Uploading a Reverse Shell to a Web Server in Kali Linux
Last Updated :
07 Nov, 2022
We basically hack the webserver for gaining access to the system. We look into what is inside the web server and we want to have full control of the web server. Therefore we can download or access the uploaded content. In this article, we are using a reverse shell made with PHP. We are uploading the reverse shell into the web server and trying to hack the web server. Before that, we will see what is a web server and reverse shell.
What is a Web Server?
A web server is like a computer that uses an HTTP (Hyper Text Transfer Protocol) and many other protocols. it responds when a client makes a request over the world wide web. The main work of the web server is to show website content that is processed, and stored, in the webserver to deliver the webpages to the user. The Web server also uses SMTP (Simple Mail Transfer Protocol) for sending mail and FTP (File Transfer Protocol) for file transfer and storage.
What is Reverse Shell?
Reverse Shell is used for to gain full control of the compromised system a hacker can easily create a session-established connection. The main working principle is a reverse shell of the is creating remote connection and sending input output redirect to the attacking system. Reverse uses open ports for creating reverse shell. These shells are made with different programming languages like PHP, Python, etc.
Uploading a Reverse Shell to a Web Server
Follow the below steps for Uploading a Reverse Shell to a Web Server in Kali Linux:
Step 1: Looking for upload vulnerabilities in the web server.
Scan the web server for open ports. Here we will be using DVWA vulnerable machine for showing the demonstration.
nmap - Pn 192.168.29.20
Step 2: Check Upload Field Whether Upload Shell or Different File Type.
Step 2.1: Download a reverse shell from pentest monkey the file type is PHP.
Step 2.2: Now, Open the PHP file and change the IP and Port number for accessing the machine.
Step 2.3: Now Upload the PHP file on the Web Server.
Step 2.4: Select the PHP file from the local disk. Here, we have a php-reverse-shell-master.php file which we will be uploading on the target server.
Step 2.5: Now, finally upload the file on the target server.
Step 3: Let's get the Connection
Step 3.1: Enter the following command to get access to the web server and hit enter.
nc -nvlp 4444
Command Explanation:-
- nc - It's a tool named Netcat
- -nlvp - n for denying the use of DNS, hostname, and ports.
- -l - attribute for probes to a target.
- v - attribute for verbose mode in Netcat tool.
- p -attribute for using the source port
Step 3.2: Now we can enter various commands and check whether the connection is built or not on the target server. In the below screenshot, we have entered ls command and we have got the list of files present in the web server's directory.
ls
So, we have successfully uploaded the reverse shell to the web server and got access to a web server.
Similar Reads
Setup Web Server Over Docker Container in Linux Before setting up a server we must know the real meaning or definition of a server. So, the Server is a program that provides the client with any kind of services. For example, a web server provides our websites, a database server provides us data. This means every server has work to do and for ever
2 min read
Shell in a Box - Remote Linux Server via Web Browser Secure Shell (SSH) is employed to access Linux-based machines, while Remote Desktop Protocol (RDP) is employed for accessing Windows-based machines. Putty is a widely recognized SSH client for Windows. Similarly, to remotely access a Linux server via a web browser, the shellinabox application allows
3 min read
How to Create Reverse Shells with Netcat in Kali Linux? Netcat is a command in Linux which is used to perform port listening, port redirection, port checking, or even network testing. Netcat is also called a swiss army knife of networking tools. This command is also used to create a reverse shell. Before getting in depth of reverse shell one must be awar
2 min read
Creating a Persistent Reverse Shell with Metasploit in Kali Linux A reverse shell is a type of network connection in which a command shell is executed on a remote machine, and the input and output of the shell are transmitted over the network back to the local machine. This allows a user on the local machine to execute commands on the remote machine and receive th
4 min read
How to Access the Dark Web Using the TOR Browser in Kali Linux The "surface web" is the portion of the internet that is easily traceable and indexed by search engines. Only 4% of the Internet is covered by the surface web; the rest is made up of the dark web and other forms. What is Deep web & Dark web? There is a portion of the internet that is encrypted a
3 min read