Creating a reverse shell to do work or modifications on a remote machine can at times be essential. Many years ago I remember working in sales or as an analyst and not understanding networking and systems. This process seemed magical as someone could remotely start opening files, updating printers or just troubleshooting any machines from what seemed to be a far off distant land (the server room).
Now I have learned a lot since those days and here I want to show in a simple way how a reverse shell is created which is just a connection from one computer to another. In essence I can do anything with the remote machine as if I just plugged in a monitor and keyboard to it.
There are two main parts in creating this type of connection. First I have a server and then I have a client. Each will be using a separate Python file for this process to work.
I find that the easiest way to understand large or complex systems is to understand the individual components that make up the greater whole. First I created a socket which connects the two computers. I tell the system to create a connection on port 9999 to be listening for our incoming connection.
 |
| The creation of a socket which I will be connecting to. |
From here I am able to bind the socket and start listening.
 |
| Binding and listening for connections. |
I created Ubuntu servers in the cloud to test this out. Here the client.py file is told which server to connect to and on which port.
 |
| The beginning of the client side connection. |
Here is where it gets interesting. I define the actual pipes where the data will be flowing and the process flow of encoding and decoding.
Now that I created all the coding to do a reverse shell I wanted to be able to see how I would implement this completely remotely. Meaning I am going to create an Ubuntu server in the cloud that I am remotely connecting to via SSH and I created another Ubuntu server that will serve as a client's machine that is also in the cloud.
Once I was connected to my server and client machines I uploaded the python files and started the "server.py" file on the main server. The output says "Binding the Port 9998" and I know that it will now be listening on port 9998 for incoming connections. On the other machine I then started the "client.py" file. Instant success!
 |
| On the left the client.py file is started. On the right a connection is received from the other machine and I have a command line. |
 |
| I am /root. |
As a simple test I input the command "ls" to list the files. Since this is a fresh server for this example the only file in the working directory is "client.py" and then the command prompt shows that I am in as /root.
 |
| Reverse shell in action. |
For this example I just listed the files and then did an echo command of hey. As you can see the "hey" is echoed on both machines. From here I have a command line that can now remotely control a computer from the terminal and I can do whatever modifications or file transferring is required.
No comments:
Post a Comment