Think, Talk, Hack

Chinese Hackers Infect Over 50,000 Windows MS-SQL and PHPMyAdmin Servers Worldwide with 20 Different Payloads

A new China-based campaign dubbed Nansh0u targets Windows MS-SQL and PHPMyAdmin servers worldwide. The attack campaign primarily targets servers belonging to the healthcare, telecommunications, media, and IT sectors. Guardicore Labs detected the campaign at the beginning of April, but the attacks found dating back to February 26. Throughout the campaign threat actors used 20 different […]

root

OceanLotus APT Hackers Group using Steganography to Launch an Encrypted Malware Payload via .png Image File

A Well-known APT Group OceanLotus leveraging a steganography method to hide the encrypted malware payload within a .png image file to infect the targeted system. OceanLotus group known for Multiple attack campaigns around the globe, the threat actor group targets private sectors across multiple industries, foreign governments. Steganography, a method used by attackers to hide […]

root

Malicious Payload Evasion Techniques with Advanced Exploitation Frameworks

Sophisticated threats are Evolving with much more advanced capabilities and giving more pain for analysis even evade the advanced security software such as Antivirus. This comparison is made by the payload ability to bypass the default security frameworks accessible on Windows machines and antivirus systems available, searching for an approach to get a payload that […]

root

Create Metasploit Payload in Kali Linux MSFvenom Payload Creator

Create Metasploit Payload in Kali Linux MSFvenom Payload Creator (MSFPC)   Disclaimer Any actions and or activities related to the material contained within this Website is solely your responsibility. The misuse of the information in this website can result in criminal charges brought against the persons in question. The authors of Hackingvision.com will not be […]

root

Bypass antivirus detection With Phantom Payloads

According to ethical hacking courses, metasploit is the most popular tool used in pentesting. Metasploit tries to find weakness across your local network before an attacker does. This is the most common tool used by attacker’s to test security of operating system. In Kali Linux metasploit comes pre-installed with lots of payloads which are used […]

root

XSS Chef: Generating Custom XSS payloads

XSS Chef is a small React.js application inspired by CyberChef, which provides users with a modular way to build JavaScript payloads to typically be used during penetration tests to demonstrate cross-site scripting vulnerabilities. A live copy of the application can be found here. What Can I Do with XSS Chef? The current set of recipes can […]

root

Hacking with PHP payloads and ngrok – HackingVision

Hacking with PHP payloads and ngrok – HackingVision Welcome back to HackingVision. Today we will be hacking with PHP payloads,  in this tutorial we will be using msfvenom. Msfvenom comes included with Kali Linux operating system if you don’t already have Kali Linux installed you can download here.   Step 1: Installing ngrok Please follow […]

root

Hacking with with php payloads and ngrok

Hey lads today were hacking with php we will be using msfvenom payload . lets start by downloading ngrok and installing it on the system so click this link https://ngrok.com/download . now follow the instructions to install ngrok . so now we open terminal and type ngrok tcp 4545 or what ever port u want to […]

root

WhatsApp Gold Scam is Back with Malware Payload

In social media, the emergence of fake news and fake apps isn’t uncommon as thousands of these hoaxes keep circulating around the web to spread confusion among the users. Now, there is a new hoax doing the rounds and making headlines and it is called WhatsApp Gold Scam. Dubbed as WhatsApp Gold update, this hoax involves […]

root

Winpayloads – An Open Source Tool for Generating Windows Payloads

Winpayloads is a python based tool which combines some of the Powershell Empire features along with the metasploit framework to create windows payloads. It is simple to use and has some interesting options to choose between. Installing Winpayloads First, let’s clone the repository from Github. git clone https://github.com/nccgroup/Winpayloads.git After that go to the directory and […]

root

Brosec – An Open Source Interactive Tool to Utilize Payloads and Commands

Brosec is an open source terminal based tool to help all the security professionals generate the right payloads and commands. It can show you all the most popular commands you can use for information gathering, Linux, Windows, web and utilize payloads. Installing Brosec Let’s clone the repository, first. git clone https://github.com/gabemarshall/Brosec.git After that install the […]

root

ZIP File Raider – Burp Extension For ZIP File Payload Testing

ZIP File Raider is a Burp Suite extension for attacking web application with ZIP file upload functionality. You can easily inject Burp Scanner/Repeater payloads in ZIP content of the HTTP requests which is not feasible by default. This extension helps to automate the extraction and compression steps. This software was created by Natsasit Jirathammanuwat during […]

root

CAPE: Malware Configuration And Payload Extraction

CAPE is a malware sandbox. It is derived from Cuckoo and is designed to automate the process of malware analysis with the goal of extracting payloads and configuration from malware. This allows CAPE to detect malware based on payload signatures, as well as automating many of the goals of malware reverse engineering and threat intelligence. […]

root

SharpShooter – Payload Generation Framework

SharpShooter is a payload creation framework for the retrieval and execution of arbitrary CSharp source code. SharpShooter is capable of creating payloads in a variety of formats, including HTA, JS, VBS and WSF. It leverages James Forshaw’s DotNetToJavaScript tool to invoke methods from the SharpShooter DotNet serialised object. Payloads can be retrieved using Web or DNS delivery […]

root

GZipDe – A Sophisticated Malware Attack using Metasploit Backdoor with Encrypted Payload

Sophisticated Malware called GZipDe distributed through the Weaponized malicious document and installed the Metasploit backdoor in targeted victims computer. Metasploit is a powerful exploitation framework that contains various payloads which is used for penetration purpose to identify the vulnerabilities. but the cyber criminal taking advantage of its futures and ultimately using it for the various malicious purposes. The […]

root

LNK-Kisser – PowerShell Link Payload Generator

Making FUD Shortcut (.lnk) payloads with LNK-KISSER to remote execute malicious code.   Shortcut-Payload-Generator Exploiting Powershell to make ShortCut Payloads [fud]. There is too much of awsome tricks there , u can make it better ^_^. For Ex : Killing tcpview , taskmanager ..etc while downloading. Set hidden attribs to the malware after downloading….etc G00d […]

root

Terminator – Metasploit Payload Generator

Terminator Metasploit Payload Generator. Payload List : Binaries Payloads 1) Android 2) Windows 3) Linux 4) Mac OS Scripting Payloads 1) Python 2) Perl 3) Bash Web Payloads 1) ASP 2) JSP 3) War Encrypters 1) APK Encrypter 2) Python Encrypter The author does not hold any responsibility for the bad use of this tool, […]

root

Advanced tool to launch powershell payload remotely

Information security professionals explain that Harness is the remote access payload with the ability to provide a remote interactive PowerShell interface from a Windows system to almost any TCP socket. The goal of the Harness Project is to provide a remote interface with the capabilities and feel of the native PowerShell executable included with the Windows […]

root