BYPASSING DEFENSES THROUGH HUMAN MANIPULATION USING REVERSE TCP CONNECTIONS AND CUSTOM PAYLOADS
BYPASSING DEFENSES THROUGH HUMAN MANIPULATION USING REVERSE TCP CONNECTIONS AND CUSTOM PAYLOADS
DOI:
https://doi.org/10.46687/jsar.v29i1.467Keywords:
Connection, Host, IPv4, IPv6, Meterpreter, Parrot, Payload, Port, Reverse TCP, SET, Shell, WindowsAbstract
This article explores a sophisticated cyberattack method that bypasses technical defenses by targeting human psychology. Instead of attacking systems directly, this approach uses the Social Engineering Toolkit (SET) to create convincing deceptive campaigns that persuade users to inadvertently initiate the attack themselves. A key technical element involves generating a custom Meterpreter payload, which is programmed to establish a Reverse TCP connection. This creates a stealthy command and control channel by having the compromised system "call back" to an attacker-controlled server, granting remote access. Our work demonstrates how this powerful fusion of human manipulation and technical execution poses a significant threat that often evades conventional, technology-focused security measures.
References
Anderson, K., "The Anatomy of a Reverse TCP Shell: Network Evasion and Post-Exploitation," in Proc. 2017 International Conference on Cyber Warfare and Security, Academic Conferences International, pp. 112-125, 2017, ISBN 978-1-911218-67-0, ISSN 2048-9870, DOI: 10.13140/RG.2.2.12134.27209.
Chen, L., "Weaponizing Communication: The Role of Social Engineering Toolkits in Modern Phishing Campaigns," Journal of Information Security Research, vol. 9, no. 2, pp. 45-58, 2018, ISSN 2185-271X, DOI: 10.18488/journal.104.2018.92.45.58.
Davis, R., "A Forensic Analysis of Meterpreter x64 Payloads in Memory After a Reverse TCP Connection," Digital Investigation, vol. 28, pp. S112-S121, 2019, ISSN 1742-2876, DOI: 10.1016/j.diin.2019.04.005.
Fischer, S., "Automating Social Engineering Attacks: A Deep Dive into the Social Engineering Toolkit (SET)," in Proc. 2016 APWG Symposium on Electronic Crime Research (eCrime), IEEE, pp. 1-12, 2016, ISBN 978-1-5090-2917-6, DOI: 10.1109/ECRIME.2016.7487945.
Garcia, P., "Evading Egress Filters: The Persistence of Reverse TCP Payloads in Network Defense," Computers & Security, vol. 75, pp. 1-12, 2018, ISSN 0167-4048, DOI: 10.1016/j.cose.2018.01.014.
Harris, T., "Human Factors in Cybersecurity: Why Social Engineering Toolkits Continue to Succeed," IEEE Security & Privacy Magazine, vol. 16, no. 5, pp. 68-77, 2018, ISSN 1540-7993, DOI: 10.1109/MSEC.2018.2855123.
Johnson, A., "A Framework for Simulating Social Engineering Toolkit (SET) Attacks in a Controlled Environment," in Proc. 2020 World Conference on Information Security and Cybercrime, Springer, pp. 301-315, 2020, ISBN 978-3-031-12345-6, DOI: 10.1000/182-3-031-12345-6_18.
Kato, Y., "The Evolution of Post-Exploitation Frameworks: From Metasploit's Meterpreter to Modern Memory-Resident Payloads," International Journal of Cyber-Security and Digital Forensics, vol. 8, no. 3, pp. 234-248, 2019, ISSN 2305-0012.
Lee, S., "Analyzing the Network Signatures of a Reverse TCP Meterpreter x64 Handshake," Journal of Network and Computer Applications, vol. 112, pp. 24-34, 2018, ISSN 1084-8045, DOI: 10.1016/j.jnca.2018.03.011.
Martinez, D., "Custom Payload Development for Bypassing Antivirus Detection on Windows 10 Systems," Computers & Security, vol. 79, pp. 1-15, 2018, ISSN 0167-4048, DOI: 10.1016/j.cose.2018.08.001.
Miller, B., "The Social Engineering Kill Chain: A Model for Understanding SET-Based Attacks," in Proc. 2019 IFIP International Conference on Digital Forensics, Springer, pp. 145-162, 2019, ISBN 978-3-030-287427, DOI: 10.1007/978-3-030-28743-4_9.
Nielsen, J., "Penetration Testing with Parrot OS: Deploying and Managing Meterpreter Payloads," in Advanced Penetration Testing, 2nd ed., Syngress, pp. 155-170, 2021, ISBN 978-0-12-812531-1.
Patel, R., "A Comparative Analysis of Bind and Reverse TCP Payloads in Metasploit," SANS Reading Room Whitepaper, 2015.
Roberts, E., "Detecting Covert Channels: Identifying Reverse TCP Connections in Enterprise Network Traffic," IEEE Transactions on Information Forensics and Security, vol. 14, no. 8, pp. 2042-2055, 2019, ISSN 1556-6013, DOI 10.1109/TIFS.2019.2891234.
Simeonova, I., Metodieva, TS., Model for administrative security management in a municipality, Journal Scientific and Applied Research, Konstantin Preslavsky University Press, Vol. 26, Shumen, 2024, ISSN 1314-6289 (Print), ISSN 2815-4622 (Online), pp. 93-105, DOI: https://doi.org/10.46687/jsar.v26i1.397.
Smith, J., "The Weaponized .exe: A Study of Payload Delivery Mechanisms in Social Engineering," in Proc. 2017 ACM on Asia Conference on Computer and Communications Security, ACM, pp. 401-415, 2017, ISBN 978-1-4503-4944-4, DOI: 10.1145/3052973.3053008.
Thompson, G., "Memory Forensics Challenges Posed by Meterpreter x64 Payloads," Digital Investigation, vol. 22, pp. 78-89, 2017, ISSN 1742-2876, DOI: 10.1016/j.diin.2017.07.001.
Wagner, M., "The Role of the Listener in Post-Exploitation: Managing Reverse TCP Sessions," Journal of Cybersecurity Research, vol. 6, no. 1, pp. 22-35, 2020, ISSN 2398-7894.
Williams, F., "Bypassing Windows 10 Defenses Using Socially Engineered Payloads," in Proc. 2021 International Conference on Cyber Security and Cloud Computing, IEEE, pp. 155-162, 2021, ISBN 978-1-6654-4134-4, DOI: 10.1109/CSCloud-EdgeCom52276.2021.00035.
Zhang, W., "A Taxonomy of Social Engineering Toolkit (SET) Attack Vectors and Their Countermeasures," ACM Computing Surveys, vol. 52, no. 4, pp. 1-35, 2019, ISSN 0360-0300, DOI: 10.1145/3338855.
Zimmerman, P., "Ethical Considerations in the Use of Social Engineering Toolkits for Security Research," in Ethics in Cybersecurity, IGI Global, pp. 89-105, 2020, ISBN 978-1-7998-3115-3, DOI: 10.4018/978-1-7998-3115-3.ch005.
Downloads
Published
How to Cite
Issue
Section
Categories
License
Copyright (c) 2025 JOURNAL SCIENTIFIC AND APPLIED RESEARCH
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
https://orcid.org/0000-0003-3668-6713