Open BigNerd95 opened 5 years ago
I had some issues using netcat (from the command injection) to stage binaries (it was writing the first 1kb and then exiting), and it seemed to me that using echo over the command-injection would take too long (in other exploits where I do this it takes ~5 mins to stage the "tsh" payload I usually used). Maybe having the echo loader stage a small binary that calls out and downloads a full payload...
Will revisit it though, would be nice to have a fully working reverse shell instead of spawning telnetd :)
Reverse shell
What about a command like this to implement the reverse shell ?
Maybe replacing telnet with nc as used here https://github.com/BigNerd95/Chimay-Red#reverse-shell
Upload files
Then to upload a more complete busybox you can use a command like this (in combination with reverse shell)
as used here https://github.com/BigNerd95/Chimay-Red#upload-binaries This will split the busybox in chunk of 1024 bytes and will write them as octal number with echo command Example:
Or i think you can also upload files using nc directly
On PC:
On device:
(I don't have a cisco so i cannot try sorry)