Ctrlk

Shells

https://book.hacktricks.xyz/shells/shells/linuxbook.hacktricks.xyz
Normal Shells
https://book.hacktricks.xyz/shells/shells/full-ttysbook.hacktricks.xyz
Full TTY Shells

Bash

The classic bash-based reverse shell:

Note: If the payload doesn't work because redirection or ampersand symbols behave weird in the vulnerable application, then base64 encoding the payload often works well.

Socat TTY Shell

Do this for a full socat shell, no need to upgrade it. You need socat installed or a socat static binary for this, though.

On kali:

On the victim machine:

Once the connection is made, you probably want to increase the terminal size (run in the reverse shell on the victim machine):

Ncat

Listen to port 8001 on attacker machine:

Run ncat on the victim machine:

Note: The command is ncat, not nc or netcat. There is a difference!

Mkfifo

sh-based mkfifo reverse shell:

Upgrading Normal Shells to TTY shells

Switch From ZSH To Bash

Warning: This doesn't work if your attacking machine uses zsh!

You can temporarily switch to bash:

You can confirm you're using bash with:

Upgrade the Shell Using Python

Run this in the reverse shell to upgrade it. Don't worry if your terminal turns weird temporarily.

Upgrade the Shell Without Python

Upgrading Normal Shells to Meterpreter

Run msfconsole. Create a listener using multi/handler:

Then use one of the above reverse shells to connect to the listener. Once you have the shell, press CTRL + Z to background the shell session. It will tell you the session number. Keep that in mind.

Next:

Once the upgrade finishes, you'll be able to see your new session:

Note: There's a long-standing bug where it seems to get stuck on "Stopping exploit/multi/handler". Just press enter, it's not actually stuck.

Interact with the new session with:

PreviousPort ForwardingNextLinux Privilege Escalation

Last updated