The information here is obtained when I learned the What the Shell? room of TryHackMe. I learned a lot of techniques to obtain a shell. The information posted here is currently from Linux only. When I complete the practice on Windows, I shall add the information from my practice on Windows machine.
I am on track to complete the Junior Penetration Tester learning path sometime this month (October 2024). I am currently at 89% completion.
There are times when we encounter websites that allow us an opportunity to upload, in some way or another, an executable file. Ideally we would use this opportunity to upload code that would activate a reverse or bind shell, but sometimes this is not possible. In these cases we would instead upload a webshell.
Reverse shells are when the target is forced to execute code that connects back to our computer. On our own computer we would use one of the tools to set up a listener which would be used to receive the connection. Reverse shells are a good way to bypass firewall rules that may prevent us from connecting to arbitrary ports on the target; however, the drawback is that, when receiving a shell from a machine across the internet, we would need to configure our own network to accept the shell. This, however, will not be a problem on the TryHackMe network due to the method by which we connect into the network.
Bind shells are when the code executed on the target is used to start a listener attached to a shell directly on the target. This would then be opened up to the internet, meaning we can connect to the port that the code has opened and obtain remote code execution that way. This has the advantage of not requiring any configuration on our own network, but may be prevented by firewalls protecting the target.
The PHP reverse shell by pentestmonkey is a tool designed for pentesting scenarios where we have upload access to a web server running PHP. To use it:
- Download the repository from GitHub.
- Modify the source to use a listener's IP address.
- Upload the modified script to the target web server.
- Set up a netcat listener, then upload and activate the shell.
- Download and execute the backdoor on the target using a one-liner.
Reverse Shell Cheat Sheet - Internal All The Things
Note to Self: https://docs.github.com/en/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax and https://stackoverflow.com/questions/11509830/how-to-add-color-to-githubs-readme-md-file