.,:: .: .,,. ... :::::::.. .,-:::::; ,;;, `;;;, .,;;,;;'`';, ,;;, .;;;;;;;. ;;;;``;;;; ,;;-'````' ,[' [n '[[,,[[' [[, _,[[,[' [n ,[[ \[[,[[[,/[[[' [[[ [[[[[[[| $$ $$ Y$$$P Y$$P"$$$$ $$ $$$, $$$$$$$$$c "$$c. "$$ Y8, ,8" oP"``"Yo, ,,_,d8"Y8, ,8" "888,_ _,88P888b "88bo,`Y8bo,,,o88o "YmmP,m" "Mm, "MP" "YmmP (O) "YMMMMMP" MMMM "W/ `'YMUP"YMM ========================================================================= ------------------------------------------------------------------------- HSH-Gen: The HTTP Shell Generator by nummish ------------------------------------------------------------------------- ========================================================================= This package should contain the following files: o This READ.ME file o hsh-gen.pl HSH-Gen is a script generating script. The purpose of this tool is to alleviate some of the annoyances of feeding commands through URL strings in a browser. I got sick of it, and it didn't make sense to be running shell commands in a browser when I could be running them in a shell. Directions: Once you've found a suitable web based target (that's right, this won't find it for you slacker) run the perl script. The URL Prefix is the first half of the url before the commands you intend to inject. It would probably be helpful to include any directory traversing characters here, to save the effort of typing them out later. The URL Suffix is whatever would come after the commands you intend to inject. From my experiences, it tends to just be the pipe character (|). The connection style lets you choose either wget or a BSD style ftp that supports http as your method to connect to the server. If you aren't sure which one to choose, you've come to that point in the READ.ME file that I tell you to shut off your computer and delete this script... go to it. The filter evasion technique was the driving force behind the writing of this tool. Every so often, you come across some joker who decided that they could defeat attacks by parsing out a few special characters. If they did not filter out the backslash (\) character, then you're luck. The filter evasion technique basically takes all the special characters you identify and tosses them into a runtime perl string. It's simplistic, but it works fairly well. Note: perl must be installed on the target host, or this section does no good. From here, you generate the hsh.sh script. Example usage of the sh script follows: ./hsh.sh /bin/ls -l ./hsh.sh /bin/cat /etc/passwd Pretty simple? I thought so. Hopefully you find this useful. - nummish