Metasploit for Pentester: Windows Hidden Bind Shell

In this article, we are going to cover the tactics of Hidden BIND TCP shellcode. Every organization has multiple scanning tools to scan their network and to identify the new or unidentified open ports. In this type of environment, it’s very difficult to hide the suspicious bind shellcode and remains unnoticed from the reach of their scanning tools.

But how can we sit idle without the set of a new idea? We are here with the concept of Hidden Bind TCP shell, this shellcode listens to the connection only from the allowed IP address of the host (I.e Ahost), and for other connections, it replies with an RST packet, (A reset packet is simply one with no payload and with the RST bit set in the TCP header flags). This is the way the port will appear as “closed” and help us to hide the shellcode.

Pre-requisites for Lap Set up

Kali Linux(Pentester’s Machine)
Window 10 (Victim’s Machine)
Zenmap Tool

Let’s Begin!!

Using the msfvenom, we are going to create a payload for windows by shell_hidden_bind_tcp and will save it in the exe format name as file.exe, now we will send the file on the victim’s PC and execute that malicious file.exe on the victim’s system. it will open a new service on the…