At Deepwatch, " Empowering Your Digital Defense, Ensuring Your Peace of Mind"

Author: Denzil Crowther

Easy way to Generate Reverse Shell

Easy way to Generate Reverse Shell

In this article, we will learn how to get a reverse in a few easy steps. Usually, the problem when reverse shell commands is to remember its long and complicating syntax. But due to growing AI of our digital world, this problem tackled and dealt with. Let’s see how it is done through this article. Table of Content What is Reverse Shell? A reverse shell is a technique used in computer security and hacking that allows an attacker to gain control over a system through an established network connection. Reverse shells can be used for various purposes, including unauthorized access, data theft, and further exploitation of the compromised system. A reverse shell, however, works in the opposite direction. Here’s a basic explanation of how a reverse shell typically works: Listener/Server Side: The attacker sets up a listener (command and control/C2 server) on a machine they control. This listener waits for incoming connections. Victim/Client Side: The attacker somehow tricks the target system into connecting back to their machine. This could be through techniques like exploiting vulnerabilities, social engineering, or other means. Connection Establishment: Once the connection is established, the attacker gains a command shell on the target system. This shell allows them to execute commands on the target machine as if they were physically present. Command Execution: The attacker can then issue commands on the target system, navigate the file system, run programs, and essentially control the system remotely. Types of Reverse Shell Reverse shell payloads are typically used by attackers to establish a connection back to their system. These payloads can be part of various hacking tools and frameworks. Here are some common types of reverse shell payloads: Netcat (nc): Netcat is a versatile networking utility that can be used to create a basic reverse shell. The attacker sets up a listener using Netcat, and the victim connects back to it, establishing a shell. Bash (Linux): A simple reverse shell can be achieved using Bash, the command shell for Unix-based operating systems. The attacker might use a one-liner command to create a reverse shell. Python: Python is a powerful scripting language, and attackers often use it to create reverse shells. They can write a short script that opens a network connection and redirects input/output to that connection. PowerShell (Windows): On Windows systems, PowerShell is a command-line shell that supports scripting. Attackers might use PowerShell to create reverse shells for Windows-based targets. PHP: PHP is a server-side scripting language, and attackers can craft PHP scripts to establish reverse shell connections. These scripts are often injected into vulnerable web applications. Ruby: Similar to Python, Ruby is a scripting language that can be used to create reverse shell payloads. Attackers might use Ruby scripts to exploit vulnerabilities and gain control over a system. Metasploit Framework: Metasploit is a penetration testing framework that includes a variety of tools for exploiting vulnerabilities. It provides pre-built reverse shell payloads for different scenarios and platforms. Java: Java-based reverse shells can be created to exploit systems where Java is installed. Attackers can use Java sockets to establish a connection back to their server. C and C++: Attackers may also write custom reverse shell code in lower-level languages like C and C++ to avoid detection by antivirus software and intrusion detection systems. Working of Reverse Shells A reverse shell operates by initiating a connection between the target machine and the attacker’s machine. Typically, the target machine sends a connection request to the attacker’s machine. The attacker’s machine functions as a listener, awaiting commands from the attacker.  Various Type Reverse Shell Generator To Create a Reverse Shell, we need a reverse shell command and a listener command. And to generate that go to the following website: Online Tool- Reverse Shell Generator -1 Once the www.revshells.com is loaded, give your Listerner IP <Attacker IP> address and Listener Port <Random Port>; as soon as you do this listener and reverse shell command will be generated as shown in the image below. Execute the reverse shell command on the victim’s system and run the listener on your attacking machine. Once you do this, you will have your reverse shell. As you can see in the image below, there are various options of the listener you can create such as powercat, busybox nc, socat, etc. Here we have created a netcat listenser.  Even for the reverse shell we have options like bash, pearl, ruby, nc -c and many more. From the image below you can also observe that you can create such reverse shell commands for all the operating systems such as Linux, Windows and Mac. This Reverse Shell generator also provide us with the option to create Hoaxshell which is a powershell payload for windows. The same is shown in the image below: Reverse Shell Generator – 2 This is an amazing Online reverse shell generator. To use this generator, go to the following website: Once you are on the website, click on the ‘RevShell’ from the menu bar. And then give your Local Host and Local Port as shown in the image below and then click on the ‘Submit’ button. After clicking on the submit button, you will have your listener. Simultaneously, it will also create multiple reverse shell commands for various Operating Systems as shown in the image below: HackTool HackTools is an all-in-one browser extension designed for Red Team web pentesters. It streamlines web application penetration tests by providing cheat sheets and an array of essential tools, including XSS payloads, reverse shells, and more. This extension eliminates the need to search for payloads on different websites or in your local storage, offering one-click access to most tools. Download the Hacktool extension from the following link : Once the extension is downloaded, access it through the full screen option. From the side bar go to the Reverse Shell option and give you Local hot and Local Port along with the type of shell you want to create as shown in the image below. Once you do this, it will create various reverse shells for you to use as shown in the image below: Through Hacktool, you can

Read More
Burpsuite for Pentester: Autorize

Burpsuite for Pentester: Autorize

In order to protect online assets, web application security testing is an essential element of safeguarding them. Burp Suite has been a leader in this area for many years and it’s still being used by safety professionals as well as Ethical hackers. One of those extensions that stands out in the web security testing community is “Autorize”, which comes with a wide variety of additional features to improve its capabilities. A powerful set of features that simplify the authentication and authorization testing process is available with this extension. Autorize = Authenticate + Authorize Authorization includes any method by which a system grants or revokes permission to access specific data or actions. Meanwhile, Authentication is a process by which an individual or system authenticates themselves as being who they claim to be. Common vulnerabilities detected by Autorize It is primarily focused on identifying authorization-related vulnerabilities. It can help to identify some of the main types of vulnerabilities, such as: Remember that the effectiveness of Autorize depends on how well it is configured and your tests are carried out. Understanding the working of Autorize Let’s understand how Autorize works. Suppose, for instance, a web application implements user-based roles and supports cookie-based authentication. Normal User: has access to general functionality but is not allowed to access admin functions and database (read-only access). Admin User: has access to all functionality (read/write access). Capture the normal user cookies and add them to Authorize. Re-log in with the Admin user access all the admin functionality and update some data to the database. What will Autorize be doing now? Autorize is capturing all requests and changing the administrator cookie with your normal user’s cookies when you are browsing an application, then sending them to server. See the server response, if the server behaves in the same way as legitimate Admin (like 200 OK in response) and no errors have been detected. The request was highlighted as a Red Bypass! Another request shows as a Green Enforced!. For every request sent to the server from a client, it will perform an automated test. With a large application, with over 30+ dynamic webpages, it’s going to ease our work. There are a lot of URLs you need to test manually, so Autorize will do it for you. Similarly, Autorize also detects an API endpoint problem in the same way. The authentication method must be checked for the API. Let’s say an API uses a JWT token, you can control that by modifying its authorization header and identifying the authentication bypass issues with the APIs. Installation and Setup From the Bapp Store, you can download and install the extension. Select Bapp Store in Extensions. You can search for ‘Authorize’, or you can just look down. Click on it, scroll down to the right side. The extension is built in Python, you will see that ‘Jython’ needs to be installed first. Browse the below link and download ‘Jython Standalone’. Refer this link: https://www.jython.org/download.html After downloading go to Setting > Extension > on the right side under Python Environment browser the Jython file. This environment has been successfully set up for Jython. Restart the Burp program and follow this path to install Authorize on BApp Store. You’ll notice that the install button is highlighted. You can click on it and install it. The Authorize tab will appear in the bar after successful installation. Navigating and Configuration Options There are two tabs under the Authorize section, the first one is Request/Response Viewers tab and the other one Configuration tab. Request/Response Viewers: The Request/Response tab will display complete information about the particular request you capture within Authorize and choose. The manipulated request will be displayed under the Modified Request section, the Original Request tab will display the original/unmodified request, and the Unauthenticated request will display the unauth request. Configuration: Under the configuration tab you will see Autorize is off by default, when you are ready to capture the request first put Autorize on. There are also some configurations for capturing a request and server status code. Depending on your preference, you can select it. Here, under the Temporary header box; you need to put the normal user token/cookies/header value that you want to replace within the actual request i.e. if any application is using a JWT token for auth mechanism you need to put that value here. Either you can manually add the auth value or below is the option to fetch it from the last request. If you want to add the cookies header from the last request – click on ‘Fetch Cookies header’ or If you want to add Authorization header – click on ‘Fetch Authorization header’. Generally, the session cookies are under Cookies Header and the auth token comes under Authorization Header. Once the session cookies are loaded, it is essential to instruct Authorize on which requests to intercept and establish the standard behavior for the application when dealing with unauthorized requests or those with insufficient permissions. Commencing with the Enforcement Detector, input a characteristic of the application’s response that can be anticipated when a user with limited privileges tries to perform an action they lack sufficient permissions. In my practice, I’ve found that utilizing the “Body (simple string): enforced message body contains” option is the simplest to set up and functions effectively. Choose the type and content that aligns with your specific needs and remember to click the “Add filter” button. Moreover, it is necessary to understand that it automatically sets the default comparison to “And” when assessing multiple filters. Therefore, if the application generates distinct error messages, such as one for trying to read a file and another for attempting to access administrative features, you should create a filter for each scenario and switch the “And” to “Or.” Follow the same procedure for the Unauthenticated Detector The interception filter will intercept “Scope items only” regardless of content and from those requests, it will ignore spider requests and URLs containing image extensions. You may select on your preference and click

Read More
Beginner Guide to Classic Cryptography

Beginner Guide to Classic Cryptography

Cryptography:  It is a technique of scrambling messages using mathematical logic to keep the information secure. It preserves the scrambled message from being hacked when transported over the unsecured network. Since it converts the readable message in unreadable text. Plaintext: It is the content of data which is in a readable form that needs to be shared over the insecure network. Encrypting key: It is a random string of bits created particularly to scramble the plaintext information into unreadable text using mathematical logic. There are two types of encryption keys symmetric key and asymmetric key. Ciphertext: The output of encryption produces ciphertext which is not readable by human beings. Decrypting key: It is the key which used to decipher the ciphertext into again plaintext using the symmetric or asymmetric key to read the original message. Functionality of cryptosystem Authentication: It is the process of verification of the identity of a valid person through his username and password that communicates over a network. Authorization: It refers to the process of granting or denying access to a network resource or service. Most of the computer security systems that we have today are based on a two-step mechanism. The first step is authentication, and the second step is authorization or access control, which allows the user to access various resources based on the user’s identity. Confidentiality or privacy: It means the assurance that only authorized users can read or use confidential information. When cryptographic keys are used on plaintext to create ciphertext, privacy is assigned to the information. Integrity: Integrity is the security aspect that confirms that the original contents of information have not been altered or corrupted. There should be no kind of modification with information while it is transported over the network. Non-repudiation: Non-repudiation makes sure that each party is liable for its sent message. Someone can communicate and then later either falsely deny the communication entirely or claim that it occurred at a different time or even deny receiving any piece of information. Classical Cryptographic Algorithms Types Caesar Cipher Caesar cypher is a type of substitution cypher in which each letter of the alphabet is swapped by a letter a certain distance away from that letter. Algorithm Step 0: Mathematically, map the letters to numbers (i.e., A = 1, B = 2, and so on). Step 1: Select an integer key K between 1 and 25 (i.e., there are a total of 26 letters in the English language) let’s say shift right to 3 alphabets where A +3 = D, B+3 = E and so on. Step 2: The encryption formula is “Add k mod 26”; that is, the original letter L becomes (L + k)%26. For example encryption of “IGNITE” will like as: C = E (L+K) %26 Here L= I and K = 3 C = E (I+3) % 26 C = E (9+3) % 26 C = E (12) % 26 C = E (L) Hence encryption of IGNITE: LJQLWH Step 3: The deciphering is “Subtract k mod 26”; that is, the encrypted letter L becomes (L – k) %26. For example Decryption of “LJQLWH” will like as: C = D (L-K) %26 C = D (L-3) % 26 C = D (12-3) % 26 C = D (9) % 26 C = D (I) Hence decryption of LJQLWH: IGNITE  Limitation: Caesar cypher is vulnerable to brute-force attack because it depends on a single key with 25 possible values if the plaintext is written in English. Consequently, by trying each option and checking which one results in a meaningful word, it is possible to find out the key. Once the key is found, the full ciphertext can be deciphered accurately. Monoalphabetic Cipher It is also a type of substitution cipher in which each letter of the alphabet is swapped by using some permutation of the letters in an alphabet. Hence permutations of 26 letters will be 26! (Factorial of 26) and that is equal to 4×1026. This technique uses a random key for every single letter for encryption and which makes the monoalphabetic cipher secure against brute-force attack. The sender and the receiver decide on a randomly selected permutation of the letters of the alphabet. For example in word “HACKING” replace G from “J” and N from “W” hence permutation key is 2! i.e. factorial of 2 and HACKING will become “HACKJIW”. Algorithm Step 0: Generate plaintext–cypher text pair by mapping each plain text letter to a different random cipher text letter IJKLQR——–GFE. Step 1: To encipher, for each letter in the original text, replace the plain text letter with a ciphertext letter. Hence encryption of “IGNITE” will be as shown below Step 2: For deciphering, reverse the procedure in step 1. Hence decryption of “USBUOQ” will be “IGNITE” Limitations Despite its advantages, the random key for each letter in monoalphabetic substitution has some downsides too. It is very difficult to remember the order of the letters in the key, and therefore, it takes a lot of time and effort to encipher or decipher the text manually. Monoalphabetic substitution is vulnerable to frequency analysis. Playfair Cipher  It encrypts digraphs or pairs of letters rather than single letters like the plain substitution cipher In this cipher, a table of the alphabet is 5×5 grids is created which contain 25 letters instead of 26. One alphabet “J” (or any other) is omitted. One would first fill in the spaces in the table with the letters of the keyword (dropping any duplicate letters), then fill the remaining spaces with the rest of the letters of the alphabet in order. If the plaintext () contains J, then it is replaced by I. Algorithm Step 0: Split the plaintext into a pair, if the number of letters is odd then add “X” with the last letter of the plaintext For example “TABLE” is our plaintext split it into the pair as TA BL EX Step 1: Set the 5 × 5 matrices by filling the first positions with the key. Fill the rest of the matrix with other letters. Let’s assume “ARTI” is our key for encryption. Step

Read More
Understand Hashing in Cryptography (A Practical Approach)

Understand Hashing in Cryptography (A Practical Approach)

Cryptography is the conversion of plain readable text into the unreadable form. In cryptography first, the data is converted into ciphertext (that is encryption) and then the ciphertext is converted back into readable form (that is decryption). Cryptography basically works on the concept of encryption and decryption. Encryption and decryption should not be confused with encoding and decoding, in which data is converted from one form to another but is not deliberately altered so as to conceal its content. Encryption is achieved through the algorithms. These algorithms are works with logic, mathematics calculations, and its complexities. Hash Function is the most important function in Cryptography. A hash means a 1 to 1 relationship between data. This is a common data type in languages, although sometimes it’s called a dictionary. A hash algorithm is a way to take an input and always have the same output, otherwise known as a 1 to 1 function. An ideal hash function is when this same process always yields a unique output. So you can tell someone, here is a file, and here is its md5 hash. If the file has been corrupted during then the md5 hash will be a different value. In practice, a hash function will always produce a value of the same size, for instance, md5 () it will always return 128bits no matter the size of the input. This makes a 1 to 1 relationship impossible. A cryptographic hash function takes extra precautions in making it difficult to produce 2 different inputs with the same output, this is called a collision. It also makes it difficult to reverse the function. Hash functions are used for password storage because if an attacker where to obtain the password’s hash then it forces the attacker to break the hash before he can use it to log in. To break hashes, attackers will take a word list or an English dictionary and find all of the corresponding hash values and then iterate through the list for each password looking for a match. md5 (), sha0 and sha1 () are all vulnerable to hash collision attacks and should never be used for anything security related. Instead, any member of the sha-2 family, such as sha-256 should be used. To calculate the Hash Value, we will use a Hash Calculator. Install Hash Calculator from –> http://www.slavasoft.com/hashcalc/ Hash function plays a major role in the hacking/forensic world because it helps us to know whether a particular file has changed or not. You can also calculate the hash value of your computer and know if anyone has made any kind of changes. To calculate the hash value open Hash Calculator. Now browse the file of which you want to calculate the hash value. And click on Calculate. After clicking on calculate it will give too hash values using four different hashing algorithms i.e MD5, SHA1, RIPEMD160, CRC32. You can check other boxes too if you want to use those algorithms to calculate the hash value. This way Hash calculator helps us to know the hash value. Now if there are any changes made in this file, the hash value will change too. Once I calculated the hash value above I made some changes in the file and calculated the hash value again with the same method and as a result, the hash value was changed. Now, we have two hash values. Let us compare both of these values of MD5. The value of first file is 1110808875326e25dl93e4ee096afaf1 and the value of other file is fb9d53883f302d78c978a583e8a85. Seeing these two values of MD5 of the same file we can conclude that some changes are made. Because even the slightest difference will change the hash value. But now the main question is how to detect this change because a file can be of 1TB too. Also, imagine that you are sending a hard disk full of important documents to someone and there is a huge possibility that someone can bribe the sender and make changes in your documents. So how can you detect these changes? The answer is very simple –> Compare it! This tool helps us achieve our goal which is to detect the change. Download Compare it! From —>http://www.grigsoft.com/wincmp3.htm Open Compare it! Click the file and a drop menu will appear. Select the compare files option. A Dialogue box will open which will ask you to choose the files that you want to compare. Click on Browse button and select your file. And click on Open. It will show you the changes by highlighting them with green colour and the red colour will tell the exact change as shown below: So, in such a way you can protect your sensitive data and detect the crime done too.

Read More
× Live Chat