Chapter 16. Establishing a Foothold
After exploiting a target system and gaining access, the next step is to establish a foothold by using a remote-access tool. A remote-access tool is a critical component of any penetration test, as it allows you to execute commands remotely on a system as well as maintain access to the system over time.
Commands in Use
In this chapter, we introduce the nc command to create network connections.
nc
The nc command, also known as netcat, can be used to create TCP and UDP connections and listeners. It is available on most Linux distributions by default, but not Git Bash or Cygwin.
Common command options
- -l
-
Listen for incoming connections (act as a server)
- -n
-
Do not perform a DNS lookup
- -p
-
The source port to connect from or listen on
- -v
-
Verbose mode
Command example
To initialize a connection to O’Reilly.com on destination port 80:
nc www.oreilly.com 80
To listen for incoming connections on port 8080:
$ nc -l -v -n -p 8080 listening on [any] 8080 ...
Single-Line Backdoors
There is no better way to keep a low profile during a penetration test than by using tools that already exist on a target system to accomplish your task. There are a couple of ways you can create backdoors on a system to maintain access, and they require only a single line of commands and tools that are already available on most Linux systems!
Reverse SSH
Creating a reverse SSH connection is a simple and effective way of maintaining access to a system. Setting ...
Get Cybersecurity Ops with bash now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
