Improving web shells with asymmetric encryption
You're out surfing the world wide web having a great time, then suddenly, you find a security vulnerability. What do you do? Report it? Hmm, ok. Well some people might go the other way and upload a web shell1 to own the server. However, current state-ot-the-art web shells are lacking in my opinion and in this post I want to present a possible improvement, together with defensive methods.
If you're just interested in the challenge, and the possibility to win some Monero (XMR), you can jump to the challenge section.
Web shells
First of all, what is a web shell? In short, you can think of it as a web page that allows you to run commands on the remote server. A shell2 on the web so to say. From there, it is usually easy for an attacker to do whatever they want, e.g. exfiltrate data, modify data, steal computing resources, etc. The image below shows what such a web shell might look like.
So where is the need for improvement you might wonder. The problem is that using digital forensics together with a network log, it is trivial to see what commands the attackers used and what data they got away with. Let's quickly define the model and the problem we want to solve.
Defence model
Goal: Confidentially run commands and extract data from server. I.e. the defender should not be able to tell which commands where issued.
- The defender logs all network traffic and is capable of decrypting their own TLS.
- The defender knows the clean (deobfuscated) source code of the shell.
Based on this model we can draw some conclusions. First, to achieve confidentiality we need encryption. Some shells do this, more about that in the next section. Second, since all traffic is logged, the attacker cannot send the keys using HTTP(S). The most important thing is that we cannot hide the key inside the shell. I cannot stress this enough. No matter the amount of obfuscation and sleight-of-code, the key cannot be inside the shell. While not a web shell but rather a ransomware, PowerWare made this mistake.
Luckily, PowerWare is nowhere near as strong as the ransomware programs it impersonates. It uses the AES-128 encryption algorithm, but with a hard-coded key4Not only criminals make this mistake. Atlassian thought they could put a key inside the application, they got owned for it3.
Based on this, the only possibility I see is that the web shell must generate it's own key. This is the at the core of asymmetric encryption, which isn't particularly new. Yet I haven't seen any web shells use it. To be fair, most ransomware actually do use it.
Short survey of web shells
Before I present my solution, I think we should that a look at the history and current state-of-the-art.
C99 is a classic web shell with a lot of features. In terms of security it has password protection for access. This mainly stops other attackers from using the same shell. Using the network log, an administrator can easily see the password.
encrypted-web-shell.php is a packer for web shells that uses strong encryption to encrypt the shell code before uploading it. This is clearly an improvement over a plain C99 shell. However, as soon as the attacker submits the encryption key, either through the cookie or a post request, the defender will be able to decrypt the file.
CCCPShell is the only shell I found that actually encrypts the communication. Even they themselves seem surprised over this, judging from the README, "Encrypted comunication (first phpshell in the world???)". While an improvement, it still fails because the key used for encryption is hard coded in the shell, as well as, sent over POST by the attacker.
I think the FRA shell from FRA Challenge 2019-1 deserves an honorable mention as it uses different keys for each message and no hard coded keys. Impressive for being just a toy example of a vulnerable shell.
I also want to mention that even advanced attackers use bad shells. You can check out the logs from the
Operation Wocao
concerning the Advanced Persistent Threat (APT) group 20.
Here the commands, such as whoami and dir, are visible in the htaccess
log. Note that the htaccess log is just a subset of a raw and decrypted network log, which is what we consider here.
In the webserver logs below, two operators of the group attempt to access the deleted webshells, executing several Windows commands on one of the webshells, all of which no longer return any of the expected responses.
DHAShell.php
Here I propose my solution. DHAShell (Diffie Hellman AES Shell).
Init
The shell uses openssl_pkey_new to generate a new asymmetric key pair using randomness from the server. This means that the private key is never sent over the network. The client generates similar keys
and then the Diffie Hellman exchange is performed, resulting in the shared secret. This shared secret is then used
as a symmetric key to encrypt the communication.
Communication
Using the shared secret, the client encrypts the payload using AES and sends it to the server (shell). Since we are focusing on web pages, which should be stateless, the client also needs to send it's public key so that the server can compute the shared secret. The AES is running in GCM mode which also allows for authenticating messages.
Code
I'll publish this on Github after some revision. For now it's available here. The attacker will use client.php on their own server, or any server not controlled by the victim. The server.php file is uploaded to the victim.Challenge
To incentive people to break my method I've set up a challenge in a FRA challenge style, with a 0.5 Monero (XMR) prize pot (~$20). This network log contains an attack using DHAShell to read the mnemonic seed for a Monero private key.
Please note that the private key is not stored on this server, except for in the network log. Don't waste energy on attacking this website. I'm mean, feel free, but not for the sake of finding the private key.
Hi!
I'm an intern from Berg Gox and I'm afraid we have been hacked.
Some of our cryptocurrency customers have started to complain about lost funds. I think the attackers might have been able to steal our private key. Can you recover it from this network log?
Unfortunately we also lost our physical backups of the keys in a boating accident.
Limitations
The major drawback of using Diffie Hellman is that it is vulnerable to MITM. In theory this means that the defender could set up a proxy that would intercept the handshake and eavesdrop on the communication. However, at this point the defender would know an attack was being mounted and should just block the attacker and remove the shell. It could be of interest to researchers and honeypots owner where the attack can be rendered harmless but the patterns can still be observed.References
- Web shell
- Shell
- Atlassian Zero Day Bug
- Researchers release free decryption tools for PowerWare and Bart ransomware
Write your comment!
Comments
Thanks for the insightful comment! I've heard about Xdebug before but actually not in the context of tracking function arguments, cool! Indeed that would totally break the confidentiality, good point!
From what I remember, Xdebug adds a lot of overhead so you are probably correct in that it won't be used in production.
Wow, awesome blog structure! How lengthy have you been blogging for?
you made running a blog look easy. The total glance
of your website is great, as neatly as the content material!
https://www.808hawaiiwear.com/
You need to be a part of a contest for one of the most useful blogs on the net.
I most certainly will recommend this web site!
https://www.pinterest.com/808hawaiiwear/
Remarkable things here. I am very glad to peer your article.
Thank you so much and I am having a look ahead
to contact you. Will you kindly drop me a mail?
http://203.105.231.188/login/rd.am/http:/topsearch24h.com/search/5+tips+to+buying+used+exercise+equipment/gate/gb/fwcityvision.org/stats/referrer.html/vsadmin/login
I want to to thank you for this good read!!
I certainly enjoyed every bit of it. I have got you book marked to
look at new stuff you post…
http://greenoaknationalinsurance.com/__media__/js/netsoltrademark.php?d=www.808hawaiiwear.com
ONLINE ΠΑΡΑΦΑΡΜΑΚΕΙΟ
ΒΙΤΑΜΙΝΕΣ - ΣΥΜΠΛΗΡΩΜΑΤΑ ΔΙΑΤΡΟΦΗΣ
ΦΡΥΝΗΣ 55 ΤΚ 11633 ΑΘΗΝΑ
ΕΛΛΑΔΑ - GREECE
ΤΗΛ. 6983036216
Βιταμίνες (https://www.medcenter.gr)
For anyone searching for a professonal locksmith, I
highly recommend hiring a local expert. They can help with emergency
lockouts, key cutting, and improving home safety.
I’ve had a great experience, the service
I received was quick, reasonably priced, and skilled.
Youu won’t regrt it!
I've learn several just right stuff here. Definitely worth bookmarking for revisiting.
I wonder how so much attempt you put to make any such great
informative website.
https://bezmaksas-griezieni.net/
Amazing post! Bathroom remodeling is such a rewarding project, annd your ideas are super helpful.
I especially lovesd thhe tips about choosing fixtures.
Can’t wait to more content like this!
Searching for expert pest solutions? Your search ends here!
Our team specializes in eco-friendly pest control services.
From termites to cockroaches, we tailor solutions to
your needs. Call us today to schedule a consultation!
ChatVirt.com offers the final sexting happening with
real-time, intimate chats designed to fulfill your wildest
desires. Whether you're looking in the service of flirtatious exchanges or
a profoundly dump into erotic fantasies, ChatVirt.com provides a safe and watchful platform for sexting natter with like-minded individuals.
With a user-friendly interface and complete anonymity, you can observe your desires with boldness, knowledgeable your
confidentiality is always protected.
Put together with captivating women and free virt chat girls who are ready to draw in steamy understood natter sessions.
Whether it's through high-spirited venereal text chat or intrepid and overpowering conversations, you'll discover an engaging community that's always revealed for electrifying, full-grown chats.
Sign up today at ChatVirt.com and unlock a faction of pugnacious,
accepted experiences that wish check out you wanting
more.
site. It's simple, yet effective. A lot
of times it's hard to get that "perfect balance" between user
friendliness and visual appeal. I must say you've done a
excellent job with this. Also, the blog loads
super fast for me on Opera. Exceptional Blog!https://totalizators.online/
ChatVirt.com offers the concluding sexting face with real-time, cherished chats designed to fulfill your wildest desires.
Whether you're looking for flirtatious exchanges or a profoundly dive into erotic fantasies, ChatVirt.com provides a safe as the bank
of england and watchful tenets as far as something sexting chat with like-minded individuals.
With a understandable interface and ended anonymity, you can explore your desires
with boldness, astute your privacy is always protected.
Put together with captivating women and sexting chat girls
who are punctual to undertake in fogged up practical natter sessions.
Whether it's inclusive of high-spirited venereal text heart-to-heart or bold and overpowering conversations,
you'll discover an charming community that's again navigable during thrilling, full-grown chats.
Hieroglyph up today at ChatVirt.com and unlock a the public of pugnacious,
effective experiences that when one pleases leave you not up to par more.
mideatoto slot
https://arephotographers.org/
Wow, that's wһat I ѡaѕ exploring fоr, what ɑ material!
present here at this webpage, thanks admin ᧐f this wweb site.
https://bilgalarm.com/
It's truly very complicated in this full of activity life to listen news
on Television, thus I simply use web for that purpose, and obtain the newest information.
mideatoto slot thailand
https://arephotographers.org/