Reverse Shells in Hacking : Part 1
Understanding Reverse Shells in Penetration testing/Hacking environment.
You must have heard this terminology, if not in real life, at least on TV where ‘hackers’ pretends to hack the system.
But there’s a lot of theory behind this word. Reverse shell, back-doors, shells, scripts. Exploits? All these are jargon you might have come across.
NOTE: Part 2 will be walk-through of hacking a system using reverse shell.
When I started my work on Pen-testing, trying to get into different machine, I often used reverse shells, without actually knowing what it is and how it’s working. I just knew it did the job for me. And I liked it. So what exactly is a reverse shell, lets break this down one by one.
What is ‘Shell’ ?
A shell is something that initiates another program. A program that kick-starts another program in a system. Simple. It’s commonly referred as CMD instances in a Windows environment. For Linux, its a shell. So basically with shell we can make the system perform activities for us. This is in-fact embedded deep inside the functionality of a computer system, which you’ll understand if you read more about Operating system, process, shells etc.
From the Security point of view, if we ‘get a shell access’ on our target system, it basically means we can manipulate things on that system, using our system. This again might vary depending on the type of shell you will get.
Lot’s of hacking just involves this. Finding a weak door access to the system, go inside, plant the malware, execute the malware remotely, get the shell access on your system. Tada
For an instance, one of the machine I Recently explored, had vulnerability with FTP. I exploited the ftp access, although I never got root access. But now I can easily remote execute a malware there, maybe giving me the higher root access, privilege escalation ? We ought to try..
Then what’s a reverse shell ?
When we are talking about reverse shell, we are essentially trying to establish connection from the victims side. Our system will be made to act like a server, listening on a particular port. The malware or ‘shell’ we implanted on the victims machine is executed. This either happens through the victim himself, accidentally initiating the execution, or through us, where we ourselves execute it.
Upon execution, the victim’s system sends connection requests to our system(on that particular port). If we implementing this via a tcp methodology, we’ll observe SYN packets. This is all we are trying to do when we talk about ‘getting a reverse shell access’. Simple (2).
When considering performing pentesting, we get advanced shell access, with meterpreter, or a generic shell. Do note that there’s another type : Bind shell. I will make another article dedicated on bind shell, after completion of this.
I have heard about ‘backdoors’. Are they related to reverse shell?
Backdoors involve stealth. ( And our favorite tool Nmap isn’t really stealthy :( sadly ). This is a very general term, if we are talking this in association with Reverse shell. Backdoors can be seen as one mean to get our reverse shell exploits working.
But before all of this confuse you beyond your senses, just remember backdoors as means of access to a system. Just keep this in mind.
Let me put this in a more lucid way, through the help of fellow redditors.
In the next part of this series of article, I’ll post a walk-through on how to use reverse shell to gain access on target system. If you have hackthebox prime VIP subscription, you can follow it word by word. Otherwise just take a random ctf (easy level) from vulnhub and try doing the same.
Art Credits to awesome artists on unsplash.com ❤
Credits to the random redditors : https://www.reddit.com/r/HowToHack/comments/ay9427/what_is_the_difference_between_a_backdoor_and_a/
