How to use a reverse shell in Metasploit
The basic usage of payloads is already quite well documented in the Users Guide in Metasploit's documentation folder. However, learning how to use a reverse shell still remains the most common question in the Metasploit community. Plus, 9 times out of 10 you'd probably be using a reverse shell to get a session, so in this wiki documentation we will explain more about this.
As of now, there are 168 different reverse shells in the Metasploit Framework. We will not list all of them here, because that's just straight up spamming. But if you'd like, you can run the following command to get msfpayload to tell you:
./msfpayload -l |grep reverse
As a rule of thumb, always pick a meterpreter, because it currently provides better support of post exploitation Metasploit has to offer. For example, railgun, post modules, unique meterpreter commands (like webcam controls), etc.
In Windows, the most commonly used reverse shell is windows/meterpreter/reverse. But you can also try windows/meterpreter/reverse_http or windows/meterpreter/reverse_https, because their network traffic appear a little bit less abnormal.
In Linux, you can also try linux/x86/meterpreter/reverse_tcp, or the 64-bit one. However, just know that linux/x86/shell_reverse_tcp has been the most stable.
If you find yourself in one of the following scenarios (but not limited to), then you should consider using a reverse shell:
• The target machine is behind a different private network.
• The target machine's firewall blocks incoming connection attempts to your bindshell.
• Your payload is unable to bind to the port it wants due to whatever reason.
• You simply can't decide what to choose.
• When a reverse shell isn't needed
Generally speaking, if you can backdoor an existing service, you may not need a reverse shell. For example: if the target machine is already running a SSH server, then you can try adding a new user to it and use that.
If the target machine is running a web server that supports a server-side programming language, then you can leave a backdoor in that language. For example, many Apache servers support PHP, then you can use a PHP "web shell". IIS servers usually support ASP, or ASP.net. The Metasploit Framework offers payloads in all these languages (and many others).
Same thing for VNC, remote desktop, SMB (psexec), or other remote admin tools, etc
Watch video How to use a reverse shell in Metasploit online without registration, duration hours minute second in high quality. This video was added by user Working on Telecom 18 April 2012, don't forget to share it with your friends and acquaintances, it has been viewed on our site 1,327 once and liked it 4 people.