

Reverse Shell Cheat Sheet - Cieplak
http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet

======
gwu78
"... wrong version of netcat"

There's only one true netcat. Although there was at least one revision of the
original by the author to add some minor fixes and the hexdump feature, as I
remember it, the "doexec()" or "-e" feature was in all versions. But I could
be wrong as I did not start using the program before he had already revised it
once. Any HN readers out there who were using netcat from the beginning?

To enable doexec() you need to define an aptly-named macro called
"GAPING_SECURITY_HOLE". Original netcat does not have -e by default.

IMO, netcat is a beautiful, elegant example of useful code, fitting in a
single source file, well-commented, with a good sense of humor, and able to
compile with almost no modification on all varieties of UNIX from the mid
1990's to today. That ability to compile quickly and smoothly, year after
year, is what puts netcat among my favorite programs.

I cannot say the same for most of the netcat imitations that followed the
original, which are usually loaded with needless additional "features" not to
mention less portable.

------
rlx0x
I would recommend socat it supports IPv6 and SSL for reverse shells.

------
malkia
What is a reverse shell?

~~~
DaCapoo
Typically, when you open a secure shell (SSH) connection your client is
connecting to a SSH server running on the target machine. A reverse shell
occurs when the server initiates a connection with a client that is listening
- for example, you have access to a shell to run commands on a target computer
(usually through a command injection vulnerability in a website). This means
you don't have a full shell - just the ability to run arbitrary commands.

You open a reverse shell which instructs your target computer which is running
a SSH server to connect to your client, which allows you to now have a full
featured shell at your hands.

------
vampirechicken
A pen testing article that advocates using xhost?

