![shellshock netcat reverse shell shellshock netcat reverse shell](https://i.ytimg.com/vi/W7GaVyzkCs0/maxresdefault.jpg)
#Shellshock netcat reverse shell windows#
Since it is a php based reverse shell, it is not dependant on the target platform OS in anyways and can run on windows and linux alike. Now that meterpreter is up, its time to play with the system. As soon as the script starts running, msfconsole will indicate connection and meterpreter session would come up. Its uploaded, and now can be run by opening from the browser like a normal url. Now its time to run the php script on the server. Start msfconsole and run the following commands. Once the payload is uploaded, the next thing to do is to start our listener which will catch the incoming connection offer. First we need to start the listener as shown in the next step. The above command would create a file called exploit.
![shellshock netcat reverse shell shellshock netcat reverse shell](https://www.yeahhub.com/wp-content/uploads/2018/08/pentestlab-shellshock16.png)
This is done using the msfpayload command and looks like this. So the first step is to create our payload program. Once the listener is connected, it can gets a shell which can be used to run any command limited to the user privilege on the target system. Inside Shellshock: How hackers are using it to exploit systems To brief up the basics about reverse shells remember that it has 2 components.
![shellshock netcat reverse shell shellshock netcat reverse shell](https://www.aldeid.com/w/images/e/e0/Shellshock-command-diagram-600px_v2.png)
Yes, its too big a tool for such a small task but looks cool anyway. In this example we are going to create reverse shells in php using metasploit. Netcat would run as a listener a socket server actually and the php script has to be run on the victim server so that it connects back. Creating reverse shells using php scripts is generally quite easy and can be accomplished with just a small php and a program like netcat. The most common approach is to create reverse shells. After hacking a web application or server to such an extent that you can upload files to it, the next thing to try is get a proper shell on the system.