Posted on by

Maintaining access in ethical hacking

Hello, aspiring ethical hackers. In this blogpost, you will learn about maintaining access in ethical hacking. Maintaining access is the fourth phase in the total 5 phases of ethical hacking. In this phase, hackers try to hold on to the initial access or foothold they have gained on the network.

Maintaining Access 1

This is done using various methods. They are,

1. Elevating privileges:

Most of the time when hackers gain initial access on the target system or network, it is a lower privileged one. So, as soon as hackers gain access, they try to elevate their privileges on the target system to be able to perform important actions on the target network or system. Learn more about privilege escalation.

2. Backdooring:

In this method of maintaining access, hackers try to install a backdoor on the target system or network. They do this by either modifying the legitimate components or by installing specific backdoors like C&C servers, genuine remote administration software etc.

3. Rootkits:

Sometimes, hackers install rootkits on the target system or network. A rootkit is a type of malware that masks its existence from the system software including Antivirus. Normally a rootkit provides higher level of access or sometimes even kernel level access to hackers.

4. Persistence scripts:

Hackers also use widely available persistence scripts to maintain access on the target system of the network.

5. Tunneling:

Maintaining access is not always about installing a backdoor or rootkit etc on the target system. Sometimes, it involves tunneling. Tunneling is a process in which data is usually shared between two different networks privately without being detected.

Posted on by

5 phases of ethical hacking for beginners

Hello, aspiring ethical hackers. In this blogpost, you will learn what is ethical hacking and the 5 phases of ethical hacking.

What is Ethical Hacking?

Ethical hacking is hacking that is performed while following the ethics and rules. It is a procedure of detecting vulnerabilities and weaknesses in the target organization’s network and exploiting them with the written permission of an individual or organization. It is performed to find out and fix the vulnerabilities in the network that can be exploited by bad hackers aka Black Hat hackers.

What are the 5 phases of ethical hacking?

5 Phases Of Ethical Hacking 1 416x1024

Ethical hacking consists of 5 phases. They are,

1. Foot printing:

Also known as information gathering or reconnaissance, in this phase ethical hackers try to collect as much information as possible about the target organization or individual that may be helpful to them in the next phases of ethical hacking. Learn more about Footprinting.

2. Scanning & enumeration:

In this phase, the target organization’s network is probed to find any path of entry that can provide a way for ethical hackers into the network. It includes scanning for live systems in the network range, scanning for open ports on the LIVE systems and services running on them and scanning for any vulnerabilities in those services.

Then these services are enumerated to find any user accounts or other Information about the target networks. Learn more about scanning & enumeration.

3. Gaining access:

In this phase ethical hacking, ethical hackers exploit one of the vulnerability or weakness found in the second phase and gain a shell on the target system or network. Learn more about gaining access.

4. Maintaining access:

In this phase, ethical hackers after gaining initial access on the target system or network, try to maintain this access for future and continuous use. Learn more about various techniques used for maintaining access.

5. Covering tracks:

In this phase, ethical hackers try to hide or erase all their operations performed on the target system or network until now. This is to remove any evidence of their malicious activity. In Black Hat Hacking, they do this to prevent tracing of the hack back to them. This phase is also known as clearing tracks. Learn more about covering tracks.

Posted on by

Gaining access in ethical hacking: Techniques

Hello, aspiring ethical hackers. This article is a beginner guide to gaining access. Gaining access is the third phase in ethical hacking after footprinting and scanning & enumeration. It should be noted that the earlier two phases will play a major role in gaining access. This blogpost will explain you about different ways in which hackers or pen testers gain access to a target system or network.

What is gaining access?

In our previous blogpost, you learnt what a shell is and types of shell in cybersecurity. When a hacker or pen tester gains a shell on the target system or network, it is called as gaining access. Gaining access is the first phase where a hacker or pen tester gains some control on the target system.

Methods of gaining access

There are multiple ways by which hackers can gain initial access. They are,

  1. Vulnerabilities in the operating system or firmware.
  2. Application vulnerabilities.
  3. Payloads & malicious software.
  4. Password’ cracking.
  5. Misconfigured services.
  6. Social- engineering.
  7. Wi Fi hacking
Gaining Access 1 1

1. Vulnerabilities in the operating system or firmware:

An operating system is the core of any computing device. Enterprises around the world use different operating systems for different purposes. Some of the popular operating systems used by enterprises around the world are Windows, Linux, MacOS, Android, IOS, chrome OS, Red Hat Enterprise Linux, Solaris, Centos, Ubuntu, IRIX and FreeBSD etc. No matter what operating system it is, it is a software consisting of programs. So, any vulnerability exposed in the operating system can be exploited by hackers to gain initial access. For example, ms08-067 and EternalBlue.

2. Application vulnerabilities:

An operating system is by itself not useful. So, a lot of application or programs are installed over the operating system to perform certain functions. Any vulnerabilities in these installed programs can be exploited successfully gain initial access. For example, Macros or Excel Macros.

3. Malicious payloads:

Hackers just don’t use vulnerabilities to gain access. They also use malicious payloads like malware and virus to gain access. Learn more about payload generators.

4. Cracked passwords:

Sometimes enterprise systems are enabled with remote access so that employees can connect to them remotely for the purpose of their work. The protocols enabling remote access like SSH, FTP, Telnet and RDP etc. Cracking the credentials of these services give hackers a way to gain access to the servers and subsequently to the entire system or network. Learn more about password cracking.

5. Misconfigured services:

Sometimes, services being used by the target network can be misconfigured either by mistake or on purpose. Hackers can exploit these misconfigurations to gain initial access.

6. Hacking Wi-Fi network:

Wi Fi hacking is often sometimes ignored as a factor that can provide initial access to the hackers. Hacking WiFi (especially if the password is not complex) is very easy compared gaining access through the above explained methods. It also provides easy access to hack. Learn more about WiFi hacking.

7. The human factor:

No matter how strong the firewall on the network is or how secure the devices are in a network, if the employees of the organization are not well trained, they can eventually give hackers access into the network or devices. Social-engineering is often very underrated as a factor that allows hackers to gain access. Learn more about social engineering.

Posted on by

Beginners guide to a web shell

Hello, aspiring ethical hackers. In this blogpost you will learn about web shell. In our previous blogpost you learnt what is a shell, what it does and the types of shell. A web shell is a type of shell but it is used in relation to websites and web server.

What is a web shell?

A web shell is a type of shell that gives attacker access to a website or web server. It is usually uploaded after already the website is compromised as a means to have persistent access to the website in future.

Web shells have various features. Most important of them are,

  1. Persistent access.
  2. Uploading additional files to the web server.
  3. Downloading files from the web server.
  4. Executing additional scripts on the web server.
  5. Dumping databases of the web server.
  6. Pivoting to other devices on the network.
  7. Privilege escalation etc.

We can say that once a web shell is uploaded to the website, it gives complete control over the website to the attackers.

How are web shells uploaded?

Some vulnerabilities and attack allow hackers to upload web shells to the website to keep having persistent access. Some of these vulnerabilities are.

1. File upload vulnerabilities:

File upload or Remote file inclusion (RFI) vulnerabilities allow attackers to upload arbitrary files to the web servers. These arbitrary files are most probably web shells.

2. Path traversal vulnerabilities:

In some cases, path traversal or Local File Inclusion (LFI) vulnerabilities also allow attackers to upload web shells.

3. XSS vulnerability:

Not just file inclusion vulnerabilities, even cross site scripting (XSS) vulnerabilities in some cases allow uploading of web shells.

4. Password cracking:

After the password of the website is successfully cracked, attackers can upload web shells to a website for future access.

Types of web shells

Web shells are easily available on internet. There are various types of web shells with variety of features in various languages. Needless to say, the web shell being uploaded to the website should be of same languages as the server-side scripting language used on the web server or website. Now, let’s study about some web shells.

1. Weevely:

Weevely2

Weevely is a web shell designed for POST-exploitation with almost 30 modules to assist in administrative tasks, maintaining access, elevate privileges and spreading over the network. Learn more about it here.

2. Web shells in Kali Linux

Webshells1

Kali Linux itself has some web shells ready to be deployed. Although their functionality is simple, they are quite good for beginners. Learn about them here.

3. Metasploit/MSFvenom

Is there anything Metasploit can’t create? Yes, you can create your own web shell with msfvenom. Learn how.

4. C99 shell

C99shell1 1024x467

Peering to the Black Hat side, C99 shell or its variants are still being used by Black Hat Hackers in real world. Learn more about C99 shell here.

Posted on by

Beginners guide to shells in hacking

Hello, aspiring ethical hackers. In this blogpost, you will learn about the most basic BUT most important concept in ethical hacking. What is it? What else, SHELLS. Shells in hacking or ethical hacking are a very important topic because any hack or pen test is not considered complete without acquiring a shell. But what exactly is a shell?

What is a shell?

In world of computing, a shell is a program or a tool that allows users with an interface to interact with the operating system directly. Shell is not an alien concept to you as you have might already used it at least once in your life no matter what operating system you use. If you are a Windows user, CMD and PowerShell are two examples of a shell.

Shell 1
Shell 2

Linux users almost use shell in their daily life to perform each and every operation. You are familiar with it as “terminal”. In Kali Linux, zshell is the default shell.

Shell 3

There are other types of shells in Linux like Bourne again shell (BASH) etc.

Now, you may ask what does this have to do with ethical hacking. In ethical hacking, a hacker or pen tester gains access to a machine, the first thing he tries to gain access to on the target system is a shell.

Types of shells in hacking

There are two types of shells in hacking and cyber security. They are Bind shell and Reverse shell.

1. Bind shell

Shell 4

A bind shell is a shell in which the connection is initiated by the attacker machine towards the target system. When a payload is executed on the target system, it opens a port to which the attacker system connects to. Let us demonstrate this. To do this, we will be exploiting the ms08_067 vulnerability using metasploit. Here, I will just focus on payloads we have already discuss about the ms08_067 vulnerability in our previous blogpost. First, we set a bind_tcp payload with LPORT option.

Shell 5

This payload when executed opens a port 4444 on the target system to which our attacker system would connect.

Shell 6
Shell 7

2. Reverse Shell

Shell 8

In a reverse shell, the shell is initiated from the target system and connects to a listening port on the attacker system. This type of shell is generally used by hackers to bypass Firewals. Let’s see an example. For this, I turn on the Firewall on the target system. When we try to use the same bind shell payload we used earlier, you can see that it fails to grab a shell.

Shell 9

This is because Firewall is dropping the packets. Let’s try to exploit it with a reverse shell now.

Shell 10
Shell 11
Shell 12

As you can see, this time we successfully got a shell.