Tutorials

DKMC – Another Wonderful Malicious Payload Evasion Tool (Windows Hacking)

Windows would be one of our common targets, since it is the most used operating system in the corporate environment. Since most of you are familiar with Windows, it would be easy to enumerate it. Our main goal is to generate a malicious payload with the help of DKMC (Don’t kill my cat) which is […]

Tutorials

MSFvenom Payload Creator (MSFPC) – Installation and Usage

With the help of MSFPC, you can quickly generate the payload based on msfvenom module which is a part of Metasploit Framework. So MSFvenom Payload Creator is a simple wrapper to generate multiple types of payloads like APK(.apk), ASP(.asp), ASPX(.aspx), BASH(.sh), Java(.jsp), Linux(.elf), OSX(.macho), Perl(.pl), PHP(.php), Powershell(.ps1), Python(.py), Tomcat(.war) and Windows(.exe/.dll). The only necessary input […]

Tech Articles

Meterpreter Commands in Detail 2017 – Metasploit Framework

After a successful exploit a Meterpreter shell allows you to perform many different functions along with a full remote shell. Meterpreter is great for manipulating a system once you get a remote connection, so depending on what your goals are; a Meterpreter shell is usually preferred to a straight remote terminal shell. Meterpreter gives us […]

Tutorials

Steal Windows Product Key Remotely with Metasploit Framework

As discussed previously, we had successfully exploited a windows machine with Metasploit Framework and created an administrator user in targeted machine. Now in this article, we’ll another exploit which steals the Windows Product Key remotely. Read Here: How to Hack Windows Machine with Metasploit Framework For this methods, run the “NETAPI Exploit” (specially for Windows […]

Tutorials

Advanced Error Based SQL Injection Exploitation – Manually

Previously we exploited a SQL injection vulnerable website with one of the most popular automated tool called as SQLMAP and now in this article, we’ll try to exploit the similar vulnerable website manually with Error based SQL Injection attack. SQL Injection (aka Structured Query Language Injection) is the first step in the entry to exploiting […]

Tutorials

Live SQL Injection Exploitation with SQLMap – A Detailed Guide

Hello geeks, today we’ll show you some basic SQL Injection techniques with the help of Python and SQLMap. SQL injection is one of the most critical vulnerabilities till now and is still included in the OWASP Top 10 list’s Injection flaws section. Sqlmap is one of the most popular automated SQL Injection exploitation tool which can […]

Tutorials

Hack Windows/Linux using ARCANUS Framework – 100% FUD

ARCANUS is a customized payload generator/handler for penetration testing only. You can easily generate a payload for both OS i.e. Windows and Linux distributions with just a single click. The latest version of ARCANUS FRAMEWORK is 1.5.6. Previously we discussed the same method with CHAOS FRAMEWORK where we generated a FUD payload and exploited the […]

Tutorials

Sniff HTTPS/FTP Packets using SSLSTRIP and DSNIFF – ARP Spoofing MITM Attack

As per Wikipedia source, In cryptography and computer security, a man-in-the-middle attack (MITM) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. A MITM attack (a type of eavesdropping attack) allows a malicious actor to intercept, send and receive data meant for someone […]

Tutorials

Creating an undetectable payload using Veil-Evasion Toolkit

In previous tutorials, we used msfvenom for generating various payloads but now a days AV companies coded a signature for the templates these schemes uses so to bypass AV, today we’ll use another framework called as Veil-Evasion Framework. Veil-Evasion is a tool designed to generate metasploit payloads that bypass common Anti-Virus solutions. To install Veil-Evasion, […]

Tutorials

Testing all SSL Vulnerabilities with TestSSL Script

testssl.sh is pretty much portable/compatible. It is working on every Linux, Mac OS X, FreeBSD distribution, on MSYS2/Cygwin (slow). testssl.sh is a free command line tool which checks a server’s service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws. Key features Ease of installation: It works for […]

Tech Articles

MSFVENOM – All payload examples – Cheatsheet 2017

Msfvenom is a Metasploit Standalone Payload Generator which is a replacement of msfpayload and msfencode. Through msfvenom, you can generate any kind of shellcode/payload depending upon the platform/OS you want to hack. Often one of the most useful abilities of Metasploit is the msfvenom module. Multiple payloads can be created with this module and it […]

Tech Articles

Meterpreter Useful Top 60 Commands List – 2017 Update

Meterpreter is an advanced, dynamically extensible payload that uses in-memory DLL injection stagers and is extended over the network at runtime. It communicates over the stager socket and provides a comprehensive client-side Ruby API. How Meterpreter Works The target executes the initial stager. This is usually one of bind, reverse, findtag, passivex, etc. The stager […]