Spirited wolf's


Hello everyone,

Cracking Forums is one of the best forum now,because HackRally is now sold and nothing he cool in HackRally now.

 About a week ago HackRally was sold, so the administrator of the HR started a new forum i.e Cracking Forums. It's really very amazing forum. Their we can discuss about  Programming, Pentesting, Graphic and Gaming stuffs , you can also sell or buy stuffs under  Marketplace section.

Metasploit for beginners

so, hello friends this is my 2nd post on Metasploit for beginners if you haven't checked the previous post then it is here
and if you don't know about me then let me introduce myself."My name is Spirited wolf and now i'm 16 years old cool and po** lover guy. And i love to share my knowledge with everyone who really need it. The thing  that you just need to understand me is Brain.exe, you can contact me here on my Facebook."

so, today we will discuss more about "Metasploit commands"

->The msfconsole has many different command options to chose from. The following are a core set of Metasploit commands with reference to their output.

here a look please 
PHP Code:
back          Move back from the current context
banner        Display an awesome metasploit banner
cd            Change the current working directory
color         Toggle color
connect       Communicate with a host
edit          Edit the current module with $VISUAL 
or $EDITORexit          Exit the console
get           Gets the value of a context
-specific variable
getg          Gets the value of a 
global variable
go_pro        Launch Metasploit web GUI
grep          Grep the output of another command
help          Help menu
info          Displays information about one 
or more module
irb           Drop into irb scripting mode
jobs          Displays 
and manages jobs
kill          Kill a job
load          Load a framework plugin
loadpath      Searches 
for and loads modules from a path
makerc        Save commands entered since start to a file
popm          Pops the latest module off the stack 
and makes it active
previous      Sets the previously loaded module 
as the current module
pushm         Pushes the active 
or list of modules onto the module stack
Exit the console
reload_all    Reloads all modules from all defined module paths
rename_job    Rename a job
resource      Run the commands stored in a file
route         Route traffic through a session
save          Saves the active datastores
search        Searches module names 
and descriptions
sessions      Dump session listings 
and display information about sessions
set           Sets a context
-specific variable to a value
setg          Sets a 
global variable to a value
show          Displays modules of a given type
, or all modules
Do nothing for the specified number of seconds
spool         Write console output into a file 
as well the screen
threads       View 
and manipulate background threads
unload        Unload a framework plugin
unset         Unsets one or more context-specific variables
unsetg        Unsets one 
or more global variablesuse           Selects a module by name
version       Show the framework 
and console library version numbers 

so, lets talk about some of them, 
->Simply displays a randomly selected banner
so, for this in our msfconsole just type banner
[Image: 7RPCxlB.jpg]

and the next command is ::check

->The info command will provide detailed information about a particular module including all options, targets, and other information. Be sure to always read the module description prior to using it as some may have un-desired effects.

The info command also provides the following information:

The author and licensing information
Vulnerability references (ie: CVE, BID, etc) ...

PHP Code:
msf >  use exploit/windows/smb/ms08_067_netapi
msf exploit
(ms08_067_netapi) > info 
[Image: FPqPxhw.png]

->Running the irb command will drop you into a live Ruby interpreter shell where you can issue commands and create Metasploit scripts on the fly. This feature is also very useful for understanding the internals of the Framework.

[Image: nRdq4ux.png]

->Jobs are modules that are running in the background. The jobs command provides the ability to list and terminate these jobs.

[Image: Izrsf0e.png]

->The msfconsole includes an extensive regular-expression based search functionality. If you have a general idea of what you are looking for you can search for it via ‘search ‘ command. In the output below, a search is being made for "NETGEAR ProSafe Network Management System 300 Arbitrary File Upload". The search function will locate this string within the module names, descriptions, references, etc.
[Image: 1GgKJrY.png]

->When you have decided on a particular module to make use of, issue the ‘use’ command to select it. The ‘use’ command changes your context to a specific module, exposing type-specific commands. Notice in the output below that any global variables that were previously set are already configured.

suppose you wants to use the "ms08_067_netapi" exploit then we will use 'use' command
PHP Code:
msf >  use exploit/windows/smb/ms08_067_netapi 
[Image: qdRC4c9.png]

->The ‘set’ command allows you to configure Framework options and parameters for the current module you are working with.

suppose you wants to set the RHOSt etc. then we can use
PHP Code:
msf exploit(ms08_067_netapi) > set RHOSt
[Image: DHzTzKI.png]

->Executing ‘show auxiliary’ will display a listing of all of the available auxiliary modules within Metasploit. As mentioned earlier, auxiliary modules include scanners, denial of service modules, fuzzers, and more.

[Image: dOjusIK.png]

->Naturally, ‘show exploits’ will be the command you are most interested in running since at its core, Metasploit is all about exploitation. Run ‘show exploits’ to get a listing of all exploits contained in the framework.

[Image: 71Cnc8L.png]

->As you can see, there are a lot of payloads available. Fortunately, when you are in the context of a particular exploit, running ‘show payloads’ will only display the payloads that are compatible with that particular exploit. For instance, if it is a Windows exploit, you will not be shown the Linux payloads.

[Image: EVQu8RU.png]

Due to characters limit i'm stopping this tutorial here sorry i apologize

see you in my next tutorial.

and if you wants to check some of metasploit tutorials then you can check them on my channel

====>Metasploit youtube playlist<====

Special thanks to:- CodeN/inja, 
Kishan,offensive security,
rootxploiter,Daniel,Rahul raz,Rahul mani and zayed sir.
Thanks ✌

Ultimate reference for all beginners Programmers and hackers

Hello Everyone,
 Check all these sites before starting Pentesting/Hacking and programming  :wink: ,

Our YouTube Channel link::

Our Facebook page::

 so here is the list of website from where you can start your journey.

And guys here is my some favourite sites to test your skills on SQL-Injection and xss

if your are newbie then first ask to google or you can watch our tutorial if you like then try these challenge's

SQL Injection Challenges For Practice:-

This a list of challenges XSS and SQLi I known. It belongs to noobs like me.

:p (y)

XSS Challenges For Practice:-

Learn Programming:-
Special thanks to:-CodeN/inja, Th3_uNique,Bd_InjeCtor,Zen,Alteras,Repetence,IndiGear,msfanurag,msfsri,
rootxploiter,Daniel,Rahul raz,Rahul mani and zayed sir.

Hope you will like the experience with us .

Thanks ✌ 

So, Hello everyone let me first introduce myself. My name is Spirited wolf and now i'm 16 years old cool and po** lover guy. And i love to share my knowledge with everyone who really need it. The thing  that you just need to understand me is Brain.exe, you can contact me here on my Facebook.

So  my first question is what is metasploit?

On Wikipedia it is written that
"The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development."

There are several interfaces for Metasploit available. The most popular are maintained by Rapid7 and Strategic Cyber LLC.

Metasploit Framework Edition
The free version. It contains a command line interface, third-party import, manual exploitation and manual brute forcing.

Metasploit Community Edition
In October 2011, Rapid7 released Metasploit Community Edition, a free, web-based user interface for Metasploit. Metasploit Community is based on the commercial functionality of the paid-for editions with a reduced set of features, including network discovery, module browsing and manual exploitation. Metasploit Community is included in the main installer.

Metasploit Express
In April 2010, Rapid7 released Metasploit Express, an open-core commercial edition for security teams who need to verify vulnerabilities. It offers a graphical user interface, integrates nmap for discovery, and adds smart bruteforcing as well as automated evidence collection.

Metasploit Pro
In October 2010, Rapid7 added Metasploit Pro, an open-core commercial Metasploit edition for penetration testers. Metasploit Pro adds onto Metasploit Express with features such as Quick Start Wizards/MetaModules, building and managing social engineering campaigns, web application testing, an advanced Pro Console, dynamic payloads for anti-virus evasion, integration with Nexpose for ad-hoc vulnerability scans, and VPN pivoting.

Armitage is a graphical cyber attack management tool for the Metasploit Project that visualizes targets and recommends exploits. It is a free and open source network security tool notable for its contributions to red team collaboration allowing for shared sessions, data, and communication through a single Metasploit instance.

Cobalt Strike
Cobalt Strike is a collection of threat emulation tools provided by Strategic Cyber LLC to work with the Metasploit Framework. Cobalt Strike includes all features of Armitage and adds post-exploitation tools, in addition to report generation features.


First of all start the metasploit service

applications kali linux system services metasploit start 


service metasploit start 

Run msfconsole
just type msfconsole in your terminal

sudo msfconsole 

and the you will see something like this
[Image: 8wDgOcs.png]

so, what is msfconsole?
->Msfconsole is the main interface to metasploit. There are GUI interfaces (armitage), and a web interface too (websploit). With msfconsole, you can launch exploits, create listeners, configure payloads etc.

Note:-"Metasploit has lots of great documentation built in. Type help to get a basic list of commands."

like if you wants to check what commands you can use then just type help or ? <- question mark


msf > help

Core Commands

    Command       Description
    -------       -----------
    ?             Help menu
    advanced      Displays advanced options for one or more modules
    back          Move back from the current context
    banner        Display an awesome metasploit banner
    cd            Change the current working directory
    color         Toggle color
    connect       Communicate with a host
    edit          Edit the current module with $VISUAL or $EDITOR
    exit          Exit the console
    get           Gets the value of a context-specific variable
    getg          Gets the value of a global variable
    grep          Grep the output of another command
    help          Help menu
    info          Displays information about one or more modules
    irb           Drop into irb scripting mode
    jobs          Displays and manages jobs
    kill          Kill a job
    load          Load a framework plugin
    loadpath      Searches for and loads modules from a path
    makerc        Save commands entered since start to a file
    options       Displays global options or for one or more modules
    pushm         Pushes the active or list of modules onto the module stack
    quit          Exit the console
    reload_all    Reloads all modules from all defined module paths
    rename_job    Rename a job
    resource      Run the commands stored in a file
    route         Route traffic through a session
    save          Saves the active datastores
    search        Searches module names and descriptions
    sessions      Dump session listings and display information about sessions
    set           Sets a context-specific variable to a value
    setg          Sets a global variable to a value
    show          Displays modules of a given type, or all modules
    sleep         Do nothing for the specified number of seconds
    spool         Write console output into a file as well the screen
    threads       View and manipulate background threads
    unload        Unload a framework plugin
    unset         Unsets one or more context-specific variables
    unsetg        Unsets one or more global variables
    use           Selects a module by name
    version       Show the framework and console library version numbers

Database Backend Commands


    Command           Description
    -------           -----------
    creds             List all credentials in the database
    db_connect        Connect to an existing database
    db_disconnect     Disconnect from the current database instance
    db_export         Export a file containing the contents of the database
    db_nmap           Executes nmap and records the output automatically
    db_rebuild_cache  Rebuilds the database-stored module cache
    db_status         Show the current database status
    hosts             List all hosts in the database
    loot              List all loot in the database
    notes             List all notes in the database
    services          List all services in the database
    vulns             List all vulnerabilities in the database
    workspace         Switch between database workspaces

msf >
[Image: JK3dNQa.png]

Pick a vulnerability and use an exploit

->Once you know what your remote hosts system is (nmap, lynix, maltego, wp-scan, etc) you can pick an exploit from Metasploit to test. rapid7 have an easy way to find exploits. There is also a way to search within msfconsole for various exploits:

search type:exploit

search name:xxxx

search CVE-xxx-xxx

search cve:2016 

Hope you liked my tutorial:-

See you in my next tutorial

and if you wants to check some of measploit tutorials then you can check them on my channel

====>Metasploit youtube playlist<====
Please subscribe

Special thanks to:- CodeN/inja, Th3_uNique,Bd_InjeCtor,Alteas,Repetence,IndiGear,msfanurag,msfsri,Kishan,rootxploiter
Thanks ✌ 

Hello everyone ,
Today on the behalf of Legion group i would like to make a tutorial on GOLISMERO The Web Knife.

Actually one of my friend told me that,
"theharvester or golismero.py. Both of those tools are excellently written scripts for crawling domains for information that deserves mention".

This amazing method is used for Information-Gathering process/Security-testing/technique.

What is Golismero?

I was talking with one of my friend Gee4rce and he told me about this tool. He told me that Golismero is a collection of tools which are usually used seperately to scan for Vulnerabilities. In this Toolbox we have OpenVAS, (etc.) - all theese are vulnerability scanners. By using a vulnerability scanner, you automate the process of vulnerability scanning and mostly get the results back in a Report. Golismero combines some of the most powerfull OpenSource or free for use tools curently availible. With this, you have all these tools in one place, combined in Golismero.

Why Golismero?

I know your first question will be why we should use Golismero when we have some amazing tools for pentesting? Right?

So, my answer is simple:-

1. First one is of course that it is Opensource Tool/Framework.

2. Second one is as most of us this that their are many other tools are available in market that we can use, then you will love to hear that we can attach other tool [Like:-Nmap ,xsser , openvas, dnsrecon and theharvester]reports in this Golismero Framework .

3. This Framework is now available for all platforms , it doesn't matter if you are Windows , Linux or Mac user we can use it in any Operating System now. 

4. We don't need to download/install any other dependency except PYTHON dependency because it just need python to run.

5. It is also integrated with CVE and owasp so it will easy for us to use them now.

[For report's]


Just follow these simple steps:-

1.apt-get install python2.7 python2.7-dev python-pip python-docutils git perl nmap sslscan

2.cd /opt

3.git clone https://github.com/golismero/golismero.git

4.cd golismero

5.pip install -r requirements.txt

6.pip install -r requirements_unix.txt

7.ln -s /opt/golismero/golismero.py /usr/bin/golismero 

Then just exit and we have done.

For More Info Go:- HERE

So, I am dividing this tutorial in 2 parts 1st one is this where i will just introduce this tool and in next tutorial i will Demonstrate on Live website.



Basic command is of course " -h "

golismero -h

A. 1st command is :- 

golismero scan <target>

Example:-"golismero.py scan http://www.example.com"

So now it will run with all default options and show the report on standard output.

B. 2nd command is:-

golismero scan <target> --audit-name <name>

We can also set a name for your audit using audit-name attribute

C. 3rd command is:-

golismero scan <target> -o <output file name>

We can produce reports in different file formats. Example in .html , .php or in .txt etc. and you can write as many files as you want.

D. 4th command is:-

golismero scan -i nmap_output.xml -o Report.html

We can Grab Nmap results scan all hosts found and write an HTML report.

Golismero Available plugins

To display the list of available plugins:

golismero plugins

See you in my next tutorial Friends

It took me 1 Hour to make this tutorial, But it will take only 1 sec. to leave a review/reply here. Please comment if you like this tutorial. 

:angel: Thanks :angel: 
Hello Everyone,
Today i would like to demonstrate How we can do PHP CGI ARGUMENT INJECTION using Metasploit.

So, If have you Don't know about metasploit then check my then tutorials:-

     ==>Metasploit Playlists<==

So, If you already know about Metasploit then lets start.

The module that we are going to use is :-exploit/multi/http/php_cgi_arg_injection

About this vulnerablity-by Rapid7
So they say-"When run as a CGI, PHP up to version 5.3.12 and 5.4.2 is vulnerable to an argument injection vulnerability. This module takes advantage of the -d flag to set php.ini directives to achieve code execution. From the advisory: "if there is NO unescaped '=' in the query string, the string is split on '+' (encoded space) characters, urldecoded, passed to a function that escapes shell metacharacters (the "encoded in a system-defined manner" from the RFC) and then passes them to the CGI binary.""

This means that if we try to pass/add some parameter we can run some arbitrary code using it. 

So lets try to exploit it.

We are going to use Metasploitable 2.

1. Open Metasploit console.
[Image: H8B4rmb.png]

2. Then just select php_cgi_arg_injection module.
msf> use exploit/multi/http/php_cgi_arg_injection 

[Image: 8a6B1oA.png]

3. Now just set the options and exploit.
msf exploit(php_cgi_arg_injection) > set RHOST

msf exploit(php_cgi_arg_injection) > exploit

And done we got a meterpreter session.

[Image: rczIdmz.png]

Done :D we got meterpreter session
[Image: 3ZoFrbK.png]

If you will like this,

[Image: 1vmW1XH.png]

Hello everyone,

Hack Rally is one of the best forum that i had ever seen after HackForums.

 Yesterday i was searching for cool and nice place and i found this HackRally Forums. It's really very amazing forum. Their we can discuss about  Programming, Pentesting, Graphic and Gaming stuffs , you can also sell or buy stuffs under  Marketplace section.

So, Hello guys
I'm Spirit as you all know and today i am gonna demonstrate a tutorial on how you can exploit windows using DLL Injection.


So in this tutorial
Attacker machine::Ubuntu (which is using Metasploit)
Victim::Windows 10 
Framework that we will use::Metasploit
so what i'm just gonna do is i'll just simply generate a payload using the Metasploit framework && then we will also create our trigger file in .bat extension so in that trigger.bat file we will just simply give two commands their to run 1)rundll32.exe  and 2)our generated payload file && then we will create a SFX archive of both files (trigger.bat,your generated payload[.dll]). So, when he/she will open my new SFX archived (.exe) file  and run it we'll get a reverse meterpreter session. ;)
This tutorial is for education purpose only. I'll not be responsible for any harm.
Please Subscribe My Channel If you like it::

Please Like My Facebook Page::

Follow me on Twitter::

Deface a website using Metasploit tutorial-By Spirit 
So, Hello guys
I'm Spirit as you all know and today i am gonna demonstrate a tutorial on how you can deface a website using metasploit. 
If you don't understand anything then please comment.

So in this tutorial what i'm just gonna do is that i'll just simply generate a shellcode using the msfvenom and then upload that shellcode in the website. So, when we will open our shellcode we'll get a reverse meterpreter session. ;)
This tutorial is for education purpose only. I'll not be responsible for any harm.
Please Subscribe My Channel If you like it::

Please Like My Facebook Page::

Follow me on Twitter::
Next PostNewer Posts Previous PostOlder Posts Home