Let us see the basic differences between a bind shell and a reverse shell.. What is a Shell A shell is a software that acts as a intermediary between user and the kernel. It provides the user an interface which provides access to the services of kernel. Eg : Bash shell etc.. Code: +-----------------+ _______________ +----------------+ | Aneesh | Behind NAT / / | Shabbir | | With Private ip | ----> ----> / Internet /----> ----> | with Public IP | +-----------------+ /______________/ +----------------+ Ok.. So in this scenario.. Aneesh has a computer connected to the internet with a private ip..(no hosting) while Shabbir is connected to the internet with a Public IP (Hosted)..It basically means Shabbir's system can be accessed by any one connected on the internet but this does'nt go for Aneesh.. Aneesh's system being behing the NAT cannot be directly connected by other Machines on the internet.. Bind Shell Lets suppose Shabbir has encountered some problem with his system and need some help from Aneesh.. He simply binds his shell (cmd.exe or /bin/bash) to a specific port and sends Aneesh its port no and other details.. In this scenario Aneesh can simply connect to the Shabbir's Machine and Get the Shell!!So in this case :- Aneesh's End :-Connect to shabbir (Acts as a client) Shabbir's End :-Listen for connections (listen / act as a server and bind his command shell on the network..) Reverse Shell Now lets suppose after some days Aneesh screwed up his system and now he asks Shabbir for his help..But in this case the bind shell cannot be used as 'Aneesh' doesn't have a Public IP and his system is not available publicly!! Now to conquer this problem. Aneesh sends his command prompt to Shabbir.. So , in this case :- Aneesh's End :-Would bind his shell and send it to Shabbir through the network..(Connect) Shabbir's End :-Listen for connections , Respond to them (listen / act as a server) That's all for this article.. I hope the viewers like it..
Thanks!! It's all because of people like you who motivate me to produce more and more article!! :happy::happy::happy::happy:
Hi Aneesh, very nice explanation..just to know there is one section called code at the beginning but nothing actually shows there..any suggestions. Thanks for the article!!!
You mean :- Code: +-----------------+ _______________ +----------------+ | Aneesh | Behind NAT / / | Shabbir | | With Private ip | ----> ----> / Internet /----> ----> | with Public IP | +-----------------+ /______________/ +----------------+ Actually , I used <code> tags for formatting reasons!
Hi Aneesh, Would you be able to provide sample code to create the above connection. Also do you think it is possible to have a two way connection using this method? Thanks, Aman
Hi Aneesh, So can you post a sample code for creating the connection? Also any advise on creating a two connection using the same method? Thanks. Aman
What is the countermesure an admin go use so attackers will not gain access the the web servers when shells php code is injected or will not be able to work on the server..