look at the options it requires.

meterpreter architecture migration from 32bit to 64bit and vice versa

We need to only set the session id of the meterpreter session we just sent to background and the exploit is good to go.

Archmigrate2

If you see in the above image, our exploit failed to run for the first time. This is because in the previous session we had system privileges and if we run this module we may lose the system privileges. But don’t worry, we can change the options to overcome this problem.

Set “ignore_system” option to true and you should be fine to go. This time the exploit ran successfully. As you can see in the above image, our target is a 64bit machine and our meterpreter migrated to a 64bit process successfully. Lets check by typing command “sessions -l” to see the available sessions. You can see we have a 64bit meterpreter session now. Job performed.

Archmigrate3
Posted on by 1 Comment

Upgrade command shell to meterpreter

Hello aspiring ethical hackers. In our previous blogpost, you learnt everything about the power of meterpreter. However, in real-world, you are not so lucky to get a meterpreter session every time. Most of the times, you will get a normal command shell. Don’t worry. you can upgrade command shell to meterpreter. The good thing is we can do it from Metasploit only.

In this blogpost, we will be showing you how to do this. First thing we need to do after getting a normal command shell is to background the current command shell by hitting CTRL+Z. Be careful not to press “CTRL+C”. That will completely abort the session altogether. If it happened by mistake ( like it happened to me below), select “no” when it asks whether to abort a session. Then hit CTRL+Z and select Yes. Your session has been sent to background. Remember the session number. In our case, this is 3.B

Shell To Meterpreter1 300x136 1

Next, load the shell_to_meterpreter module as shown below. We need only one option for this module to work. The session id of the session we just sent to background and I told you to remember.

Image explaining about upgrading command shell to meterpreter

Specify the session id and run the exploit as shown below. We will get the meterpreter session.

Shell To Meterpreter3

Type command “sessions -l” to see all our sessions as shown below.

Shell To Meterpreter4

We can load the meterpreter session as shown below.

Shell To Meterpreter5

If you found that helpful. Please check out my monthly magazine. That is how we upgrade normal shell to meterpreter. Learn how to change x86 meterpreter to x64 and vice versa.

Posted on by 6 Comments

Beginners guide to Backdoor

Hello, aspiring ethical hackers. In our previous blogpost on maintaining access, you learnt the importance of maintaining persistence on target networks in hacking or a pen test. In this blogpost, you will learn about backdoor, one of the techniques used to maintain access on a target network.

What is a backdoor?

A backdoor is any method or technique other than the conventional method that that gives us continuous access to our target system, software or network.

According to Wikipedia, “A backdoor is typically a covert method of bypassing normal authentication or encryption in a computer, product, embedded device (e.g. a home router), or its embodiment (e.g. part of a cryptosystem, algorithm, chipset, or even a “homunculus computer”—a tiny computer-within-a-computer such as that found in Intel’s AMT technology).

Next question is why we need to create a backdoor? Once we gain access to a network (or after privilege escalation), there are chances that our intrusion is detected and security measure applied. Once this happens, our access to the target is lost. That’s why we need to create a backdoor.

Now, since you have understood what is a backdoor and its importance, let’s see an example of a backdoor. What better example than using Metasploit framework to demonstrate this. Metasploit has an inbuilt feature for creating a backdoor within meterpreter called persistence module. This method comes to use after gaining a meterpreter session on a Windows system. After gaining a meterpreter session on the target system, run the command given below.

run persistence -h

It will show you all the options we can set for our backdoor. All the options are self explanatory in the image given below.

Persistence1

Now I want my backdoor to start as soon as the system starts. So I chose ‘X’ option. After starting, I want it to make connection attempt to my attacker system every three seconds, so I kept the interval(i) as 3. The port on which connection should be made is 443. The option (r) is remote system’s IP address i.e the IP of the system to which the connection should be made.

Remember this script will be installed on the target system. Run the script. As you can see, the file is installed in the autorun.

Image explaining how to Backdoor Windows with Metasploit

Now it’s time to start a listener on our attacker system. It can be done as shown below.

Persistence3

Change the options accordingly as we set in the persistence script and start the handler. If the system is live, we will get the meterpreter shell as shown below.

Persistence4