OSCP Exam Training Program
OSCP Exam Training Program
Table of Content
• Reverse Shell Generator
• Netcat for Bignners
• Rlwrap for OSCP
• Rustcat for OSCP
• Pwncat for Read Teamers
• Windows ConPty for OSCP & Red Teamers
• Basic Connectivity
• Port Scanning
• File Transfer
• Remote Shell Access
A netcat listerner is started at port 4444 in the kali machine. Following is the command for the
netcat listener:
nc -lnvp 4444
After generating the command from reverse shell generator, the command for reverse shell is
used in the ubuntu OS.
After running the above command in the ubuntu OS, a reverse shell is obtained in the kali
machine.
Limitation: However, it is observed that after pressing the upper arrow key to reuse the
previous command the terminal does not completes the command.
After installation repeat the entire process followed in the netcat section, but for reverse
shell use the following listener command to use the rlwrap:
Advantage: Observe that the after the reverse shell is obtained, the command can be
autocompleted and reused.
Rustcat for OSCP
Rustcat, a modern reimplementation of Netcat in the Rust programming language, aims to
provide improved performance and security while retaining Netcat's functionality. Key
reasons for its adoption include:
Rustcat leverages Rust's memory safety features, reducing the likelihood of common
vulnerabilities such as buffer overflows. Its design enables concurrent connections, allowing
pentesters to handle multiple sessions efficiently. Like Netcat, Rustcat is available on multiple
platforms, ensuring compatibility across different operating systems.
Installation of Rustcat can be done using cargo, the following command can be used:
echo $SHELL
nano .zshrc
Advantage: Observe that the tab completion is enable in rcat and can be used to
autocomplete the commands.
Observe that the tab completion is enable in rcat and can be used to autocomplete the
commands.
However, it has more dynamic features such UDP (-lpu) connection and History function (-
lpH)
Pwncat for Red Teamer
Pwncat, a feature-rich netcat-like tool designed for pentesters and red teamers, offers
several enhancements over traditional Netcat:
• Interactive Shell
• Scriptable Interface
• Encrypted Communication
• Persistance
Pwncat provides an interactive shell with syntax highlighting and command completion,
improving the user experience. Pentesters can automate tasks using Pwncat's Python
scripting interface, allowing for greater flexibility and customization. It also supports
encrypted communication channels, ensuring confidentiality when interacting with
compromised systems.
Installation of pwncat can be done using pip, the following command can be used:
After installation repeat the entire process followed in the netcat section, but for reverse
shell use the following listener command to use the pwncat:
Advantage: Observe that pwncat holds a persistence by creating a file in the /tmp/ directory.
Therefore, if a connection is lost the reverse shell can still be obtained at the same port which
was previously used like a persistence
The persistence can be checked by running a rlwrap listener at the same port after
terminating the above connection.
Pwncat has a feature to create persistence on multiple ports which can be performed using
the following commands:
ConPty shell provides improved TTY functionality, allowing for a more interactive experience,
including proper handling of command line utilities like Vim and Python.
Advantage: It is more stable and compatible with modern Windows systems, providing a
reliable option for post-exploitation activities. Pentesters can utilize ConPty shell to bypass
security mechanisms by avoiding traditional detection methods.
Reverse shell generator can be used for the listener command and the reverse shell payload.
For starting the listener at port 443 in the kali machine the command can be used from the
reverse shell generator website.
Now using the reverse shell payload in the windows machine and running the command
copied from reverse shell generator.
Observe that the reverse shell is obtained at port 443 and it is a fully interactive session.
Conclusion
In conclusion, pentesters have a diverse range of listener options available, each offering
unique features and benefits. Whether it's the simplicity of Netcat, the usability
enhancements of Rlwrap, the performance and security of Rustcat, the advanced capabilities
of Pwncat, or the modern functionality of the Windows ConPty shell, selecting the right tool
depends on the specific requirements of the assessment.
By understanding the strengths and weaknesses of these tools, pentesters can effectively
establish and maintain access during security engagements.
JOIN OUR
TRAINING PROGRAMS
H ERE
CLICK BEGINNER
Network Pentest
Wireless Pentest
ADVANCED
Advanced CTF
Android Pentest Metasploit
EXPERT
Privilege Escalation
APT’s - MITRE Attack Tactics
Windows
Active Directory Attack
Linux
MSSQL Security Assessment
www.ignitetechnologies.in