Reverse shells are far from a sure
thing. Depending on the firewall rules in effect for the target network, the target computer
may not be allowed to connect to the port that we specify in our shellcode, a situation
shown in Figure 9-4.
It may be possible to get around restrictive rules by configuring your shellcode to call
back to a commonly allowed outgoing port such as port 80. This may also fail, however,
if the outbound protocol (http for port 80, for example) is proxied in any way, as the
proxy server may refuse to recognize the data that is being transferred to and from the
shell as valid for the protocol in question. Another consideration if the attacker is
located behind aNATing device is that the shellcode must be configured to connect back
Chapter 9: Shellcode Strategies
199
PART III
Figure 9-3
Network layout
that facilitates
reverse
connecting
shellcode
to a port on the NAT device. The NAT device must in turn be configured to forward corresponding
traffic to the attacker??™s computer, which must be configured with its own listener
to accept the forward connection. Finally, even though a reverse shell may allow us
to bypass some firewall restrictions, system administrators may get suspicious about the
fact that they have a computer establishing outbound connections for no apparent reason,
which may lead to the discovery of our exploit.
Pages:
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389