Have you ever worried about someone completely taking over your computer, having access not only to steal your data but to actually run programs? Well, here's one way that might happen: a reverse shell.

In a reverse shell, the target computer executes a process -- either with a dangerous program or a secretly embedded process that you're tricked into allowing -- which connects back to an attacking computer. Once a connection is established, the attacking computer is able to navigate through directories and execute commands as if the attacker were sitting at the target's computer itself. Anything that the victim has the ability and permission to do on their computer and network, the attacker with access through the reverse shell also has that ability.

In this project, we used the Metasploit Framework (version 6) to generate a payload, tricked our hypothetical Windows user to run it with phishing, and then handled the exploit to determine system information, download and delete their files, and generally wreak havoc.