Well, I’ll tell you.
Have a look here:
When we’re hacking a box legally (e.g., with written permission) and we’re able to upload a script that phones home back to our netcat waiting listener, revshells are what we use.
They’re written in bash, python, PHP, PERL and a ton other languages you can see on the left here.
So, if we’re (legally) attacking a web server, and we have the ability to upload scripts, we create those scripts with this site.
Now, this is a github repository and you can clone it down to your web server as such: $git clone https://github.com/0dayCTF/reverse-shell-generator.git
1. Firstly, set your IP address and listening port in the revshells app and save it in the version you need.
2. Turn on your netcat listener with #nc -nvlp 4444 (Or whichever port you’re listening on. Many prefer 443 because it’s likely permitted through the organization and will fly under the radar of sensors.
3. Upload it to the target web server
4. Then call it with a browser or a curl/wget app to cause it to be executed on the server.
5. Your netcat listener should show a node connecting. Hit enter a few times and you should be given a shell.
6. You can improve the shell to do more things by running these. (Use the python version you have.)
python3 -c “import pty; pty.spawn(‘/bin/bash’)”
python3 -c ‘import pty; pty.spawn(“/bin/bash”)’
7. Now, at least your shell won’t drop for dumb reasons. (Hopefully)
If you want to add this to your site, just git clone it, then copy it to your web directory and it be called when people browse to the site.
GM