Glossary
Plain-language definitions of SEO terms used across the blog.
- Bind Shell
- A shell session in which the target host listens on a port and the attacker connects inbound — the inverse of a reverse shell, and usually blocked by firewalls and NAT.
- LHOST
- The listening host — the IP address or hostname the target connects back to in a reverse shell payload.
- Listener
- The program the tester runs to receive an incoming reverse shell connection, commonly netcat, ncat, or socat.
- LPORT
- The listening port — the TCP port the target connects back to in a reverse shell payload.
- Payload
- The command or code run on the target that opens the reverse shell — e.g. a bash, python, php, or PowerShell one-liner.
- Reverse Shell Generator
- A tool that produces ready-to-use reverse shell payloads for a chosen shell and platform, pre-filled with LHOST/LPORT and paired with the matching listener.
- Reverse Shell
- A shell session in which the target host connects outbound to an attacker-controlled listener, rather than the attacker connecting in — the standard post-exploitation primitive in authorized testing.
- TTY (Pseudo-Terminal)
- A terminal interface; upgrading a raw reverse shell to a full TTY restores job control, tab completion, and interactive programs like sudo and vi.
- /dev/tcp
- A bash built-in pseudo-device path that opens a TCP connection — the basis of the classic bash reverse shell, and absent from /bin/sh (dash).
- LFI (Local File Inclusion)
- A web vulnerability where an application includes attacker-influenced local file paths; can escalate to code execution and a reverse shell.
- Meterpreter
- Metasploit's advanced, in-memory payload offering an interactive command set beyond a raw shell; a staged payload that requires a Metasploit handler.
- Ncat
- The modern netcat replacement shipped with Nmap, adding TLS (--ssl) and a kept --exec flag — useful for encrypted reverse shells.
- Netcat (nc)
- The general-purpose TCP/UDP utility commonly used as the listener that catches a reverse shell, and sometimes as the payload itself.
- Socat
- A multipurpose relay that can allocate a pseudo-terminal and use TLS, giving a fully interactive reverse shell without a manual TTY upgrade.
- Staged Payload
- A payload split into a small stager that connects back and downloads the larger second stage; requires a handler rather than a plain listener.
- Webshell
- A script left on a web server that runs commands sent over HTTP and returns the output — a persistent foothold that needs no outbound connection.