If this is the case, itmay be
useful to have a payload that provides a simple file upload facility. When combined with
the code to execute a single command, this provides the capability to upload a binary to
a target system, then execute that binary. File uploading code is fairly straightforward
and involves the following steps:
1. Open a new file.
2. Read data from a network connection and write that data to the new file. In this
case, the network connection would be obtained using the port binding, reverse
connection, or find socket techniques described previously.
3. Repeat step 2 as long as there is more data; then close the file.
The ability to upload an arbitrary file to the target machine is roughly equivalent to
invoking the wget command on the target in order to download a specific file.
NOTE The wget utility is a simple command-line utility capable of
downloading the contents of files by specifying the URL of the file to be
downloaded.
In fact, as long as wget happens to be present on a target system, we could use command
execution to invoke wget and accomplish essentially the same thing as a file
upload code could accomplish. The only difference is that we would need to place the
file to be uploaded on a web server that could be reached from the target computer.
Pages:
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393