| #e#
===netpipe=== [root@security-lab1 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:13:72:4F:11:45 inet addr:10.0.64.36 Bcast:10.0.64.255 Mask:255.255.255.0 inet6 addr: fe80::213:72ff:fe4f:1145/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:6299748 errors:0 dropped:0 overruns:0 frame:0 TX packets:1015669 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:666609648 (635.7 MiB) TX bytes:763775653 (728.3 MiB) Base address:0xecc0 Memory:fe6e0000-fe700000 [root@security-lab1 ~]# uname -a Linux security-lab1 2.6.9-22.ELsmp #1 SMP Mon Sep 19 18:32:14 EDT 2005 i686 i686 i386 GNU/Linux [root@security-lab1 ~]# cat /etc/issue Red Hat Enterprise Linux AS release 4 (Nahant Update 2) Kernel \r on an \m [root@security-lab1 ~]# ./np2 -a 10.0.77.15 -l 3000 -r 2200 Options and their values: Listen: 3000 Host: 10.0.77.15 ======>在远程linux上启动netpipe D:\exploit>ipconfig Windows IP Configuration Ethernet adapter 本地连接: Connection-specific DNS Suffix . : IP Address. . . . . . . . . . . . : 10.0.77.15 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.0.77.250 Ethernet adapter {3EC117C6-8AD8-4BBB-9BC2-0423602E2B93}: Media State . . . . . . . . . . . : Media disconnected D:\exploit>nc -vv -n -l -p 2200 listening on [any] 2200 ... =====》在本地10。0。77。15上监听2200端口 此时,如果连接远程linux的3000端口,将重定向到本地win的2200端口 Microsoft Windows XP [版本 5.1.2600] (C) 版权所有 1985-2001 Microsoft Corp. D:\exploit>nc -vv -n 10.0.64.36 3000 =====>连接远程linux的3000端口,输入test (UNKNOWN) [10.0.64.36] 3000 (?) open test --------------- D:\exploit>nc -vv -n -l -p 2200 =====》在本地2200端口得到来自linux的连接,并接收到test listening on [any] 2200 ... connect to [10.0.77.15] from (UNKNOWN) [10.0.64.36] 49341 test =====>这是本地监听端口2200接收到了来自远程linux的连接 client ----visit--------> linux 10.0.64.36:3000 -------send-------> win 10.0.77.15:2200 +++++++++++++++++++++++++++++++++++++++++ (责任编辑:admin) |
