Category: Uncategorized

Hello, aspiring ethical hackers. In this blogpost you will learn about web shell. In our previous blogpost you learnt what is a shell, what it does and the types of shell. A web shell is a type of shell but it is used in relation to websites and web server.

What is a web shell?

A web shell is a type of shell that gives attacker access to a website or web server. It is usually uploaded after already the website is compromised as a means to have persistent access to the website in future.

Web shells have various features. Most important of them are,

1. Persistent access.
2. Uploading additional files to the web server.
3. Downloading files from the web server.
4. Executing additional scripts on the web server.
5. Dumping databases of the web server.
6. Pivoting to other devices on the network.
7. Privilege escalation etc.

We can say that once a web shell is uploaded to the website, it gives complete control over the website to the attackers.

How are web shells uploaded?

Some vulnerabilities and attack allow hackers to upload web shells to the website to keep having persistent access. Some of these vulnerabilities are.

1. File upload vulnerabilities:

File upload or Remote file inclusion (RFI) vulnerabilities allow attackers to upload arbitrary files to the web servers. These arbitrary files are most probably web shells.

2. Path traversal vulnerabilities:

In some cases, path traversal or Local File Inclusion (LFI) vulnerabilities also allow attackers to upload web shells.

3. XSS vulnerability:

Not just file inclusion vulnerabilities, even cross site scripting (XSS) vulnerabilities in some cases allow uploading of web shells.

4. Password cracking:

After the password of the website is successfully cracked, attackers can upload web shells to a website for future access.

Types of web shells

Web shells are easily available on internet. There are various types of web shells with variety of features in various languages. Needless to say, the web shell being uploaded to the website should be of same languages as the server-side scripting language used on the web server or website. Now, let’s study about some web shells.

1. Weevely:

Weevely is a web shell designed for POST-exploitation with almost 30 modules to assist in administrative tasks, maintaining access, elevate privileges and spreading over the network. Learn more about it here.

2. Web shells in Kali Linux

Kali Linux itself has some web shells ready to be deployed. Although their functionality is simple, they are quite good for beginners. Learn about them here.

3. Metasploit/MSFvenom

Is there anything Metasploit can’t create? Yes, you can create your own web shell with msfvenom. Learn how.

4. C99 shell

Peering to the Black Hat side, C99 shell or its variants are still being used by Black Hat Hackers in real world. Learn more about C99 shell here.

Hello, aspiring ethical hackers. In this blogpost, you will learn about the most basic BUT most important concept in ethical hacking. What is it? What else, SHELLS. Shells in hacking or ethical hacking are a very important topic because any hack or pen test is not considered complete without acquiring a shell. But what exactly is a shell?

What is a shell?

In world of computing, a shell is a program or a tool that allows users with an interface to interact with the operating system directly. Shell is not an alien concept to you as you have might already used it at least once in your life no matter what operating system you use. If you are a Windows user, CMD and PowerShell are two examples of a shell.

Linux users almost use shell in their daily life to perform each and every operation. You are familiar with it as “terminal”. In Kali Linux, zshell is the default shell.

There are other types of shells in Linux like Bourne again shell (BASH) etc.

Now, you may ask what does this have to do with ethical hacking. In ethical hacking, a hacker or pen tester gains access to a machine, the first thing he tries to gain access to on the target system is a shell.

Types of shells in hacking

There are two types of shells in hacking and cyber security. They are Bind shell and Reverse shell.

1. Bind shell

A bind shell is a shell in which the connection is initiated by the attacker machine towards the target system. When a payload is executed on the target system, it opens a port to which the attacker system connects to. Let us demonstrate this. To do this, we will be exploiting the ms08_067 vulnerability using metasploit. Here, I will just focus on payloads we have already discuss about the ms08_067 vulnerability in our previous blogpost. First, we set a bind_tcp payload with LPORT option.

This payload when executed opens a port 4444 on the target system to which our attacker system would connect.

2. Reverse Shell

In a reverse shell, the shell is initiated from the target system and connects to a listening port on the attacker system. This type of shell is generally used by hackers to bypass Firewals. Let’s see an example. For this, I turn on the Firewall on the target system. When we try to use the same bind shell payload we used earlier, you can see that it fails to grab a shell.

This is because Firewall is dropping the packets. Let’s try to exploit it with a reverse shell now.

As you can see, this time we successfully got a shell.

Hello, aspiring ethical hackers. In this blogpost, you will learn about Firewalls. A firewall is a software or a hardware device that acts as a wall between the internet and the internal networks or between any two networks. The main purpose of the firewall is to prevent malicious traffic from entering the internal network.

Based on the delivery method, a firewall can be classified into three types. They are,

1. Hardware
2. Software
3. Cloud based

There are two types of firewalls based on the method of operation. They are, Host-based and Network based firewalls.

1. A host-based firewall is a software that is installed on a computer or network. Ex: Windows Firewall.
2. Network based firewall is a software or hardware firewall that acts as a barrier for the entire network.

Types of Firewalls

Different types of firewalls use different methods of operation to block malicious traffic. Before you learn about how firewalls operate, let’s first see how network traffic travels from one computer to another computer.

When one computer (let’s say computer A) sends data to another computer (let’s say computer B), the data is first split into differ parts which are known as packets. These packets are sent to computer B. Before being transmitted, a header is added at the beginning of each packet. This header contains information like source IP address, destination IP address, source and destination ports, network ports etc. Once these packets reach the computer B, they are reassembled. Now, let’s learn about the different types of firewalls.

1. Circuit level gateway:

The simplest types of firewall, it operates at the session layer of the OSI model. This type of firewall monitors TCP handshakes between two machines.

Based on the configured settings of the firewall, it accepts or blocks traffic. Circuit level gateways don’t inspect the packets. So as long as there is a handshake, even malware laden requests are allowed.

2. Packet filtering firewalls:

As the name of the firewall says, this firewall inspects the packet’s header for information about source and destination IP address, port etc. It operates on the network layer of OSI model. Note that it doesn’t inspect the actual payload.

3. Stateful Inspection firewall:

Stateful Inspection firewalls work on network and transport layer of the OSI models. It uses both TCP handshakes and packet filtering to detect malicious traffic. It specifies traffic as malicious after observing the traffic for a particular period of time which is known as state. Then it compares the network traffic to the observed state to classify traffic as malicious or not.

4. Proxy firewall:

A proxy firewall is mostly used to hide or make the IP address of the client’s system or network IP. It operates at the application layer and checks both header of the payload and the payload to classify traffic as malicious.

5. Next Generation firewall:

A next-generation firewall uses the features of all the above-mentioned firewalls to classify traffic as malicious or not.

Hello, aspiring ethical hackers. In this blogpost, you will learn about IP spoofing or IP address spoofing. To understand IP spoofing, you need to first understand what is an IP address?

What is an IP address?

Every house has an address no matter in which nation it is around the world. This address helps in identifying the location of the house. Just like physical houses, every computer too has an address. This address is known as Internet Protocol (IP) address. This IP address is used to identify the computer, laptop or any digital device around the internet.

I wouldn’t go all about IP addresses here, but I think this blogpost is a good start. To stick with basics, you can view the IP address of your device using the command “ipconfig” in Windows and “ip a” in Linux.

The IP address is needed for communication between various devices over internet. If your computer or mobile device doesn’t have the IP address, it cannot communicate over internet.

What is IP spoofing?

Well, let’s now get to the original topic of this blogpost. IP spoofing is the process of spoofing your IP address over the internet. It means changing the IP address of your device to something else other than assigned to your computer.

Why is IP spoofing needed?

How many times have we seen getting meterpreter session on our blog and in our magazine Well, in these cases, attackers IP address can be easily identified by viewing logs on the target system. In hacking, Black Hat Hackers spoof IP addresses to hide the source of their attack. IP spoofing is also used for genuine purposes like to protect their privacy.

Methods of IP spoofing

There are various method by which IP address can be spoofed.

1. Black Hat Hacker’s technique:

Black Hat Hackers often source their hacking attack through other IP addresses to hide their identity and to prevent tracking their hacking activity. Many computers in Fortune 200 companies are provided for sale on the dark web with access. Hackers buy access to these computers and source their hacking attacks from these systems. So, even if cybersecurity investigators detect the hacking attack, they can’t track the source to the original IP address of the hacker.

2. Proxy server:

A proxy server is a system or server that acts as a gateway between users and the internet. When they visit a website through a proxy, the IP address of the source computer is not shown and the IP address of the proxy server is logged on the target server. This is often used to bypass internet censorship.

3. Virtual Private Networks (VPNs):

A virtual private network (VPN) is a mechanism that creates a secure connection between the source and target system. It uses encryption to create this secure connection.

Hacking attacks that use IP spoofing

1. DDOS attacks:

While performing a DDOS attack, attackers often use spoofed IP addresses to overwhelm the target server or website with requests.

2. Man in the Middle attacks (MiTM):

Packet sniffing attacks or Man in the middle (MiTM) attacks also use IP spoofing.

See how to spoof your IP address in Kali Linux.

Hello, aspiring ethical hackers. In this blogpost, you can learn about Bluetooth hacking. Bluetooth is a short-range wireless technology standard used for exchange of data between devices.

Bluetooth is mainly used as an alternative to exchange of data using wires. The range of Bluetooth is very short may be over 10 meters.

What is Bluetooth hacking?

Exploitation of vulnerabilities in Bluetooth technology standard to hack Bluetooth enabled devices is known as Bluetooth hacking.

Modes of Bluetooth

A Bluetooth device can be set in two modes. Discoverable and Non-Discoverable.

1. Discoverable: In discoverable mode, the Bluetooth device is visible to other Bluetooth enables devices.
2. Non-discoverable: As you should have guessed by now, in this mode, the device is not visible to other Bluetooth enabled devices.

Pairing modes

Similarly, Bluetooth has two pairing modes. They are Pairable mode and Non-pairable mode.

1. Pairable mode: In this mode, the Bluetooth device accepts the pairing request upon requested.
2. Non-pairable mode: In non-pairable mode, the Bluetooth device rejects the pairing attempt.

Various Bluetooth based attacks

There are various Bluetooth based attacks. Some of them are,

1. Bluejacking:

Bluejacking is the attack in which an attacker can send messages to other users from the victim’s phone using Bluetooth.

2. Blue snarfing:

In this attack, an attacker can exploit Bluetooth to steal sensitive data from the target mobile phone.

3. Bluesmacking:

Similar to Ping of Death DoS attack, in this attack, attacker sends a oversized ping packet using Bluetooth to the victim’s device causing a buffer overflow attack.

4. Bluebugging:

In this attack, the attacker gains access to the target’s device using Bluetooth without target user being aware of it.

5. Blueprinting:

In this attack, the attacker tries to printout the data information of the target user’s mobile phone.

6. MAC spoofing attack:

: In this attack, just like any MAC spoofing attack, the attacker spoofs the MAC address of the target user’s mobile phones.

7. Man in the Middle (MitM) attack:

The attacker places himself between two Bluetooth devices.

Impact of Bluetooth hacking

Bluetooth attacks can lead to various threats. These include,.

1. Leak of calendars and address book.
2. Sending spurious SMS messages.
3. Bugging devices.
4. Sending premium messages.
5. Social engineering
6. Installing malicious code