Shells
Last updated
Last updated
The classic bash-based reverse shell:
Note: If the payload doesn't work because redirection or ampersand symbols behave weird in the vulnerable application, then base64 encoding the payload often works well.
Do this for a full socat shell, no need to upgrade it. You need socat installed or a socat static binary for this, though.
On kali:
On the victim machine:
Once the connection is made, you probably want to increase the terminal size (run in the reverse shell on the victim machine):
Listen to port 8001 on attacker machine:
Run ncat on the victim machine:
Note: The command is ncat, not nc or netcat. There is a difference!
sh-based mkfifo reverse shell:
Warning: This doesn't work if your attacking machine uses zsh!
You can temporarily switch to bash:
You can confirm you're using bash with:
Run this in the reverse shell to upgrade it. Don't worry if your terminal turns weird temporarily.
Run msfconsole. Create a listener using multi/handler:
Then use one of the above reverse shells to connect to the listener. Once you have the shell, press CTRL + Z to background the shell session. It will tell you the session number. Keep that in mind.
Next:
Once the upgrade finishes, you'll be able to see your new session:
Note: There's a long-standing bug where it seems to get stuck on "Stopping exploit/multi/handler". Just press enter, it's not actually stuck.
Interact with the new session with:
