Reverse Shells - jwells24/Tech-Journal GitHub Wiki

Reverse Shells

  • A reverse shell is created when you create a connection from an exploited machine back to the attackers machine. This can be done a couple of different ways, such that we documented in Lab 8.2.

Reverse shell via Bash

  • The first reverse shell we accomplished was establishing a connection using bash on the command line. In order to do this, we first needed to have command line access to an exploited machine. On our own machine, we run the command below in order to listen on a port for requests.

image

  • Once we are listening on port 4449, we run the command below to establish a connection between the exploited machine and our own allowing us command line access. Make sure that you input the correct listening port and the IP of your machine, not the exploited machine.

image

Reverse Shell on Windows

  • Creating a reverse shell is harder on Windows because of Windows Defender. If we try running a script to activate a reverse shell in the command prompt, we first need to shut down Windows Defender. The command below in powershell will disable Windows Defender.

image

  • Once we have disabled Windows Defender, we can run the script below in the command prompt to activate a reverse shell. Make sure you have the correct port and target IP input.

image

Reverse Shell using python3

  • The last objective for this lab was to create a reverse shell using python3, and I researched a one-liner that would create a reverse shell using python3. All you need to do is have command line access to a machine, run this command, and a reverse shell will be created. Ensure that you have the correct target IP and port and that you are listening on the correct port on your machine.

image

Reflections

  • Some of the things I noticed in this lab was that it was quite simple to set up a reverse shell on linux, either using the bash or python3 method. Once command line access was achieved, it was simple to route the command line back to your own computer. Beating Windows Defender would definitely be hard in a real environment thus making achieving a Windows reverse shell harder. I didn't really have that many issues in this lab when working on the reverse shells.