Futaba _ Webs πΈπΈππΈπΈ
How to Botnet πΈπΈππΈπΈ
Today we are going to be talking about how to build a custom backdoor exploit in Python3, as well as what RCE is, including various methods to achieve it. These two techniques are your bread and butter and are what youβll be going for during a lot of pentests, CTF challenges, etc, regardless of how you go about it: SQL injection, OS command injection, remote file inclusion, etc. Itβs really all the same. If youβve ever noticed, during a lot of big hacks, one of the most common things that ALWAYS happens is that the attackers somehow discover a way to RCE the system, allowing them to gain backdoor access and formulate something called a βbotnetβ, allowing them to deliver various payloads and command and control the network. Before I dive into this, as always I want to get you up to speed on some terminology so that you understand whatβs going on. Letβs go over the main TCP/IP handshake so you understand the overall process.
π Article π Glossary π Catalog π Home π Search Modeπ Article Glossary
πΈ Synopsis πΈ
Today we are going to be talking about how to build a custom backdoor exploit in Python3, as well as what RCE is, including various methods to achieve it. These two techniques are your bread and butter and are what youβll be going for during a lot of pentests, CTF challenges, etc, regardless of how you go about it: SQL injection, OS command injection, remote file inclusion, etc. Itβs really all the same. If youβve ever noticed, during a lot of big hacks, one of the most common things that ALWAYS happens is that the attackers somehow discover a way to RCE the system, allowing them to gain backdoor access and formulate something called a βbotnetβ, allowing them to deliver various payloads and command and control the network. Before I dive into this, as always I want to get you up to speed on some terminology so that you understand whatβs going on. Letβs go over the main TCP/IP handshake so you understand the overall process.
πΈ Article Topics πΈ
I'll be discussing the following topics in order: π What is the TCP/IP 3-way-hand-shake? π What is a BackDoor? π What is RCE? π What is a Botnet? π What is command and control? π What is the difference between Client and Server? You can click on any of the topics to simply check that one out if it interests you! NOTE: Articles are read from LEFT to RIGHT via 2 columns! Read the first column all the way down and then move to the next one!
πΈ Key Links πΈ
Here's a quick run down on all the main links that are in the article in case you want to check them out first. π LinkedIn Version π Patreon Version π Client π Server
π How to Botnet
What is the TCP/IP 3-way-hand-shake? πΈπΈππΈπΈ
First, In order for you to fully understand how all of this works, we need to go over the TCP/IP 3-way-handshake, as well as how sockets/ports work, and how all of this ties in together. This carries over on a fundamental level and gets you into the habit of understanding how network data communications function on a logical and "visual" level.
Letβs start off with the classic Web application example. When you visit a web application, you begin a process that is known as the TCP/IP handshake, which occurs in 3 steps via flags set in ICMP data packets: SYN, where the client is initiating a connection to the server, SYN/ACK, where the server responds, acknowledging the session being inquired, followed by ACK, which is the client side sends to finalize and begin the connection to the server. All of this also applies to the basic principles of how systems talk to each other over a network, which is what makes up the internet as a whole as itβs just a larger scale of that.
What is a BackDoor? πΈπΈππΈπΈ
Backdoors, also known as RAT, remote access Trojan, is the form of interconnecting two systems together maliciously in order to send data and or control a system. It can vary depending on what itβs needed for. In most cases itβs used as a way to botnet, command and control, and RCE a system. Stuff like a meterpreter shell in metasploit is a common example that is often used. Itβs also known as a reverse shell exploit which is the same concept.
As the name would suggest, often itβs used via Trojan malware methods, or βcompanionβ viruses that trick the user into clicking on it with stuff like βfake addsβ or βfalse program iconsβ on your computer screen. Once you click on it, youβve given the attacker access to your system.
What is RCE? πΈπΈππΈπΈ
RCE, remote code execution, is when you are able to remotely control a system via shell code commands Shell code commands are terminal commands, things like bash and powershell for example. For hackers, this can be achieved in a variety of different ways. SQL injection for example can achieve this via the βsystemβ command feature that comes packaged with SQL. SQL allows you to use this to send shell code commands to the main system. This means that if you are able to pwn a server via SQL injection you also have the potential to RCE it in the process.
What is a Botnet? πΈπΈππΈπΈ
Botnetting is the overall process of infecting a variety of different systems on a network, controlling them like bots/zombies in order to further oneβs access to the network, compromising the IT infrastructure further. This takes place during the maintaining access step of the pentesting methodology, and is where you establish ways to stay connected to a compromised network. This goes into something that is known as command in control.
What is command and control? πΈπΈππΈπΈ
Command and control is when you control, as the botmaster of the botnet, all the systems on the network and do regular checks on them to see if they are still alive. Think of it as you βblueteamingβ for your βbotnetβ. For example, you can do stuff like beacons, which sends data packets to check if the system is still alive, or even install logs so that you get regular status updates on them.
What is the difference between Client and Server? πΈπΈππΈπΈ
VERY CRUCIAL, and this is something that will play a vital role in your understanding of the difference between client and server. A client connects and sends data to the server, and a server βlistensβ. What do I mean by that? Servers have open ports that are in a listening state that wait for incoming connections and data from clients, and then handles and responds to them accordingly. The best way to think of this would be in the sense of ordering from an actual server via a restaurant menu. You put in an order, and then the server responds by delivering it to you.
If you like to see the more advanced version of this article that talks about methods that can be used to mitigate, as well as any videos included, SUBSCRIBE TO MY PATREON CYBER SECURITY TIER!
If you enjoyed this post give it a thumbs up! Iβll be keeping track of whose reacting from now on as there is a βspecialβ reason for it. Just know the more you support my content the more there is in stored!
- The Hacker Who Laughs πΈπΈππΈπΈ
