Shells
Bash
The classic bash-based reverse shell:
Note: If the payload doesn't work because redirection or ampersand symbols behave weird in the vulnerable application, then base64 encoding the payload often works well.
Socat TTY Shell
Do this for a full socat shell, no need to upgrade it. You need socat installed or a socat static binary for this, though.
On kali:
On the victim machine:
Once the connection is made, you probably want to increase the terminal size (run in the reverse shell on the victim machine):
Ncat
Listen to port 8001 on attacker machine:
Run ncat on the victim machine:
Note: The command is ncat, not nc or netcat. There is a difference!
Mkfifo
sh-based mkfifo reverse shell:
Upgrading Normal Shells to TTY shells
Switch From ZSH To Bash
Warning: This doesn't work if your attacking machine uses zsh!
You can temporarily switch to bash:
You can confirm you're using bash with:
Upgrade the Shell Using Python
Run this in the reverse shell to upgrade it. Don't worry if your terminal turns weird temporarily.
Upgrade the Shell Without Python
Upgrading Normal Shells to Meterpreter
Run msfconsole. Create a listener using multi/handler:
Then use one of the above reverse shells to connect to the listener. Once you have the shell, press CTRL + Z to background the shell session. It will tell you the session number. Keep that in mind.
Next:
Once the upgrade finishes, you'll be able to see your new session:
Note: There's a long-standing bug where it seems to get stuck on "Stopping exploit/multi/handler". Just press enter, it's not actually stuck.
Interact with the new session with:
Last updated