Understanding reverse shells
Shell Game
Firewalls block shell access from outside the network. But what if the shell is launched from the inside?
Recently, I've thoroughly enjoyed brushing up my offensive security skills. I've worked in the defensive security field for longer than I care to remember, and gaining more insight into how attackers perceive the world has really opened my eyes. My background is two-and-half decades of Linux and securing containers over the last seven years or so. An area that always piques my interest is Linux-based local privilege escalation. Once you have found a way of gaining access to a machine, the Holy Grail is elevating your privileges to the root user so you have full control.
Sometimes achieving root can take a little time. As an attacker, it is important to be able to return at a later date if you haven't achieved root user privileges yet or you want to monitor changeable data on a machine. Penetration testers and attackers would call this ongoing access persistence, which is the ability to gain a foothold and then maintain access; you might also call it creating a backdoor.
Attackers have a multitude of ways for ensuring that, if a machine reboots or some other event occurs, a backdoor is re-established automatically. This article looks at reverse shells and provides some examples of how to achieve persistence once you have gained access to a Linux machine. It should go without saying that you should use the following information for testing, practicing, and improving your knowledge and not for some nefarious purpose.
[...]
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Kubuntu Focus Releases New Iterations of Ir14 and Ir16 Laptops
If you're a fan of the Kubuntu Focus laptops or have been waiting for the right time to purchase one, that time might be now.
-
NixOS 24.05 Is Ready for Prime Time
The latest release of NixOS (Uakari) has arrived and offers its usual reproducible, declarative, and reliable goodness.
-
Linux Lite 7.0 Officially Released
Based on Ubuntu 24.04 and kernel 6.8, Linux Lite version 7 now offers more options than ever.
-
KaOS Linux 2024.05 Adds Bcachfs Support and More
With updates all around, KaOS Linux now includes support for the bcachefs file system.
-
TUXEDO Computers Unveils New Iteration of the Stellaris Laptop Line
The Stellaris Slim 15 is the 6th generation and includes either an AMD or Intel CPU
-
KDE Releases Plasma 6.0.5
The latest release of the Plasma desktop has arrived with several improvements and the usual bug fixes.
-
Gnome OS Adopting systemd-sysupdate
Gnome OS is about to undergo a major under-the-hood change that promises enhanced security.
-
Endless OS 6 Now Available
After more than a year since the last update, the latest release of Endless OS is now available for general usage.
-
Fedora Asahi 40 Remix Available for Macs with Apple Silicon
If you've been anticipating KDE's Plasma 6 for your Apple Silicon-powered Mac, then you're in luck.
-
Red Hat Adds New Deployment Option for Enterprise Linux Platforms
Red Hat has re-imagined enterprise Linux for an AI future with Image Mode.