public-mirrors/GTFOBins.github.io
1
0
Fork 0
mirror of https://github.com/GTFOBins/GTFOBins.github.io synced 2025-09-20 23:29:23 +02:00
Code Issues Projects Releases Wiki Activity

Make interactive execute whenever possible

Browse Source 
Here the trick is to restore those file descriptors (0, 1, 2) that have been
redirected (`dup2`) by the parent process.

First we need to determine which one has been redirected, for example by looking
at `ls -l /proc/$$/fd/`. Then we can use `0<&x`, `1>&x` or `2>&x` to restore 0,
1 or 2 respectively, where `x` is any file descriptor number that points to the
TTY.

It may happen that no file descriptor is unchanged, in that case we can use
`tty` to perform the redirection: sh <$(tty) >$(tty) 2>$(tty)
This commit is contained in:
Andrea Cardaci
2018-09-07 01:00:01 +02:00
parent 5b79154cf1
commit 8eaf595fe6
8 changed files with 31 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
_gtfobins/ssh.md
View File

@@ -4,7 +4,7 @@ functions:
- description: Reconnecting may help bypassing restricted shells.
code: ssh localhost $SHELL --noprofile --norc
- description: Spawn interactive shell through ProxyCommand option.
code: ssh -o ProxyCommand="/bin/bash -c 'exec 10<&0 11>&1 0<&2 1>&2; /bin/sh -i'" x
code: ssh -o ProxyCommand=';sh 0<&2 1>&2' x
upload:
- description: Send local file to a SSH server.
code: |
@@ -26,5 +26,5 @@ functions:
ssh -F $LFILE localhost
sudo-enabled:
- description: Spawn interactive root shell through ProxyCommand option.
code: sudo ssh -o ProxyCommand="/bin/bash -c 'exec 10<&0 11>&1 0<&2 1>&2; /bin/sh -i'" x
code: sudo ssh -o ProxyCommand=';sh 0<&2 1>&2' x
---