Shells & Listeners Fundamentals
Premium roomLearn how to create, stabilise, and secure reverse and bind shells for penetration testing.
medium
To access material, start machines and answer questions login.
In many real-world assessments, a minor bug becomes a foothold. Imagine a file upload feature that fails to validate content type properly. You slip in a tiny script, trigger it, and suddenly have remote code execution (). But alone is not the finish line, you still need a remote shell to control, stabilise, and upgrade to enumerate, pivot and escalate privileges. This room teaches you the practical craft of catching, using and hardening shells so you can move from "code runs" to "I own this box".
A shell is a command-line environment that interacts with an operating system. On your own machine, that's a local shell (e.g., bash on Linux, cmd.exe or PowerShell on Windows). In offensive security, you aim to obtain a remote shell on a target so you can run commands there from your attacker's host. Initial shells are usually non-interactive ("half-shells"): no tab-completion, no job control, broken su/ssh, and no proper TTY. We'll fix that.
Learning Objectives
- Understand the difference between reverse and bind shells and when each is appropriate
- Use
ncandsocatto establish shells reliably - Stabilise shells into fully interactive TTYs (Python,
rlwrap, socat-PTY) - Practise everything on Linux first, then repeat key patterns on Windows
Prerequisites
- Basic Linux CLI (cd/ls/cat, file permissions, processes)
- Basic networking (IP/ports, TCP vs UDP, listening vs connecting)
Machine Access
Set up your virtual environment
The Linux target machine includes nc and socat pre-installed. You'll need to into the target with the following credentials:
Credentials
Ready to learn Cyber Security?
The Shells & Listeners Fundamentals room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in