-
Notifications
You must be signed in to change notification settings - Fork 14k
How to use a reverse shell in Metasploit
There are two popular types of shells: bind and reverse. A bind shell opens up a new service on the target machine, and requires the attacker to connect to it. A reverse shell (also known as a connect-back) is the exact opposite: it requires the attacker to set up a listener first on his box, the target machine acts as a client connecting to that listener, and then finally the attacker receives the shell.
The basic usage of payloads is already quite well documented in the Users Guide in Metasploit's documentation folder. However, learning how to use a reverse shell still remains the most common question in the Metasploit community. Plus, 9 times out of 10 you'd probably be using a reverse shell to get a session, so in this wiki documentation we will explain more about this.
If you find yourself in one of the following scenarios (but not limited to), then you should consider using a reverse shell:
- The target machine is behind a different private network.
- The target machine's firewall blocks incoming connection attempts to your bindshell.
- Your payload is unable to bind the port it wants due to whatever reason.
- Home Welcome to Metasploit!
- Using Metasploit A collection of useful links for penetration testers.
-
Setting Up a Metasploit Development Environment From
apt-get installtogit push. - CONTRIBUTING.md What should your contributions look like?
- Landing Pull Requests Working with other people's contributions.
- Using Git All about Git and GitHub.
- Contributing to Metasploit Be a part of our open source community.
- Meterpreter All about the Meterpreter payload.