Metasploit : Bind TCP ? Reverse TCP?

The payload is the malicious code that is sent to the target or victim computer for its execution, which generally installs a backdoor, opens a shell and so on. Installing a backdoor in simple words, means that it silently creates an entrance to the target and can directly enter without the victim’s knowledge. Generally, payloads consist of a shell code.

Now, a shell code is machine code segment, that is being used as the payload in the exploitation of software bugs on the target/victim computer. Now making this shell code to execute on the target computer, we need to keep in mind the restraints. Restraint might be the memory buffer available on the target to hold the payload. So we have different types of payload with varying sizes, carrying different types of task. Some common payloads are-

Bind TCP: Bind TCP shells bind a shell pipe to a port. Now what exactly is a shell pipe? Shell pipes are used for enhancing the power of the shell that helps in employing multiple utilities to work together. When complex tasks are to be performed using different combinations of tiny programs of utilities, these tiny programs or utilities are connected by pipes, facilitating the exchange of data among them. Now when the attacker connects to that port, he can enter whatever commands he wants to execute on the victim’s computer and get result like a regular shell (command prompt).

Reverse TCP: This is an alternate method when Bind TCP fails to work because of size restrictions, firewall restrictions, etc. I used the Reverse TCP shell to get through a system running the older Internet Explorer 6, which I presented along with the snapshots in the Metasploit post. I would like to mention here, that the Bind TCP shell in that case, didn’t work out, so I had to go for the Reverse TCP. What exactly is does, is that it attempts to connect back from the system to the supplied IP and port (Just as we have to flatter the victim to click on a link that connects to the supplied IP from the attacker and this link opens up in the most vulnerable Internet Explorer 6). So now, when the connection gets established with our system, as soon as the victim opens up so-called the malicious link, any command we enter gets piped to the victim’s computer and the result gets displayed on our screen.

There are still many shell code types, but that I wanted these to be discussed first to clarify the viewers who got through them while using Metasploit Framework. Due to the site maintenence, I have been been late in posting the topics. Sorry for the inconvenience. Stay Tuned!