Open In App

Uploading a Reverse Shell to a Web Server in Kali Linux

Improve
Improve
Like Article
Like
Save
Share
Report

We basically hack the webserver for gaining access to the system. We look into what is inside the web server and we want to have full control of the web server. Therefore we can download or access the uploaded content. In this article, we are using a reverse shell made with PHP. We are uploading the reverse shell into the web server and trying to hack the web server. Before that, we will see what is a web server and reverse shell.

What is a Web Server?

A web server is like a computer that uses an HTTP (Hyper Text Transfer Protocol) and many other protocols. it responds when a client makes a request over the world wide web. The main work of the web server is to show website content that is processed, and stored, in the webserver to deliver the webpages to the user. The Web server also uses SMTP (Simple Mail Transfer Protocol) for sending mail and FTP (File Transfer Protocol) for file transfer and storage.

What is Reverse Shell?

Reverse Shell is used for to gain full control of the compromised system a hacker can easily create a session-established connection. The main working principle is a reverse shell of the is creating remote connection and sending input output redirect to the attacking system. Reverse uses open ports for creating reverse shell. These shells are made with different programming languages like PHP, Python, etc.  

Uploading a Reverse Shell to a Web Server

Follow the below steps for Uploading a Reverse Shell to a Web Server in Kali Linux:

Step 1: Looking for upload vulnerabilities in the web server. 

Scan the web server for open ports. Here we will be using DVWA vulnerable machine for showing the demonstration.

nmap - Pn 192.168.29.20

 

Step 2: Check Upload Field Whether Upload Shell or Different File Type.

Step 2.1: Download a reverse shell from pentest monkey the file type is PHP.

 

Step 2.2: Now, Open the PHP file and change the IP and Port number for accessing the machine.

 

Step 2.3: Now Upload the PHP file on the Web Server.

 

Step 2.4: Select the PHP file from the local disk. Here, we have a php-reverse-shell-master.php file which we will be uploading on the target server.

 

Step 2.5: Now, finally upload the file on the target server.

 

Step 3: Let’s get the Connection 

Step 3.1: Enter the following command to get access to the web server and hit enter.

nc -nvlp 4444

Command Explanation:-

  • nc – It’s a tool named Netcat
  • -nlvp –  n for denying the use of DNS, hostname, and ports. 
  • -l – attribute for probes to a target.
  • v – attribute for verbose mode in Netcat tool.
  • p -attribute for using the source port 

 

Step 3.2: Now we can enter various commands and check whether the connection is built or not on the target server. In the below screenshot, we have entered ls command and we have got the list of files present in the web server’s directory.

ls

 

So, we have successfully uploaded the reverse shell to the web server and got access to a web server.


Last Updated : 07 Nov, 2022
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads