When we configure a bind shell, we are essentially telling the remote machine to serve a shell to us via a TCP port, set up a listener (server) on that port, and when we make a connection to that port, run the shell and send the text output across the network to us. This may or may not be the case, but often it’s not. Sometimes ports can be hijacked for use with netcat, but that obviously requires that the attacker knows which IPs/ports are open and forwarded, which means that they have a knowledge of the firewall/NAT device configuration. If the machine is behind a device that is providing NAT, like a firewall, the connection may or may not be successful depending on which ports are forwarded to the device. This requirement is such because the attacker must be able to point netcat at the IP address of a machine directly and receive a response. A typical situation that accommodates this requirement is when the attacker and the remote host are on either the same IP subnet, or subnets that are directly routed to each other without any form of network address translation (NAT) between them. Ideally, it would run these commands every time the machine starts up to keep access to the shell alive.Ī bind shell is useful when the attacker (us) has direct access to the IP address of the remote host. The targeted exploit in this case would download netcat binaries in a hidden location on the machine’s drive, and then execute the proper commands to set up a bind or reverse shell. Though it’s outside of the scope of this article, common initiators for setting up the remote machine to access a shell include physical access to the machine, remotely exploiting the machine via a method that allows remote code execution, or setting up a “bad USB” drive that someone is tricked into plugging in to their machine, which would then run exploit commands.
As “catch 22” as this sounds, there are several options to get netcat on the remote machine, as well as execute the netcat (nc) command to provide us a shell. Preparing for Remote Shell Accessīoth of these shell options require that commands be run on the remote host, so that we can run commands on the remote host. These remote shell access methods typically take one of two forms – a bind shell, or a reverse shell. In network security, netcat is typically used to transfer files to/from a compromised host, or to access a shell/command prompt on a compromised host. You can set up and tear down connections on any machine with netcat binaries, and that machine can act as either a server or a client to communicate with other machines running either another instance of netcat, or other services like SMTP. The simplest definition of netcat is that it’s a network utility that’s used to read to and write from TCP or UDP connections.
0 kommentar(er)
