Shell Cheat Sheet

What is a Reverse Shell?

A reverse shell is a kind of shell in which the target machine communicates back to the attacking machine. The attacking machine has an open listener port on which it receives the connection, by which code execution or command execution can be achieved.

A reverse shell or a connect-back shell is the only way to gain remote shell access across a NAT or firewall. When an attacker wants a remote shell, a machine controlled by him will connect to a remote host and requests for a shell session, and this is called a bind shell.

But what if the remote machine is not directly accessible. It can be many reasons for that. Let’s assume that the remote host has not a public IP address or it is protected by any type of firewall that blocks incoming connection using a firewall. In that situation, a reverse shell can be used, where the target machine initiates or creates an outgoing connection to a listening attacker host and sends the shell session to the attacker machine.

Rlwrap will enhance the shell, allowing you to clear the screen with CTRL + L. 0.1 4242 rlwrap - r -f. Will make rlwrap use the current history file as a completion word list. SYSTEM INFORMATION. # Display Linux system information uname -a # Display kernel release.

Here I include a reverse shell cheat sheet that contains many reverse shells for different methods or different programming languages like, PHP reverse shell, Netcat reverse shell, Python reverse shell, etc. This will help to run an appropriate payload on target from detected available software or binaries.

Here we used follwing IP address and Port for demo perpose,

IP address: 192.168.1.2
Port: 4545

Bash Reverse shell

KORN SHELL PROGRAMMING CHEAT SHEET Special Characters Metacharacters have special meaning to the shell unless quoted (by preceding it with a or enclosing it in ` `) Inside double quotes “ “ parameter and command substitution occur and quotes characters `”$.
This cheatcheat will help you to improve your skills in bash, There are 2 columns, the left one is the command in parenthesis ex (C-j) = Ctrl + j and the right one will do a simple description. The Notes Section could help to resolve some problems or include features into your Terminal.

Python Reverse Shell

Netcat Reverse Shell

PHP Reverse Shell

Perl Reverse Shell

Ruby Reverse Shell

Shell Script Cheat Sheet

Java Reverse Shell

Java Code:

Power-Shell Reverse Shell

AWK Reverse Shell

Socat Reverse Shell

On Attacker Machine(Listener):

On Vitim Machine:

xTerm Reverse Shell

NODE.JS Reverse Shell

TELNET Reverse Shell

Shell Escapes Cheatsheet

For when you forget or don't know how to take advantage of an eval() statement or spawn a shell in a specific language or escape some common programs.

Python

Simple inline execution of commands, without semicolons:

Alternatively, using subprocess:

Executing from shell, using complete import:

Perl

From repl:

From shell:

Ruby

From repl:

From shell:

Lua

From repl:

From shell:

Awk

Trying desperately to escape a restricted shell? Refer to the guide at https://fireshellsecurity.team/restricted-linux-shell-escaping-techniques/

Escaping `more`

This can be anywhere from some script being printed as an MOTD before disconnecting you during an SSH session, to something more subtle like a paged viewer being run with elevated privileges.

Forcing `systemctl`, `man`, etc, to display with `more`

If you set the $SYSTEMD_PAGER or $PAGER env variable to more, when paged data is printed in a terminal, you can shrink your terminal to force more to show you only a portion of text rather than all text, letting you escape to shell with :!sh.

Spawning a shell with Nmap