Reverse Shell
Caveats
Port choice
Use any open port from nmap scan.
For HTB/THM, you can assume port 443 works for reverse shell.
Staged vs. non-staged payloads
Try staged payloads first.
If it does not work, try non-staged payloads.
PHP Reverse Shell
Kali linux comes with this built-in PHP reverse shell:
Change $ip
and $port
before using it:
For convenience, edit ~/.zshrc
(or ~/.bashrc
) and create an alias for copying this payload to current working directory:
One-Liners
Bash
Python
Netcat
Msfvenom
Linux
Windows
WAR
Fully Interactive TTY Shell
Step 1 is sufficient in most scenarios. If you plan to use things like Vim for privesc, then you need to complete all steps.
Step 1: upgrade to TTY shell
In the remote shell, upgrade the shell to TTY:
Step 2: export terminal environmental variables
In your local shell, check the environmental variable $TERM
:
In the remote shell, export the environmental variables $TERM
and $SHELL
:
Step 3: set up terminal size
In your local shell, check terminal rows and columns:
In the remote shell, press ctrl+z to bring the current session to background:
Now you are brought back to the local shell. Bring the reverse shell to foreground:
Adjust the terminal size:
Reference
Last updated