reverse_tcp和bind_tcp這兩者的執行過程可以大致理解爲以下內容:
[reverse_tcp]
attacker -> [contact me at the port 4444] -> victim
after the payload is executed
attacker <-> [port 4444] <-> victim
[bind_tcp]
attacker -> [open the way for me in the port 4444] -> victim
after execution
attacker <-> [port 4444] <-> victim
bind_tcp:攻擊機設置一個端口(LPORT),Payload在測試機執行打開該端口,以便攻擊機可以接入。
採用reverse的方法一般較爲安全,因爲是在測試機連接攻擊機,所以一般不會被防火牆發現;而bind在測試機打開端口時很容易被安全軟件和防火牆發現。
官方文檔對bind_tcp和reverse_tcp的說明:
Reverse TCP
The reverse TCP handler is provided by the Msf::Handler::ReverseTcp class. It will listen on a port for incoming connections and will make a call into handle
connection with the client sockets as they do.
Bind TCP
The bind TCP handler is provided through Msf::Handler::BindTcp. It will attempt to establish a connection to a target machine on a given port (specified in LPORT). If a connection is established, a call is made into handle connection passing along the socket
associated with the connection.
未完待補充……