COMMAND INJECTION (II): REVERSE SHELL CONNECTION WITH NETCAT
- Layout for this exercise:
- This exercise is based on the previous one:
http://www.whitelist1.com/2018/04/command-injection-attack.html
- Now, the goal is to perform a Command Injection attack from the web browser of the attacker Kali Linux against a victim Metasplotaible, injecting NetCat commands:
https://en.wikipedia.org/wiki/Netcat
- Three of the most interesting characteristics of this attack are:
- No file is uploaded to the victim so the detection rate would be low
- No need of writable permissions over the web server folder on the victim's side
- The tool (NetCat) is usually present in most of the Linux/Windows machines
- First, let check that ci.php (allows Command Injection due to lack of input sanitization, as seen at previous exercise) is available at the victim side Metasploitable's web server folder /var/www:
- From Kali:
- NetCat (nc) has two options (-c and -e), considered dangerous by the program itself, that execute commands remotely:
- Setting a listening session on port 4444 at the attacker side:
- Now, entering through Kali's browser the NetCat command which executes (-e) remotely a shell (/bin/bash):
- It is interesting to notice the Connecting notification, meaning it is waiting to the connection at the other side:
- Finally the attacker Kali achieves a reverse shell connection from the Metasploitable victim's side:
