Shells & Payloads: Shell Overview
Introduction
Shell Definition: Programs providing CLI (Command Line Interface) access to systems
Common terminology: "catching" or "popping" a shell = successful remote access
Primary goal: Obtain interactive system control for:
Privilege escalation
System pivoting
File transfers
Persistence establishment
Shell Types Overview
1. Bind Shells
Definition: Listener running on target system awaiting attacker connection
Key Characteristics:
Requires target to run listener
Often blocked by firewalls
Best suited for internal network testing
Basic Bind Shell Setup
Interactive Bind Shell Setup
2. Reverse Shells
Definition: Target initiates connection to attacker's system
Advantages:
Better firewall bypass (uses outbound connections)
More successful in real-world scenarios
Easier to maintain persistence
Basic Reverse Shell Setup
Shell Environment Identification
Common Terminal Emulators
Windows: Windows Terminal, cmder, PuTTY
Linux: xterm, GNOME Terminal, Konsole
MacOS: Terminal, iTerm2
Cross-platform: kitty, Alacritty
Shell Recognition Commands
Best Practices & Tips
1. Port Selection
Use common ports for better evasion:
443 (HTTPS)
80 (HTTP)
Avoid suspicious uncommon ports
2. Antivirus Evasion
3. Firewall Considerations
Bind shells:
Require incoming connections
Often blocked by firewalls
Best for internal testing
Reverse shells:
Use outbound connections
Better success rate
Preferred for external testing
4. Shell Stabilization
Consider using:
Named pipes for persistence
Error handling for stability
Proper cleanup after session
Payload Types
Network data packets
Programming instructions
Various malware forms
Command execution scripts
Security Implications
Shells provide direct OS access
Enable system command control
Facilitate data exfiltration
Allow privilege escalation
Support lateral movement
Quick Reference
Common Shell Indicators
$prompt = Bash/Ksh/POSIX shell>prompt = Windows CMDPS>prompt = PowerShell