by Ed Skoudis
Many pen testers know how to create a reverse backdoor shell with Netcat. But, what do you do if you have a Netcat that doesn't support the —e or —c options to run a shell? And, what if your target doesn't support /dev/tcp? In this article, I'll show you a nifty little work-around using some command-line kung fu with shell redirects.
Netcat is fantastic little tool included on most Linuxes and available for Windows as well. You can use Netcat (or its cousin, Ncat from the Nmap project) to create a reverse shell as follows:
First, on your own pen test machine, you create a Netcat listener waiting for the inbound shell from the target machine:
skodo@pentestbox# nc —nvlp 443
Here, I'm telling Netcat (nc) to not resolve names (-n), to be
By Mark Baggett, the SANS Institute
You know the old saying "Give a man a backdoor undetected by antivirus and he pwns for a day. Teach a man to make backdoors undetected by antivirus and you will get free drinks for life at DEF CON."
During the exploitation phase of a pen test or ethical hacking engagement, you will ultimately need to try to cause code to run on target system computers. Whether accomplished by phishing emails, delivering a payload through an exploit, or social engineering, running code on target computers is part of most penetration tests. That means that you will need to be able to bypass antivirus software or other host-based protection for successful exploitation. The most effective way to avoid antivirus detection on your target's computers is to create your own customized backdoor. Here are some tips for creating your own backdoors for use in penetration testing:
TIP #1: Do your reconnaissance. Know what antivirus software target