Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

what is a "reverse shell"?

Status
Not open for further replies.
jjoensuu

jjoensuu

MIS
Oct 22, 2001
45
US
Hi all,

I recently came across the term "reverse shell" on internet, but have not succeeded finding a definition for this term.

If anyone knows what this is and how it differs from a "regular" (local or remote) command shell, could you please explain...

thanks in advance

JJ
 
Sort by date Sort by votes
I suspect that in some cases people get confused, and use the term reverse shell to mean remote shell. There is a difference though.

A regular remote shell is something on the order of a Telnet server. When you connect to this server with a client program you basically have access to a shell on the remote system from your local client system.

I won't claim to be authoritative here, but my understanding of a reverse shell is that it has the shell capabilities of a remote shell. The difference is that it acts more like a Telnet or TCP client in that it will initiate a connection to a compatible server. Upon connection the server sends shell commands to the reverse shell, which carries them out.

So the whole thing is a sort of "phone home for instructions" trojan horse technology.

I suppose the idea here is to make a minimal-payload trojan horse that exploits shell code already at the target (victim) machine. It also allows the attacker to perform several different actions upon the victim machine, possibly even deferring precisely what those actions are until a later late. For example a compromised machine might be probed for its contents when it 1st phones home, and the contents logged for review. Then upon review of such logs the miscreant might set up a set of actions to perform against the victims when they subsequently reconnect for further instructions.

This type of thing can be used for good rather than purely abusive. Remote machines might automatically "phone home" in this matter to perform replicated database synchronization, get software patches, upload transactions to central processing sites, and so on. The reason to use a "shell" to do this would be because you cannot predict in advance exactly what you might want done on the remote systems, so you use a command shell to allow almost anything (including transferring and running new programs or scripts).


Anybody else with a clearer vision on this question?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
783
Sameer258
Sameer258
DROFNUD
  • Locked
  • Helpful tip
Smartcenter Dashboard - Searching for "Any" keyword
Replies
0
Views
108
DROFNUD
DROFNUD
Sparrow4
  • Locked
  • Question
AnyConnect + Azure + SAML
Replies
0
Views
544
Sparrow4
Sparrow4
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
580
nnaarrnn
nnaarrnn
quar
  • Locked
  • Question
Moving a rule
Replies
2
Views
309
iggsterman
iggsterman

Part and Inventory Search

Sponsor

Back
Top