Before diving into the details of what a shell is, to put it simply, a shell is what we use to interact with the command line interface (CLI).
In easy terms, on Linux it refers to bash, and on Windows it refers to cmd or PowerShell.
When attacking a remote system, our goal is to obtain this shell that was just described.
There are two techniques for doing this.
- Reverse Shell — a method where the target server connects back to us
- Bind Shell — a method where we open a port on the target server and connect to it ourselves
There are various tools available for obtaining a reverse shell or setting up a bind shell.
However, there are two things that are fundamentally required.
Those are the shell code (payload) that will be executed on the target system, and an interface tool that allows us to access the shell that was created.
Let's briefly go over each one below.
The first is "netcat."
Netcat is a tool that has been traditionally used in the networking field and can perform a variety of network tasks manually.
For example, it can be used for banner grabbing during the information gathering phase, or for receiving a reverse shell or connecting to a bind shell as we saw earlier.
However, since netcat is very unstable, its stability needs to be improved through various techniques.
The second is "socat."
Socat can simply be thought of as a superior version of netcat.
This is because it includes all the functionality of netcat and is capable of even more beyond that.
In particular, shells created with socat are far more stable than those with netcat, which makes it significantly better than netcat in that regard.
However, socat has complex syntax and, unlike netcat, is not installed by default on Linux, so these drawbacks must be accepted in order to make use of socat.
The third is the "exploit/multi/handler" module from the Metasploit Framework.
This module is used to receive reverse shells, just like Socat or Netcat.
Also, being part of the Metasploit Framework, multi/handler comes equipped with all the features needed to obtain a stable shell, and even provides a variety of options to improve the obtained shell.
The fourth is Msfvenom.
Msfvenom is part of the Metasploit Framework just like multi/handler, but it can also be used as a standalone independent tool.
However, the main feature of Msfvenom is generating payloads on the fly. It can create not only reverse shells and bind shells, but also a wide variety of other types of payloads.
There are many other tools beyond these, but that is all for today's explanation.