What the Shell?
This room covers everything you need to know about shells — the fundamental mechanism for maintaining access to a compromised target. You'll learn the difference between reverse and bind shells, how to catch and send shells with netcat and socat (including encrypted socat shells), how to stabilize a raw shell into a full interactive TTY, how to generate payloads with msfvenom (staged vs stageless), and how to use Metasploit's multi/handler. Both Linux and Windows practice boxes are included for hands-on work.
Skills You Will Learn
Prerequisites
- thm-metasploitintro
- linux-basics
- networking-basics
Walkthrough Phases
Shell Types: Reverse vs Bind
Understand the two fundamental shell architectures and when each is used
Netcat: The Swiss Army Knife of Shells
Use netcat to catch reverse shells and connect to bind shells
Shell Stabilization: Getting a Proper TTY
Upgrade a raw shell to a fully interactive TTY
Socat: Better Shells, Encrypted Channels
Use socat for superior shells and learn encrypted shell technique
Common Shell Payloads
Learn the mkfifo bash shell and explore the full payload cheatsheet
Msfvenom: Payload Generation
Generate staged and stageless payloads for Windows and Linux targets
Multi/Handler: Catching Meterpreter Shells
Configure and use Metasploit's multi/handler to catch staged payloads
Practice: Linux and Windows Targets
Apply all techniques hands-on against the provided practice machines