revshell.work
For authorized testing & lab environments only.Use only on systems you own or are explicitly contracted to assess. Unauthorized access is illegal.
Catch the call-back

Listener cookbook

Always start the listener before firing the payload. The generator shows the matching listener for whatever shell you pick; this page collects the full set with the trade-offs of each.

netcat

plaintext
nc -lvnp 4444

The universal catch-all. -l listen, -v verbose, -n no DNS, -p port. Pairs with every plain-TCP payload.

ncat (TLS)

encrypted
ncat --ssl -lvnp 4444

Nmap's modern netcat. --ssl wraps the session in TLS so payloads using ncat --ssl connect cleanly.

socat (raw PTY)

interactive
socat -d -d TCP-LISTEN:4444,reuseaddr,fork FILE:`tty`,raw,echo=0

Receives a fully interactive terminal. Combine with the socat payload for tab-completion and job control.

Metasploit handler

framework
use exploit/multi/handler; set payload generic/shell_reverse_tcp; set LHOST 0.0.0.0; set LPORT 4444; run

When you want session management, routing, and post modules around the catch.

pwncat-cs

interactive
pwncat-cs -lp 4444

A listener that auto-stabilizes the shell, handles upload/download, and persists across reconnects.

Before you listen

  • Match the port to egress reality. Outbound 443 and 80 survive far more firewalls than 4444. If the target can only reach the internet on common ports, listen there.
  • Bind the right interface. On a multi-homed host or inside a VPN (e.g. an HTB tun0), confirm your LHOST is the address the target can actually route to.
  • Open the local firewall. A dropped SYN looks identical to a broken payload. Verify your own host accepts the inbound connection on the chosen port.
  • One listener per port. A stale ncstill bound to 4444 will silently swallow your next catch — confirm the port is free first.