You have Remote Code Execution on a vulnerable machine, but how do you get a shell?

While hacking vulnerable machines, you’ll find neat exploits that give you a shell on the target automatically. However, most exploits merely give Remote Code Execution(RCE) which needs to be utilized to execute further commands on a target to get a shell connection. This isn’t always straight forward, and involves alot of trail and error. Testing different reverse shell payloads and trying different techniques…

In this post, I’ve documented all the techniques I’ve found in going from RCE to shell for Linux and Windows machines…


Buff is a machine that is relatively beginner friendly. This write-up is similarly geared towards beginners to Hack the Box(HTB) and Pen-testing/Ethical Hacking in general. Things like hacking phases and what a shell is will be explained more in-depth than the average HTB write-up.

This machine is also great for beginners because it employs techniques that are common in Hack the Box and other vulnerable machine platforms. Things like starting a netcat shell and a python web server is done several times, which is great practice.

Prerequisites

There are a few things you need to get started hacking something in Hack…


Netcat, Nmap, Gobuster, these are all staple tools in the ethical hacking world. If you frequent Hack the Box, Try Hack Me or any other ethical hacking lab platform, you likely use the aforementioned tools very often. What if you could upgrade those tools?

Upgrade may be a dramatic word, but the hacking tools that this article is going to go over were developed to work faster and/or better than the usual tool. Pwncat, Feroxbuster, Rustcan and Updog is what will be reviewed.

Pwncat

The upgrade for Netcat. In pen testing lab environments you’re constantly exploiting Remote Command Execution vulnerabilities and…


This guide will show you the simplest way to get a remote shell connection on a Windows 10 target just by plugging in the Bash Bunny. This connection will give you command line control over the computer from a remote location, which I’d constitute as a “hacking” a Windows computer.

This works equally as well, and probably better with a Rubber ducky (because it works faster) but I don’t own a Rubber Ducky, the Bash Bunny is just what I had on hand. …


There is a jabbing distaste for cloud storage services in the infosec community which is summed up by the quip: “the cloud is just someone else's computer”. By using cloud services like Dropbox, Google Drive, OneDrive, etc. you’re entrusting the privacy and security of your data to another company. Historically, cloud services providers have had a bit of trouble keeping hackers out of their client’s data. Not to mention, they will give up your data to the feds and you’ll never know.

Cloud services are extremely useful, but when it comes to personal storage of your private notes, documents and…


I’ll show you how to set up a Kali Linux virtual private sever(VPS) on Digital Ocean for ethical hacking, how to use a browser though your VPS, get a free domain name for your VPS, make a local backup and more!

When doing ethical hacking challenges or on pen-testing lab platforms like Hack the Box(HTB), Try Hack Me(THM) or Cyber Sec Labs(CSL), you’re likely hacking from a virtual machine. This works great but I’ve found setting up a VPS to launch my ethical hacking endeavors from has a few important benefits.

First off, you have persistence in your hacking session…


In this step by step guide, you’ll learn how to grab Windows 10 hashes then recover the password with various hash cracking techniques. The toolset included in this guide is Kali Linux, Mimikatz, Hypervisors, Hashcat and Johnny.

There are plenty of guides out there for cracking Windows hashes. However many of them are outdated because Windows is making it more difficult to recover hashes. I wish to share the method that works with a modern Windows 10 system.

This guide assumes you have physical access to a Windows 10 computer and wish to bypass the operating system password. …


In this guide, we will build an Active Directory environment in a virtualized lab and see how features can be exploited to hack Windows users. Active Directory(AD) is Microsoft’s service to manage Windows domain networks. 95% of Fortune 100 companies implement AD into their networks. If you work in IT in any way, shape, or form… you need to know how AD works.

The way you can use the same set of credentials, to log into any Windows machine within your given institution, is done though Active Directory. AD can easily span whole corporations and campus’s, acting as a “phone…


Cyber Security is such a broad topic, how could one build a single lab that encompasses all aspects of cyber security? All the vulnerabilities, malware, databases, financial systems, Intrusion detection, firewalls, encryption standards, mobile security, etc. That would take a very large garage to build. However you can gain hands on knowledge with most of these aspects of cyber security using only a single computer.

You don’t need fancy several of high-powered servers in a Faraday cage to have an effective security lab environment . With just a one computer, dozens of computers can be experimented with, all due to…


For the cheapskates and frugal among us, here are some tips and tricks on how to spend time and money wisely to pass the CompTIA Network+ Exam.

I passed Network+ N10–007 in a little less than a months time with no background in networking or fancy paid networking courses. The COVID-19 lock-down helped give me time to study. If you could find a similar situation where you have plenty of time to dedicate to studying, such as a break or vacation, that’ll help with the “quick” part.

There are tons of courses out there, asking for large sums of money…

Robert Scocca

Information Security Enthusiast https://robertscocca.com/

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store