Hello aspiring hackers, till now we have only seen hacking windows operating systems with customized payload generators. Today we will see hacking Linux OS with Arcanus framework.

Although not as great as Windows, people using Linux OS are growing day by day. In my opinion, Linux os is a bit easy to hack with payload generators as there is a general myth that Linux is immune to malware. Some of my friends use Linux as dual boot to keep themselves safe from virus. Here are some more myths people have about Linux security.

Ok, now let us see how to hack Linux OS with Arcanus Framework. Start Arcanus Framework and select the option 3 since we are generating a Linux payload. If you are new to Arcanus Framework, go here.


Hit Enter. Enter your IP address (Kali Linux in this case) and the listening port as shown below.


Hit Enter. It will generate the payload in the same directory start to automatically listen for a reverse shell as shown below.


Send the generated payload to our victim. When he runs it, we should get a shell on his system as shown below.



Good morning friends. Today we will see about hacking Nagios with Metasploit. Nagios, also known as Nagios Core, is a free and open source computer-software application that is used to  monitor systems, networks and infrastructure. It offers monitoring and alerting services for servers, switches, applications and services. Italso alerts users when things go wrong and alerts them a second time when the problem has been resolved.

Versions of Nagios XI 5.2.7 and below suffer from SQL injection, auth bypass, file upload, command injection, and privilege escalation vulnerabilities. This exploit uses all these vulnerabilities to get a root shell on the victim’s machine. Now let’ see how this exploit works. Start Metasploit and load the module as shown below.


Let us set a new payload as shown below.


Set the target IP address as shown below. Use check command to see whether our target is vulnerable as shown below. If our target is vulnerable, type command “run” to execute our exploit. If everything goes right, we will get a shell on our target as shown below.


How to stay safe:

The current version of Nagios available is 5.29. Please update to the latest version.


Good evening friends, today we will see how to exploit a recent vulnerability found in Dell KACE K1000 systems. To those newbies, who don’t know what they are, the Dell KACE K1000 System Management Appliance offers a comprehensive systems management solution including initial inventory and discovery, software distribution, configuration management, patching, security vulnerability remediation, asset management, helpdesk and reporting.

This module of Metasploit exploits a file upload vulnerability in Kace K1000 versions 5.0 to 5.3, 5.4 prior to 5.4.76849 and 5.5 prior to 5.5.90547 which allows unauthenticated users to execute arbitrary commands. First of all start Metasploit and search for our exploit as shown below.


Next, load that exploit. Once the exploit is loaded, see what are the options required for our exploit to work. We will need the IP address of our target and the remote port.


Well, we already know how to find the targets if you have been following all my previous articles. Set the target IP address as shown below. See what payloads this exploit supports.


Set the payload you want. I chose the first one. Once again, check whether all options are set by typing command “show options”.


Once everything is set, use “check” command to see if our target is vulnerable. Not every system you are trying to attack is vulnerable, so keep a list of target IP’s.


Once you find a vulnerable system as shown above, type “run” command to execute our exploit. We should successfully get the remote system’s shell as shown below. Happy hacking.


Good Evening Friends. Today we will see how to hack a remote Linux PC with phpFileManager 0.9.8 rce exploit. rce stands for remote code execution. Phpfilemanager is a complete filesystem management tool on a single file.  Among the features of phpFileManager:
. server info
. directory tree
. copy/move/delete/create/rename/edit/view/chmod files and folders
. tar/zip/bzip/gzip
. multiple uploads
. shell/exec
. works on linux/windows
. php4/php5/apache2 compatible
. english/portuguese/spanish/dutch/french/german/italian/korean/russian/catalan translations.

It is used to manage files of webserver and it boasts of around 382 downloads per week. Its browser interface can be seen below.


We will try to hack into  a Ubuntu 12.10 PC from Kali Linux using this phpFilemanager 0.9.8 rce  exploit. Given below is the Video version of this howto. If you are interested in the textual version scroll down below the video version.

Start Metasploit. Search for the phpfilemanager exploit by typing command “search phpfilemanager” as shown below.


Load the exploit as shown below. Set the required options as shown below. Most of the options are all set except the remote host address, i.e your target’s IP address.


Type command “show payloads” to see the available payloads and set the payload you want. I have selected the payload highlighted below.


Set the payload and check if all required options are set by typing command “show options”.


Type command “exploit” to execute the exploit. If everything went well, you should get the remote pc’s shell as shown below.


It should look like shown below. Type command “ls” to see the contents of the present directory. as shown below. You can see the two files which we saw in our first picture. Now let us navigate to the etc directory as shown below.


And type command “vi passwd” to open the passwd file of the remote PC. Vi is the default text editor in Linux.