Thebinarybot’s Guide to Shells ❤
whoami
Hello, this is Nithin here. I’m a security researcher/enthusiast and I go by the handle @thebinarybot at most of the places online.
cat whatsthisarticleabout.txt
“I’m in” is a classic dialogue used in almost most of the techno-geek or hacker-ish films to describe that they have “hacked” into a system. But what does it actually mean? What did the hero get into?
Learn about what a shell, terminal emulator, the anatomy of a shell and a lot more in this blog.
Introduction
Most of the times, when the said “hacker” utters words such as “I’m in”, “We’re in the game”, “System Hacked” in movies, you would immediate see a panel with gibberish words written in it.
Something like the below image for example.
As a child, anything that was written in block letters and displayed in a font as shown above immediately caught my attention. I used to think hacking was all about typing some commands and “getting in” to a system. But that is definitely no it.
Cutting back to the topic, the above image you see is precisely what a shell is. It is not a hack, nor is it a technique or a super complex technical stuff that you cannot understand.
In simple terms, a shell is nothing but merely a computer program that provides the user with an interface to input instructions into the system and view text output. These inputs are said to be command-line inputs as they do not have a graphical interface and require you to type words, quite literally.
But as depicted accurately in films, for a penetration tester or a hacker, a shell is often the end result you see after successfully exploiting a vulnerability to gain interactive access to the target system.
So, in a way, a shell gives the hacker a direct access to the target operating system, thereby allowing them to run harmful commands, view the filesystem, modify data and much more.
Terminal Emulator
Every operating system such as Windows, Linux and MacOS has a shell and to interact with the system’s shell we use an application called as the Terminal or Terminal Emulator.
Few noteworthy Terminal Enumerators for popular operating systems include:
Windows Terminal — Windows
GNOME, MATE Terminal — Linux
Terminal, iTerm2 — MacOS
There are many more terminals available out there and in fact it is possible to install a terminal emulator on different operating systems if it’s open-sourced and supports the platform. However, these are merely personal preferences.
CLI — Command Language Interpreter
A Command Language Interpreter (CLI) is a software program that interprets and executes commands entered by a user or provided by scripts. These commands typically interact with the operating system or perform various tasks.
Hence, every time we talk about command-line interfaces we should understand that it’s a combination of the OS, terminal emulator application and the command language interpreter.
There are many command language interpreters, also often called as shell scripting languages or command scripting languages.
Shell Variants
As we understood that shell is merely a computer program which passes messages to the system, we should also understand there are many variants and types of this program. One should not confuse these types with that of the types of terminal emulators available. Both are different.
But how are they different? What is the difference between a terminal emulator and a shell?
To rephrase, a terminal emulator is merely a software application that emulates a video terminal within another display architecture. It allows users to interact with the system’s shell or command-line interface in a graphical environment. Essentially, it provides the window or interface where you type and execute commands.
However, a shell is a command-line interpreter that provides a user interface for accessing the operating system’s services. It interprets and executes the commands entered by the user or read from a script. The shell is responsible for running commands, managing processes, and providing programming constructs like loops and conditionals.
Now, coming back to the different types of shells — we should understand that these different types of shells are not simply graphically different as that of terminal emulator and they carry actual different in properties, functions and features. Here’s a couple of them:
- The Bourne Shell (sh): Bourne Shell is regarded as the first UNIX shell ever. sh is super compact and also had a huge speed of operation. Moreover, scripts written for Bourne shell are portable across Unix-like systems. However, It doesn’t have in-built functionality to handle logical and arithmetic operations. Furthermore, the Bourne shell cannot recall previously used commands.
- The GNU Bourne-Again Shell (bash): bash is an enhanced version of sh, as the name suggests, with more features incorporated from other shells such as csh, ksh etc. For example, bash allows us to automatically recall previously used commands and edit them with help of arrow keys. This is not possible in sh. However, as it has these extra features it is slightly more resource-intensive than simpler shells.
- Z Shell (zsh): zsh is a modern shell used by many professionals today. It is known for its robust interactive features, scripting capabilities, and extensive customization options. With zsh, you can have customized themes, enable auto-completion, do globbing and much more.
Now let us see how to identify the terminal and shell/command language interpreter we have practically.
Although there are many ways to do this, you can easily figure out what shell you are running using the command echo $SHELL and what terminal emulator you have using echo $TERM.
Types of Shells
As discussed earlier, as penetration tester or an ethical hacker you have compromised a system to it’s fullest if you’re able to interact with it remotely — thereby accessing the shell.
To do this, there are different ways. For example, you can connect to a compromised system through network protocols like SSH or WinRM which allows remote login. But these usually require credentials.
To get a remote shell without having credentials is quite hard but still possible. This method is known as remote code execution. To achieve this, we must first learn the different type of shells:
- Reverse Shell: A reverse shell is a type of shell where the target machine initiates the connection to the attacker’s machine. This is a commonly used attack technique to bypass firewall rules and network address translation (NAT) that might block incoming connections but allow outgoing connections. This is one of the most quickest and easiest method to obtain control over a compromised host.
- Bind Shell: A bind shell is a type of shell that listens on a specific port on the target machine, waiting for an incoming connection from the attacker’s machine. Once the connection is made, the attacker gains control over the target system. Unlike a reverse shell which connects to us (attacker machine), we intend to connect to the target machine machine’s listening port.
To understand more about the workings of Reverse/Bind Shell, the commands used to establish these shells across different OS variants, I strongly urge you to checkout my guide: https://thebinarybot.gumroad.com/l/shellsexplained
The entire guide contains much more information as compared to this blog. You will also get to learn more about tools used to setup shells, how to stabilize shells and also learn about additional shell types such as web shells. All of this knowledge is for just $2.
Support
I have been creating content related to Cybersecurity/Bug Bounty Hunting for a while now. Although not necessary, it would mean the world to me if you decide to support me by buying me a book here.
This would not just help me but also the community as I will be able to create more quality content the more I read.
Kindly share this post with your friends who could benefit and please clap too!
Contact
Twitter: https://x.com/thebinarybot
Discord: thebinarybot
Cheers 🍻
