TX packets:1015669 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:666609648 (635.7 MiB) TX bytes:763775653 (728.3 MiB)
Base address:0xecc0 Memory:fe6e0000-fe700000
[root@security-lab1 ~]# uname -a
Linux security-lab1 2.6.9-22.ELsmp #1 SMP Mon Sep 19 18:32:14 EDT 2005 i686 i686 i386 GNU/Linux
[root@security-lab1 ~]# cat /etc/issue
Red Hat Enterprise Linux AS release 4 (Nahant Update 2)
Kernel \r on an \m
[root@security-lab1 ~]# ./np2 -a 10.0.77.15 -l 3000 -r 2200
Options and their values:
Listen: 3000
Host: 10.0.77.15
======>在遠程linux上啟動netpipe
D:\exploit>ipconfig
Windows IP Configuration
Ethernet adapter 本地連接:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 10.0.77.15
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.77.250
Ethernet adapter {3EC117C6-8AD8-4BBB-9BC2-0423602E2B93}:
Media State . . . . . . . . . . . : Media disconnected
D:\exploit>nc -vv -n -l -p 2200
listening on [any] 2200 ...
=====》在本地10。0。77。15上監聽2200端口
此時,如果連接遠程linux的3000端口,將重定向到本地win的2200端口
Microsoft Windows XP [版本 5.1.2600]
(C) 版權所有 1985-2001 Microsoft Corp.
D:\exploit>nc -vv -n 10.0.64.36 3000 =====>連接遠程linux的3000端口,輸入test
(UNKNOWN) [10.0.64.36] 3000 (?) open
test
---------------
D:\exploit>nc -vv -n -l -p 2200 =====》在本地2200端口得到來自linux的連接,並接收到test