Don’t Forget Command Line Tools Can Attack

Which ones? How about curl or wget? When i saw another ISC (Internet Storm Center) post that is what I was thinking about.  

What is a command-line browser? And why is it so important to watch out for it?  Every computer has a command line – it is built-in to the Operating system. and thus if a tool is built-in, the hacker does not need to download it first to use it. It is already there.  SO, what can be done with curl?

curl can connect to websites on the internet try it on your command line in your system (any system) – see if it works For example:

curl.exe http://example.com   or the malware would run http://w.x.y.z    (where wxyz are internet website numbers of the criminal attacker’s devices )

This gets technical quick, but even if curl is not installed for some reason, a similar tool can be installed with power shell (according to ISC post on command line browsers) The problem here is that a little bit of knowledge gets built up on and then pretty soon the criminal hacker has a way for the attacker to keep  a connection into the system.    This method is good for when the  hacker already has a system compromised and is looking to do something else with it.

The ever present danger with computers are that a small error can lead to more problems. so that is why the defense has an almost impossible task to block off  all avenues of attack, including the ones that are “built-in”.

This is why a proxy server or a NGFW (Next Gen FIrewall) firewall can close off or make it detectable at least.

Auditing your environment is also a simple yet effective method to make sure even small errors are detected.  (like not patching systems or other easy fixes – like changing default passwords.

 

Here is where the expertise in hacker knowledge get’s built upon more expertise in hacker knowledge – until one has a method of taking over a network of systems. Slowly but surely.   As we have discussed many times before.

https://oversitesentry.com/risk-management-should-be-known-threats-evaluated-find-unknown-threats/  

https://oversitesentry.com/why-risk-management-model-failed-us/

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.