All posts for the month June, 2016

Good morning friends. Today I will go back to the topic which sparked my interest in the starting days of blogging: phishing. Phishing is one of the most popular hacking attacks even today. Earlier we have seen howtos on phishing and Desktop phishing. Today we will see how to phish with Weeman Http server.

Weeman Http server is a simple server for phishing written in Python. So let us see how to phish with Weeman HTTP server. We will use Kali Linux as our attacker system. Open a terminal in Kali and type command “git clone” to install Weeman HTTP server in Kali.


Go to the directory where the server is installed and check its contents. There should be a python script named


Now start the server by typing command “./“. It should look like below.


Check all the options by typing command “help“.


We will use the default settings for this howto. Type command “show“. You can see all the options required for phishing.


Set the url option as the website you want to phish. For this howto, I am using Facebook (sorry Mark). Set the port appropriately( but use 80 ). The action_url option sets the page you want the victim to redirect after entering his credentials. This sis shown below.


Type command “run” to run our server. The server will start as shown below.


Now find out your IP address, obfuscate it, shorten it( this is shown in the video ) and send the link to the victim. When the user clicks on the link, he will get to our phishing page as shown below.


When the user enters his credentials and clicks on Login, he will be redirected to the original website.


While on our attacker system, we can see the credentials of our victim. Happy hacking.


Here’s the video version of this howto.

Good Morning friends. Today let us see how to install Kali Linux Rolling 2016 in Vmware Workstation. We will use Vmware Workstation 10 for this howto. The rolling edition of Kali Linux gives users the best of all worlds – the stability of Debian, together with the latest versions of the many outstanding penetration testing tools created and shared by the information security community.  Watch the video or scroll down for step-by-step guide.

Ever since Sana has been released, the makers of Kali Linux have also released Pre-built virtual images for virtual box and Vmware. We will use that virtualbox image in this howto. Go here and download the Pre-built vmware image. After download is finished, you will get a zip file as shown below..


Extract the contents of this file using any unzipping software into a folder  as shown below. The extracted file will be around 12GB, so make space appropriately.


After extraction, the files will look like below.


Now open Vmware Workstation and open the New Virtual Machine wizard( or just hit CTRL + N). Select the Custom radio button as shown below and click on “Next”.


Click on “Next”.


Select the option “I will install the operating system later” and click on “Next”.


Select guest operating system as Linux and version as Debian 7 64-bit if you downloaded a 64 bit Vmware virtual image and Debian if you downloaded a 32bit Vmware image. Click on “Next”.


Give any name to your virtual machine, allocate the location for it and click on “Next”.


Click on “Next”.



The system will take the required RAM as shown below. If you have more memory, you can allocate more RAM. Click on “Next”.


For network type, choose NAT and click on “Next”.


Click on “Next”.


Click on “Next”.


In the disk selection, choose the option “use an existing virtual disk” and click on “Next”.


Now browse to the folder where we have earlier extracted files of our zip file. Click on “Next”.


You will be shown a summary of your virtual machine. Your virtual machine has been successfully created. Click on “Finish”.


Now power on the Virtual machine. It should be like below. Hope it was helpful. If you face any problems during installation, please comment below.


Good evening friends. We have seen how to exploit many recent vulnerabilities using Metasploit. ( Go here, if you missed them ). Metasploit is a pentesting software which is by default installed in Kali Linux. Metasploit releases updates  every wednesday with the latest exploits. See the video or scroll through for textual howto.


In order to get the latest exploits, we need to regularly update the Metasploit framework by typing command “msfupdate” as shown below.


But in our latest version of Kali Linux, i.e Kali Linux rolling 2016.1, as soon we start Metasploit after updating, we are getting the following error.


Fixing this error is very simple. We just need to install ruby on our system. Type command apt-get install ruby as shown below.


After ruby installation is finished, start Metasploit. It should open successfully as shown below. It is that much simple to fix msfupdate error in Kali Linux. Happy hacking.


Good Morning friends. AirOS is the firmware maintained by Ubiquiti Networks for its airMAX products which include routers and switches. This firmware is Linux based. This module exploits a file upload vulnerability existing in the firmware to install a new root user to /etc/passwd and an SSH key to /etc/dropbear/authorized_keys. So let’s see hacking Ubiquiti AirOS. Start Metasploit and load the exploit as shown below. Type command “show options” to see what options we need to set.


The only option we need to set is our target IP address. If you have followed my previous howto’s you already know how to find the vulnerable targets. Set the target IP address as shown below. This module does not support check. No problem. Type command “show payloads” to see the payloads we can use with this exploit. We normally have only one i.e interacting with the target’s shell. Set the payload.



Type “run”  to execute our exploit. We will get the command shell of our target as shown below.


Let’s check it. Type command “ls” to get contents of the present directory.


This is the passwd file of our target which has been overwritten by our exploit.


Good morning friends. Hope you are doing well. Today we are going to see HTTP client information gathering exploit of Metasploit. As the name explains, this exploit gathers information about our target’s browser which may be useful to us in further exploiting the system. We get information like  OS name, browser version, plugins, etc. Let us see how this exploit works. Start Metasploit and load the exploit as shown below.


This exploit will run a server on the attacker system( here Kali rolling ). So SRVhost IP address should be Kali’s IP address. The port can be default or it can be set to 80 as I have done.


Run the exploit as shown below. It will start a server as shown below. Now we need to send this link to our victim’s.


When the victim clicks on the link, he will be shown a 404 error as shown below.


In the meantime, we will be getting the target information. Given below are the information we gathered from three browsers, Chrome,




and Internet explorer.


We got information like target OS, browser info along with its version, architecture etc.The most valuable info from this can be the OS of our target, the knowledge we can use in choosing our exploits to hack it. Happy hacking.