Remote Shell: Embedding Client-Side Code into a Package Lab

Infosec Learning
Virtual Lab

The development of this document is funded by the Boston Area Advanced Technological Education Connections (BATEC) Grant No. NSF-0703097 thru Bunker Hill Community College. Hashing can be used to verify the integrity of data. That is why a lot of sites include a hash function to verify the package has not been tampered with when downloading. Packag...

Time
1 hour 30 minutes
Difficulty
Advanced
Share
NEED TO TRAIN YOUR TEAM? LEARN MORE
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Overview

The development of this document is funded by the Boston Area Advanced Technological Education Connections (BATEC) Grant No. NSF-0703097 thru Bunker Hill Community College.

Hashing can be used to verify the integrity of data. That is why a lot of sites include a hash function to verify the package has not been tampered with when downloading. Packages should never be installed unless they come from a trusted source, and with the package's integity upheld. This lab will demonstrate embedding BASH command into a package and using Social Engineering tactics to entice a user Alice into installing it. This lab will also demonstrate consequences of this action by allowing the attacker system access through a remote shell.

Embedding Client-Side Code into a Package