Reverse Shell Cheat Sheet Logo

Reverse Shell Cheat Sheet

0
Free
Visit Website

If you're lucky enough to find a command execution vulnerability during a penetration test, pretty soon afterwards you'll probably want an interactive shell. If it's not possible to add a new account / SSH key / .rhosts file and just log in, your next step is likely to be either throwing back a reverse shell or binding a shell to a TCP port. This page deals with the former. Your options for creating a reverse shell are limited by the scripting languages installed on the target system – though you could probably upload a binary program too if you're suitably well prepared. The examples shown are tailored to Unix-like systems. Some of the examples below should also work on Windows if you use substitute "/bin/sh -i" with "cmd.exe". Each of the methods below is aimed to be a one-liner that you can copy/paste. As such they're quite short lines, but not very readable.

FEATURES

ALTERNATIVES

RedWarden is a Cobalt Strike C2 Reverse proxy that evades detection by Blue Teams, AVs, EDRs, and scanners through packet inspection and malleable profile correlation.

Parrot Security OS is a comprehensive, secure, and customizable operating system for cybersecurity professionals, offering over 600+ tools and utilities for red and blue team operations.

A wargaming network for penetration testers to practice their skills in a realistic environment.

A PoC tool for generating Excel files with embedded macros without using Excel.

A specification/framework for extending default C2 communication channels in Cobalt Strike

FOCA is a tool used to find metadata and hidden information in scanned documents, with capabilities to analyze various file types and extract EXIF information.

A penetration testing tool for intercepting SSH connections and logging plaintext passwords.

Charlotte is an undetected C++ shellcode launcher for executing shellcode with stealth.

PINNED