In this chapter, we will focus on getting a reverse connection from an exploited system. We will also cover different methods for getting a secure reverse connection, explaining the difference between a non-encrypted and encrypted channel by showing the noise level it creates in the network using tcpdump for packet-level analysis.

When penetration testing, it is common to encounter the issue of getting a shell. In this case, individuals either upload a web shell on the target site and interact with the server or they execute a command to get the reverse connection. In both cases, if the scope of testing includes internal network recon, then reverse shell connection is a must.

For beginners, getting a reverse shell is very interesting. ...