• Reverse Shell
  • SSH Reverse Shell
  • Netcat Reverse Shell
  • Keeping a tunnel open using systemd
  • References

Reverse Shell

A reverse shell is needed to connect to a remote host that is on a local area network, behind a Network Address Tranlsation (NAT) router.

We use the term remote host to refer to the machine you are connecting to that is behind the NAT router.

We use the term your host to refer to the machine you are connecting from.

SSH Reverse Shell

This solution requires that the remote host is running an SSH daemon.

From the remote host:

    ssh -NR 3333:localhost:22 user@yourhost

From your host:

    ssh user@localhost -p 3333

If you get an error when running the command on your host similar to the following, it may be caused by not having an SSH daemon running on the remote host.

    ssh_exchange_identification: Connection closed by remote host

Netcat Reverse Shell

If the remote host isn't running an SSH daemon, you can connect using Netcat. This connection will be unecrypted.

On your host run Netcat to listen for connections:

    netcat -v -l -p 3333

On the remote host establish a connection to your host:

    netcat -e /bin/sh yourhost 3333

You now have a remote shell running on your host without a prompt. You can enter commands and see the response.

Keeping a tunnel open using systemd

$ sudo cat << EOF >> /etc/systemd/system/sshtunnel.service
[Unit]
Description=SSH Tunnel
After=network.target

[Service]
Restart=always
RestartSec=20
User=sshuser
ExecStart=/usr/bin/autossh -M 20000 -R 3333:localhost:22 -N user@yourhost

[Install]
WantedBy=multi-user.target
EOF

$ sudo systemctl enable sshtunnel
$ sudo systemctl start sshtunnel

autossh logs to the system log, so if it doesn't appear to be working properly, that's the place to look.

https://superuser.com/questions/37738/how-to-reliably-keep-an-ssh-tunnel-open

References

• http://www.plenz.com/reverseshell

Related Topics: VncTips

-- Frank Dean - 12 Mar 2010

• Viki
• Business
• Tech