All posts for the month September, 2016

Hello aspiring hackers, till now we have only seen hacking windows operating systems with customized payload generators. Today we will see hacking Linux OS with Arcanus framework.

Although not as great as Windows, people using Linux OS are growing day by day. In my opinion, Linux os is a bit easy to hack with payload generators as there is a general myth that Linux is immune to malware. Some of my friends use Linux as dual boot to keep themselves safe from virus. Here are some more myths people have about Linux security.

Ok, now let us see how to hack Linux OS with Arcanus Framework. Start Arcanus Framework and select the option 3 since we are generating a Linux payload. If you are new to Arcanus Framework, go here.


Hit Enter. Enter your IP address (Kali Linux in this case) and the listening port as shown below.


Hit Enter. It will generate the payload in the same directory start to automatically listen for a reverse shell as shown below.


Send the generated payload to our victim. When he runs it, we should get a shell on his system as shown below.



Hello friends.. I took a long break from the blog (actually I was channeling my energy on my monthly magazine Hackercool). But I am here now back with a bang or should I say hack. Ok, Most of the times we only get a command shell on our target while hacking, although we wish we got a meterpreter session (like the case here). Today we will see how to upgrade the command shell to meterpreter.

First thing we need is to background the current command shell session. Hit on CTRL+C. Don’t abort the session altogether. If it happened by mistake ( like it happened to me below), select “no” when it asks whether to abort a session. Then hit CTRL+Z and select Yes. Your session has been sent to background. Remember the session number.


Load the command shell to meterpreter upgrade module. We need only one option, the session id we sent to background.


Specify the session id and run the exploit as shown below. We will get the meterpreter session.


Type command “sessions -l” to see all our sessions as shown below.


We can load the meterpreter session as shown below.


If you found that helpful. Please check out my monthly magazine Hackercool (in the side widget) which is free but you can also PAY WHAT YOU WANT.

Good eveninggggggg friends. I am very happy and the cause for my happiness is the Hackercool pdf monthly magazine I recently started. The test edition was received positively. But some of the security conscious readers have raised concerns whether this pdf magazine may be booby trapped to hack my readers. So I thought it would be good to make a howto on pdf forensics. By the end of this article, you will be able to tell whether the pdf you received is genuine or malicious.

For this howto, I will create a malicious PDF with Metasploit using the following exploit.


As is well known, this exploit hides an exe within a PDF file. This PDF file can be sent to our target using any social engineering technique. When the target user clicks on it, we will get reverse_tcp connection. Another file we will be analyzing is the PDF copy of my Hackercool monthly magazine. Both of the files are shown below.


The first tool will be using is pdfid. Pdfid will scan a file to look for certain PDF keywords, allowing you to identify PDF documents that contain (for example) JavaScript or execute an action when opened. It will also handle name obfuscation.

Let us first analyze the pdf we created with Metasploit as shown below. As we can see below, the evil.pdf has JavaScript, Openaction and launch objects which are indeed malicious.


Now let us analyze my monthly magazine as shown below.


As you have seen above, it’s totally clean. No JavaScript, nothing. That should calm my magazine readers.

Now coming to the malicious PDF, we can disable the malicious elements of the file using pdfid as shown below. Now the file is clean.


Now if we want to do further analysis on the malicious PDF, we can use another tool called pdf-parser. It will parse a PDF document to identify the fundamental elements used in the analyzed file.

Type command “pdf-parser /root/Desktop/evil.pdf” without quotes.

That will parse the entire PDF and its objects (We saw earlier that our malicious pdf contains 12 objects). On observation, objects 10 and 9 evoke some interest. We can also parse each object of the pdf file.  Let us parse the object 10 as shown below.

We can see it has a launch action which launches the cmd.exe.


Similarly in object 9 we can see a JavaScript action.


Using pdf-parser with the ‘c’ option will display the content for objects without streams or  with streams without filters.


On observation we can see a stream that looks like shellcode present in object 8.


That’s all for today my friends. Please have a look at my monthly magazine.



WARNING : This knowledge is only for ethical purposes. Misuse this info at your own risk.

Good morning ethical hackers. Polycom HDX devices are popular worldwide for video conferencing. They are fit for meeting rooms and conference halls of various sizes as they support 1 to 3 displays. The login component of the Polycom Command Shell on Polycom HDX video endpoints, running software versions 3.0.5 and earlier, is vulnerable to an authorization bypass when simultaneous connections are made to the service, allowing remote network attackers to gain access to a sandboxed telnet prompt without authentication.

So when all the conventional methods to get access to a network, this can work as an entry point of course if they are using this product. Let us see how this can be used in our pen test. Start Metasploit and load the exploit as shown below.


Set the target and check if it’s vulnerable as shown below using “check” command.



You can use the default payload or choose the required payload. I am using the below payload. After setting payload, type command “run” to run the exploit.  The exploit works as shown below.