Are you interested in learning how to hack like a pro? Look no further than Viper - the renowned hacking tool! With our guide, you'll be able to master this powerful software in no time. Whether you're a beginner or an experienced hacker, Viper is an essential tool to have in your arsenal. Our comprehensive guide will help you confidently navigate the software and become a true expert.

You can download Viper from the in-game webpage (URL TBC). Additionally, Viper hosts metaxploit.so, so there's no need to visit a "hackshop". You can start hacking right away.

** Be aware that any other Viper site from in-game is fake and contains malicious fake Viper files. There is only one legitimate viper site, and its URL is (URL TBC). **


(URL TBC) also hosts:
- vbt: a brute force password cracker that can easily crack any NPC root password.
- htop: a live system monitor and process viewer.

Viper has its own Discord server that is active, and you can find it at :
https://discord.gg/wNE6UhEB8v

Viper also hosts its IRL website https://viper-guild.com/
This is an out of game website, please make sure to read the rules if you decide to join


Many thanks to Volk for creating Viper and his tools. And Xclusive, as I used his guide as a sort of template for the new guide.

One of the first commands you will use in Viper is the Nmap command. Used to scan your targets .. or yourself

Nmap scans the provided IP address to identify open and forwarded ports, providing you with information about your target. Moreover, Nmap can identify the service running on the port and its version.

• usage : nmap [IP / DOMAIN]
  
• example : nmap 1.1.1.1
  
  
• bonus : nmap random
  this will scan a random ip

Exploitscan is a procedure that assists in identifying any known vulnerabilities in an open port. Once the scanning is complete, all available exploits, including the failed ones, are displayed.

It is important to also focus on the failed exploits as they provide insights into why they didn't work. This information can be used to develop a successful exploit. As you gain experience, the failed exploit process will become more apparent.

Port 0 is always the router

• usage : es [PUBLIC IP] [PORT]
  
• example : es 1.1.1.1 80

During our exploit scan, we analyzed port 0 for vulnerabilities. The resulting output revealed some noteworthy findings. The image below displays only a portion of the results.

Targets will display a list of all vulnerabilities found on the scanned port.

It is important to consider the object type as certain types only allow limited commands on the target.

• Shell > Computer > File

The more ports you scan, the longer your targets list will get. A good rule of thumb is to keep it tidy so you don't get confused. You can delete targets using the "deltargets" command. If you exit Viper they will be removed anyway.

• usage : targets
  
• example : targets
  
  
• usage : deltarget [INDEX]
  
• example : deltarget 0-5
  this example will delete all targets from 0 to 5

Our target list indicates that we have 11 access points to our victim. This includes a root shell, guest shell, and guest file. A root shell is the most valuable access point as it provides complete control. Any object type that is a shell is ideal, as it allows for easier privilege escalation compared to a computer or file.

The 'use' command selects the appropriate exploit to gain access to the victim's system.

Our goal is to find the one that provides a strong initial foothold on the target machine.

• usage : use [INDEX]
  
• example : use 8

we use the command use 0 which selects our exploit at INDEX 0 listed from the targets.
As you can see from the image, our terminal promt has changed.

Just to clarify, if you were previously logged in as "guest@viper", your login will now be "root@viper". Additionally, our public IP has changed to the targets, which will help you to better indicate your location and also display the LAN IP.

We are currently using the root user account at 109.179.31.36 on LAN 192.168.0.1. We have full control of this router, using a shell object.

Fs stands for file system. You can use this command to check the system's files and structure after accessing the target machine.

Grey Hack does not allow scripts to open GUI programs, such as File Explorer. Therefore, the daily use of Viper's fs command is crucial. We will explain later on, how to get around this for those wanting to complete missions which require opening .exe programs

When using Viper's fs command, the file system is color-coded based on your permissions

• red - no access
  
• yellow - partial access
  
• green - full access

• usage : fs
  
• example : fs

as you can see we have control

Jump is one of the most important elements required to navigate around the target. It is used to access environment variables on the client.

To use the command, you must be in a shell object and have access to a folder in order to place it on the system.

• usage : jump [/enter/path/here]
  
• example : jump /home/guest

Our guide's target has been changed to solely focus on explaining the usage of jumpfiles.

We begin on the target in a guest shell. As you can see from the color-coded file system we previously explained, we only have access to the /home/guest directories. This is still a great starting point.

We execute the command: jump /home/guest.

Next we execute the command: fs just to make sure our jumpfiles have been uploaded onto the target. The fs command confirms the successful upload of the jumpfiles to the specified path.

The put command is used for uploading files from your system to the target.

Please note that the permissions you set for your files will stay the same when you upload them to the target. It is important to be aware of this when uploading files that require root permissions to execute and you are a guest user. In such cases, you won't be able to open those files.

• usage : put [/select/path/to/file/on/your/system]
  
• example : put /lib/metaxploit.so /home/guest

We will use the example above on our target. This will upload the file metaxploit.so from our "lib" folder to the victim's system and save it in the "/home/guest/" directory.

we run the command: fs again to check everything is ok

This command allows us to import the metaxploit.so from the target that we uploaded using the previous put command. It is vital to use the getlib command for privilege escalation.

We won't be able to carry out any attacks on the victim's local libraries without using the getlib command. If we attempt to do so without using the correct method sequence we will be scanning our own libs

• usage : getlib [/path/to/metaxploit.so]
  
• example : getlib /home/guest/metaxploit.so /home/guest/jumpfile

Now the metaxploit.so has been imported correctly

When executing the lib command, it will display all the metaxploit.so files that have been imported during your current Viper session. Additionally, it will show the crypto.so and aptclient.so files. This information includes the IP address and LAN where the files were imported from.

When you execute the libs command, you should always have a metaxploit.so already imported at INDEX 0. This is generally the metaxploit.so you have on your system where you launched Viper from.

• usage: libs
  
• example: libs

At INDEX 3, you can see the metasploit.so library we imported along with the public IP and LAN from where it was. Multiple libraries can be imported and switched between.

The uselib command is used to select a library from the imported libs

When executing the libs command, your libraries will be colour-coded to help identify the selected one.

• green - selected
  
• grey / white - not selected

• usage : uselib [INDEX]
  
• example : uselib 3

We enter the command: uselib 3 which selects the metaxploit.so we want to use that we have imported from the target. After executing the command libs, you will notice that our new imported metaxploit.so is now highlighted in green, indicating its selection.

Ls is used to display the contents of a directory

This command can be quite handy when you need to view a list of files in a particular directory. It provides a specific and focused view, much like our fs command but less directories.

• usage : ls [/folder/you/want/to/view]
  
• example : ls /lib

Now that we are set up and ready to begin, we will start attacking the target's libraries to help escalate. We will run the command ls /lib to see which libraries are available to attack.
The files will still remain colour coded red, as we are still guest. Dont let that confuse you.

Privilege escalation refers to a network attack aiming to gain higher-level access within a system.

We are looking for a way to gain higher access privileges than what we currently have in the guest shell. Perhaps there is a user shell available that grants access to the /etc/passwd file, which we can read. If we can find the root password, we can use it to log in as a root user. Ideally, we may even discover a root shell to achieve our goal.

lets start. first in the /lib folder is init.so we attack this lib using the es command we have covered already in the guide

es init.so

Unfortunately, es init.so did not find any exploits. However, a failed exploit provided us with some information.
The message suggests that we can obtain a positive result by adding a LAN IP address of the victim while scanning the init.so. You can use the command: nmap (target's public IP) to find out which LAN is associated with which port. Alternatively, you may run the command: deepscan (target's public IP) /path/to/jumpfile to get a list of all the subnets on the target system.
We nmap the target and discovered that it is running ports 80, 21, 22, 3306, and 3307 on the LAN address 192.168.0.2.. Next, we execute the command: es init.so 192.168.0.2.
We have successfully discovered a BOUNCE exploit that can grant us root user access to a computer object on the LAN address 192.168.0.2. Although it has some limitations and is not as good as a shell, it still provides us with plenty of options to work with and can be helpful.
Lets run the targets command that we have talked about. here we can see the exploit we have just discovered
We now use the command: use 0 to select the exploit. After this, our terminal prompt changes to root user at 120.103.186.110 on LAN 192.168.0.2 on a computer object.
As a root user, we have the privilege to access the password file located at /etc/passwd. Let's go ahead and check it out.
The passwords are protected by a hash and will need to be cracked, which will be covered in the rest of this guide.
With the knowledge you've gained from this guide, you are now equipped to scan, attack, and escalate. The rest of the guide will enhance your skills further by covering other advanced commands and their uses. Keep learning and exploring, and you'll become an expert in no time!

Msfvenom is used to create a reverse shell on the target

With Msfvenom, you have the ability to create a shell payload that can run on the target machine and initiate a connection back to your own machine. To drop a reverse shell on the target system, you need to import the metaxploit.so from the target. If you are unsure how to import, please refer to the >_Put and >_Getlib sections in the guide.

• usage : msfvenom [IP] [PORT] [PROCESS NAME]
  
• example : msfvenom 1.1.1.1 1222 rshell

First we import the metaxploit.so
We run the libs command to determine the index of the imported metaxploit.so file, then select it using uselib.
After selecting the correct metaxploit.so from the target, we need to use the following command to create an rshell:
msfvenom [IP OF YOUR RSHELL SERVER] 1222 [RSHELL NAME]
In this command, you should replace "IP OF YOUR RSHELL SERVER" with the IP address of the server where your rshell service is running, such as your rental server. Also, replace "RSHELL NAME" with the desired name for your rshell. The number 1222 refers to the port of your rshell service. If you drop a rshell as a root user, the rshell will also have root privileges when you reconnect to it. If you are a guest, it will have guest privileges.
The red paint mark is to hide my rshell server ip.
** Please check out >_Msfconsole on how to connect to your rshell **

This command will open the rshell interface

When you enter the command msfconsole, you will open an interactive interface that allows you to interact with your currently running reverse shells. From there, you can view your shells and connect to them. However, if the shell is killed, either by someone who has discovered your shell or by a system wipe, you will lose that shell and it will no longer be accessible through your msfconsole.

• usage : msfconsole
  
• example : msfconsole

To connect to your msfconsole you will need to load the metaxploit.so from where your rshell service is running.

1. If you have the rshell service running from where you open Viper, just type msfconsole. If you get an error, make sure you are using the correct metaxploit.so from the libs command.

1a. If you have the rshell service running from a separate server to where you open Viper / hack from, you will use different steps to import the metaxploit.so from that server.
- First, you need to SSH into your rshell server by running ssh root@[PASSWORD] [IP]. Once connected, import metasploit.so. You can use the back command to return to your previous location.
Using a macro can execute multiple commands all at once which helps with the speed of loading metaxploit.so from another server, this will be explained later on in the guide.

After executing my macro which connects me to my rshell server by SSH, it then ran the libs command. However, I did not select metaxploit.so from the rshell server at index 4.
lets see what happens when the correct metaxploit.so is not selected and we try run the msfconsole command
After selecting the correct metasploit.so linked to our rshell server using the uselib command, we run the msfconsole command which provides us with a working user interface. Here you can see i have 4 active rshells
Help command will display the list of commands to navigate msfconsole. Use list to view all connected rshells. Here you can see our previously placed rshell on LAN 10.0.9.3 at 219.198.60.4 as root user.
We use the command use 3 to select our shell, which then connects us to that target
When you type the ps command to view running processes, you can see the reverse shell named "rshell" on the target.
To remove a rshell, you will need to connect to it and use the command :
ps then kill [PROCESS ID]

Vars is short for variables which are used in programming as a way to store data. It's also a program shortcut that allows you to execute a command.

Adding multiple vars in Viper is the quickest way to execute commands without wasting time on typing long commands repeatedly.

• addvar - adds the variable
  
• delvar - deletes variable
  
• save-settings - saves the settings

• usage : addvar [FLAG] [COMMAND]
  
• example : addvar -n nmap
  
  
• usage : delvar [FLAG]
  
• example : delvar -n
  
  
• usage : save-settings
  
• example : save-settings

Before you start adding variables, create a Viper.conf file in the "root > Config" folder. All your settings and variables will be saved here. (create a .txt file and name it Viper.conf)

In Viper, let's create a var with the -n flag to execute nmap by typing addvar -n nmap.
We save the settings by typing save-settings, this saves to our Viper.conf file
Let's execute our new var; we will use 1.1.1.1 as an example IP.
-n 1.1.1.1. How easy was that? instead of typing nmap, we now type -n
Typing vars will list all your variables; some variables will already be saved for you.
Now you can put your most used commands under certain flags or even shortened words, your vars do not have to look like -a -b -c, you can name them anything you like.

Macros are used to perform multiple commands by executing just 1 command

With macros, you can create a command to execute all your commands at once. It's like a shortcut that helps you upload files, run commands and whatever else you need to do, all in a row. It's helpful for saving time by not continuously writing the same commands over and over

• usage : @[MACRO NAME]
  
• example : @dir

Begin by creating a folder called Macros in root > Config The folder name is case sensitive and must be capitalized.
Next, open Notepad.exe; this is where we will write our macro commands. For this example, i will demonstrate a macro which will in order

1. make a directory called viper in /home/guest/
2. upload the viper tool to the viper directory
3. upload metaxploit.so to the viper directory

Save your macro into your Macros folder, what ever you name your macro will be the command you must use to activate it. Our command will be viper
OK .. we are now on a target with guest privledges, we have access to guest folders.
we execute our macro command @viper
we run the command fs to check if the macro was successfull in our commands. As you can see it completed our commands as we wanted.
It created our folder viper and uploaded the 2 files we wanted in that folder.
If you frequently use the same commands, macros can help you execute them faster. Be creative, as you can do interesting things with macros. The speed in hacking a target will rapidly now increase. We have a video demostrating how to create macros in the Viper discord if you are still in need of help : https://discord.gg/wNE6UhEB8v