Posted on

Linux hacking guide for beginners

Hello, aspiring ethical hackers. In this blogpost, you will learn about Linux hacking. It comes under gaining access, third of the 5 phases of ethical hacking.

What is Linux hacking?

Although Linux hacking can be generalized as any type of hacking attempt made on Linux systems, gaining initial access to the Linux system can be termed as Linux Hacking.

Why is it important?

Linux hacking is one of the most important topics in ethical hacking. Why? According to the Statcounter global stats, as of March 2024 operating system market share, the topmost operating systems being used around the world are Linux or its variants. The same report also states that usage of Linux as desktop increased to 4.05% this year. Also note that majority of the servers around the world are Linux servers. So, learning Linux hacking can provide lot of knowledge. But what are the various methods used for hacking Linux systems.

Linux hacking techniques

There are multiple ways by which hackers can gain initial access on Linux systems. They are,

  1. Vulnerabilities in the operating system or kernel
  2. Application vulnerabilities.
  3. Payloads & malicious software.
  4. Password attacks.
  5. Misconfigured services.
  6. Social- engineering

1. Vulnerabilities in the operating system or kernel:

An operating system or kernel is the core of any Linux system. Organizations around the world use various versions of Linux operating system for different purposes. So, any vulnerability exposed in the operating system can be exploited by hackers to gain initial access.

For example, in 2014, a vulnerability named Heartbleed was detected in the OpenSSL package that comes inbuilt with Linux kernel. It was used to exploit HTTPS enabled websites of Yahoo, Google, Dropbox, Facebook and other thousands of websites.

2. Application vulnerabilities:

A lot of applications or programs are installed on Linux for performing various functions. Any vulnerabilities in these installed programs can be exploited successfully to hack the Linux system. For example, hackers exploited Apache ActiveMQ software to deploy Kinsing malware on the infected systems in November 2023, Apache ActiveMQ is used as a communication bridge between multiple components that can be hosted on separate servers.

3. Malicious payloads:

Hackers just don’t use vulnerabilities to gain access. They also use malicious payloads like malware and virus to hack Linux systems. Since 2023, malware especially ransomware designed for Linux systems in or the rise. This malware is usually delivered by exploiting vulnerabilities, phishing attack or drive-by downloads. Examples of some payload generators are msfvenom, Veil, MSFPC, Cypher etc.

4. Password attacks:

As already mentioned, most of the servers in the world are built on Linux as it is open source. These include services like FTP, HTTP, SSH etc. If credentials of any of these services are cracked by hackers, it will provide a way to gain access to the underlying Linux server. Learn more about password cracking.

5. Misconfigured services:

Sometimes, services being used in the target Linux systems can be misconfigured either by mistake or by ignorance. Hackers can exploit these misconfigurations to hack the Linux system. For example, in March 2023, an advanced malware campaign exploited misconfigurations in Apache Hadoop, YARN, Docker, Confluence and Redis on Linux instances.

7. Social-engineering:

No matter how strong the firewall on the network is or how secure the Linux devices are in a network, if the employees of the organization are not well trained, they can eventually give hackers access into the network or Linux devices. Social-engineering is often very underrated as a factor that allows hackers to hack Linux systems. Learn more about social engineering.

Posted on

Linux Configuration Enumeration POST Exploit

Hello aspiring hackers. Today we will learn about Linux Configuration Enumeration POST Exploit. After getting a successful meterpreter session on the target Linux system (as shown here), the next logical step is to perform some enumeration on the target Linux machine. Metasploit has many POST exploits corresponding to Linux enumeration.

The first module we will see is Linux configuration enumeration. The enum_configs module is used to collect information from the configuration files found of applications commonly installed in the system. These applications may include Apache, Nginx, Snort, MySQL, Samba, Sendmail, sysctl, cups, lampp and SNMP etc. This POST module searches for a config file in the application’s default path and if the application exists on the target system, the module will download the files and store it.

If the application doesn’t exist or the config file is moved from its default location, this module will display the “file not found” message. (Just like any POST exploit or as shown in the shell_to_meterpreter exploit, we need to background the current session and load the POST module as shown above. Then set the session id and run the exploit). Here is the enum configs module in action as shown below.

Liked this article? Learn advanced ethical hacking tutorials in our Monthly Magazine. Enjoy Free for 3 months.

Posted on 1 Comment

Hack Remote PC with Git Submodule

Hello aspiring hackers. In this howto, we will learn how to hack remote PC with Git Submodule. If you are a developer, cyber security enthusiast or at least a computer user, you should have definitely used (or heard about) Github. Git is an open source version control system developed by none other than the awesome Linus Trovalds (yes the same guy who created Linux).

It is a system designed to keep in touch with constant changes made to the code of software by developers. GitHub is a popular hub where developers store their projects and network with like minded people. Github stores information in a data structure called a repository. The particular module exploits a vulnerability in Git submodule.

Git submodules allow users to attach an external repository inside another repository at a specific path. This vulnerability in the Git submodule can be exploited by an attacker who can change the URL of a sub- module in a repository. This URL in the submodule can be changed to point towards a malicious link.

This module is a local exploit and works on Git versions 2.7.5 and lower. Now let us see how this module works. Start Metasploit and load the exploit as shown below. Type command “show options” to see all the options we need for this module to run.

First, we need to configure the malicious Git server. Set the options : LHOST, git_uri and Iport options as shown below. The git_uri option sets the malicious git submodule. Use command “run” to start our Git server. As the user git clones from our URL, we will get a command session on the target.

Now we need to send this malicious Git url to our intended victims. Probably it should be set as a software to convince the users to clone into their machine. Here we are testing this on KaIi Linux 2016 machine which has the vulnerable version of Git installed. We need to instruct the user to update the submodule just cloned. Let us see what happens on the victim machine.

As this happens in our victim system, we will already get a command shell on our attacker system as shown below.

We can see the active sessions using the command “sessions”.

That is how we hack remote pc with Git Submodule.

Liked this article? Learn advanced ethical hacking tutorials in our Monthly Magazine. Enjoy Free for 3 months.

Posted on

Arcanus Framework : Hacking Linux OS Part 1

Hello aspiring hackers, till now we have only seen hacking windows operating systems with customized payload generators. Today we will see hacking Linux OS with Arcanus framework.

Although not as great as Windows, people using Linux OS are growing day by day. In my opinion, Linux OS is a bit easy to hack with payload generators as there is a general myth that Linux is immune to malware. Some of my friends use Linux as dual boot to keep themselves safe from virus.

Ok, now let us see how to hack Linux OS with Arcanus Framework. Start and select the option 3 since we are generating a Linux payload. If you are new to Arcanus Framework, go here.

Hit Enter. Enter your IP address (Kali Linux in this case) and the listening port as shown below.

Hit Enter. It will generate the payload in the same directory start to automatically listen for a reverse shell as shown below.

Send the generated payload to our victim. When he runs it, we should get a shell on his system as shown below.

Image explaining about usage of Arcanus framework