Starting-point - Three | Questions

HTB Content Machines
,
1

Hey!

I have a few questions regarding the reverse shell procedure, I tried my best to find info on the internet but a lot of people don’t go in detail on certain roles of tools, which I’d like to know:

  1. Why do we even use Reverse Shell Attacks in the first place?

Since we have uploaded a Shell through PHP we could in theory control the AWS service over the Injected Shell.

  1. What exactly is the role of nc?

I understand the thought process behind connecting to our setup local hosts, but what do we need nc actually for?

Tutorials and the Walkthrough say that it is listening to the given port the local host is hosted on and if traffic is going over this port. Is ncat then just being used to tell the attacker “Hey! Someone connected to your local host!”, or does it have more direct responsibilites/ importance then just listening and telling the host that “something has happend!”

Please excuse, this noob question, I am really trying to understand each role behind each tool to create an indepth knowledge, rather than just following tutorials blindly and applying everything without questioning it.

2

the only thing i could get out of nc was a connection confirmation. the walkthrough is trash, but because of this i learned alot of things. the key is aws. the walkthrough sends you way off the path. you have to modify the code supplied a bit to do it right. once you get that set up go to the site using the shell.php and use the cmd function kinda like a terminal. idk why the author said shell.php?cmd=id what you want to use is ls and cat. so cmd=ls+ and cmd=cat+. ls gives you the list of folders like in terminal and cat shows the .txt file. so you can nav to find the flag.txt with ls or use the most useful info in the walkthrough the location is “shell.php?cmd=cat+/var/www/flag.txt” i think the author was doing it backwards through the terminal when the best way is through the browser

PS. fellow noob also