I have a few questions regarding the reverse shell procedure, I tried my best to find info on the internet but a lot of people don’t go in detail on certain roles of tools, which I’d like to know:
- Why do we even use Reverse Shell Attacks in the first place?
Since we have uploaded a Shell through PHP we could in theory control the AWS service over the Injected Shell.
- What exactly is the role of nc?
I understand the thought process behind connecting to our setup local hosts, but what do we need nc actually for?
Tutorials and the Walkthrough say that it is listening to the given port the local host is hosted on and if traffic is going over this port. Is ncat then just being used to tell the attacker “Hey! Someone connected to your local host!”, or does it have more direct responsibilites/ importance then just listening and telling the host that “something has happend!”
Please excuse, this noob question, I am really trying to understand each role behind each tool to create an indepth knowledge, rather than just following tutorials blindly and applying everything without questioning it.